Created
January 23, 2022 06:24
-
-
Save blluv/8696c683d09889fc05d891a676e0b04a to your computer and use it in GitHub Desktop.
osx memory read
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/n1nj4sec/memorpy/blob/master/memorpy/OSXProcess.py | |
| import ctypes | |
| import ctypes.util | |
| ctypes.cdll.LoadLibrary('/usr/lib/libc.dylib') | |
| libc = ctypes.CDLL('/usr/lib/libc.dylib') | |
| class MemoryOSX(): | |
| def __init__(self, pid): | |
| self.task = ctypes.c_uint32() | |
| self.mytask = libc.mach_task_self() | |
| ret = libc.task_for_pid(self.mytask, ctypes.c_int(pid), ctypes.pointer(self.task)) | |
| if ret != 0: | |
| raise Exception("task_for_pid error: %s"%ret) | |
| def read_bytes(self, address, bytes): | |
| pdata = ctypes.c_void_p(0) | |
| data_n = ctypes.c_uint32(0) | |
| ret = libc.mach_vm_read(self.task, ctypes.c_ulonglong(address), ctypes.c_longlong(bytes), ctypes.pointer(pdata), ctypes.pointer(data_n)) | |
| if ret != 0: | |
| raise Exception("mach_vm_read error : %s"%ret) | |
| buf = ctypes.string_at(pdata.value, data_n.value) | |
| libc.vm_deallocate(self.mytask, pdata, data_n) | |
| return buf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment