osx-mem-hack/mem.cpp at master · push0ebp/osx-mem-hack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#include "vm_mem.hpp"

#include <iostream>
#include <memory>
#include <unistd.h>

using namespace std;

int main(int argc, char *argv[])
{
  const int offset = 0x28;
  if(argc < 2)
  {
    cout << "Usage : ./mem <process name>" << endl;
    exit(-1);
  }
  if(getuid() && geteuid())
  {
    cout << "permission denied, please root." << endl;
    exit(-1); //
  }

  cout << "process : " << argv[1] << endl;
  Process *process = new Process();
  kern_return_t kret = process->Open(argv[1]);

  pid_t pid = process->get_pid();
  cout << "pid : " << pid << endl;

  if(pid != -1)
  {
    if(kret != KERN_SUCCESS)
    {
        cout << "open error, please check root." << endl;
    }
    else
    {
      cout << "opened process." << endl;
    }
  }
  else
  {
    cout << "process not found." << endl;
    exit(-1);
  }

  uint64_t base = process->get_base_address();
  cout << "base address : 0x" << hex << base << endl;

  char buffer[11] = {0};
  char value[11] = "__PUSH0EBP";
  uint64_t addr = base + offset;

  cout << "read/write to 0x" << hex << base << endl;
  uint32_t magic = process->Read<uint32_t>(base);
  uint32_t magic_value = 0xdeadbeef;
  cout << "magic 0x" << hex << magic << endl;
  cout << "write 0x" << magic_value << endl;
  process->Write<uint32_t>(base, magic_value);
  magic = process->Read<uint32_t>(base);
  cout << "magic 0x" << hex << magic << endl;

  cout << "read/write to 0x" << hex << addr << endl;
  process->Read(addr, buffer, sizeof(buffer));
  cout << "read " << buffer << endl;

  process->Write(addr, value, sizeof(value));
  cout << "write \"" << value << "\"" << endl;
  memset(buffer, 0, sizeof(buffer));
  process->Read( addr, buffer, sizeof(buffer));
  cout << "read " << buffer << endl;

  return 0;
}