OS X base address of a process menu
Follow us:

Shout-Out

User Tag List

Results 1 to 5 of 5
  1. 02-21-2014 #1
    frezy's Avatar
    frezy
    frezy is offline
    Member
    Reputation
    -4
    Join Date
    Feb 2014
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    OS X base address of a process

    Hey,

    Does anybody know how to get the base address on a osx based machine?

    I tried out the following way without success.

    Getting process base address in Mac OSX - Stack Overflow

    Does somebody know another way to get the base address from a process?

    Thanks,
    Frezy
    Reply With Quote Reply With Quote
    OS X base address of a process
  2. 02-22-2014 #2
    xalcon's Avatar
    xalcon
    xalcon is offline
    Contributor ふたなり
    Authenticator enabled
    Reputation
    198
    Join Date
    Oct 2008
    Posts
    291
    Thanks G/R
    20/58
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Well, I dont have a Mac so I dont know how accurate or up to date this info is, but I would try using the 'dyld_all_image_infos' struct which should be accessable by including dyld_images.h and iterate through its infoArray.
    "Threads should always commit suicide - they should never be murdered" - DirectX SDK
    Reply With Quote Reply With Quote
  3. 02-22-2014 #3
    NOCARRIER's Avatar
    NOCARRIER
    NOCARRIER is offline
    Contributor
    Reputation
    92
    Join Date
    Feb 2014
    Posts
    110
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I didn't author this code, but it should give you an idea what you want to do:

    Code:
    #include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>

int main() {

   kern_return_t kern_return;
   mach_port_t task;

   int pid = 0;
   printf"Enter PID to look-up: ");
   scanf("%d", &pid);

   // Need to run this program as root (i.e. sudo) in order for this to work
   kern_return = task_for_pid(mach_task_self(), pid, &task);
   if (kern_return != KERN_SUCCESS)
   {
      printf("task_for_pid() failed, error %d - %s\n", kern_return, mach_error_string(kern_return));
      exit(1);
   }

   kern_return_t kret;
   vm_region_basic_info_data_t info;
   vm_size_t size;
   mach_port_t object_name;
   mach_msg_type_number_t count;
   vm_address_t firstRegionBegin;
   vm_address_t lastRegionEnd;
   vm_size_t fullSize;
   count = VM_REGION_BASIC_INFO_COUNT_64;
   mach_vm_address_t address = 1;
   int regionCount = 0;
   int flag = 0;
   while (flag == 0)
   {
      //Attempts to get the region info for given task
      kret = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t) &info, &count, &object_name);
      if (kret == KERN_SUCCESS)
      {
         if (regionCount == 0)
         {
            firstRegionBegin = address;
            regionCount += 1;
         }
         fullSize += size;
         address += size;
      }
      else
         flag = 1;
   }
   lastRegionEnd = address;
   printf("Base Address: %lu\n",firstRegionBegin);
   printf("lastRegionEnd: %lu\n",lastRegionEnd);
   printf("fullSize: %lu\n",fullSize);

   return 0;
}
    Reply With Quote Reply With Quote
  4. 03-25-2014 #4
    snakeninny's Avatar
    snakeninny
    snakeninny is offline
    Private
    Reputation
    1
    Join Date
    Mar 2014
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by NOCARRIER View Post
    I didn't author this code, but it should give you an idea what you want to do:

    Code:
    #include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>

int main() {

   kern_return_t kern_return;
   mach_port_t task;

   int pid = 0;
   printf"Enter PID to look-up: ");
   scanf("%d", &pid);

   // Need to run this program as root (i.e. sudo) in order for this to work
   kern_return = task_for_pid(mach_task_self(), pid, &task);
   if (kern_return != KERN_SUCCESS)
   {
      printf("task_for_pid() failed, error %d - %s\n", kern_return, mach_error_string(kern_return));
      exit(1);
   }

   kern_return_t kret;
   vm_region_basic_info_data_t info;
   vm_size_t size;
   mach_port_t object_name;
   mach_msg_type_number_t count;
   vm_address_t firstRegionBegin;
   vm_address_t lastRegionEnd;
   vm_size_t fullSize;
   count = VM_REGION_BASIC_INFO_COUNT_64;
   mach_vm_address_t address = 1;
   int regionCount = 0;
   int flag = 0;
   while (flag == 0)
   {
      //Attempts to get the region info for given task
      kret = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t) &info, &count, &object_name);
      if (kret == KERN_SUCCESS)
      {
         if (regionCount == 0)
         {
            firstRegionBegin = address;
            regionCount += 1;
         }
         fullSize += size;
         address += size;
      }
      else
         flag = 1;
   }
   lastRegionEnd = address;
   printf("Base Address: %lu\n",firstRegionBegin);
   printf("lastRegionEnd: %lu\n",lastRegionEnd);
   printf("fullSize: %lu\n",fullSize);

   return 0;
}

    This code snippet works fine on my OSX 10.9, but I can't quite understand the output: the base address here is the dynamic base address of the target process, and in my point of view, fullSize should be the binary size, lastRegionEnd should be the ending address of the target process, right? But When I tried this snippet on some processes, the base address is right what I've thought, lastRegionEnd and fullSize was not equal to what I've thought. Any ideas?
    Reply With Quote Reply With Quote
  5. 03-25-2014 #5
    JuJuBoSc's Avatar
    JuJuBoSc
    JuJuBoSc is offline
    Banned for scamming CoreCoins Purchaser
    Reputation
    1019
    Join Date
    May 2007
    Posts
    922
    Thanks G/R
    1/3
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have no idea about how OSX work, but I guess it's the allocated memory region (using alloc() or sh*t like that).
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Problem getting base address / pointer read
    By wootpeng in forum Diablo 3 Memory Editing
    Replies: 8
    Last Post: 07-06-2012, 05:33 PM
  2. Player base address and offsets
    By Require in forum WoW Memory Editing
    Replies: 3
    Last Post: 01-02-2012, 06:00 AM
  3. Finding offsets & base addresses for _private_ servers?
    By abraziv in forum WoW Memory Editing
    Replies: 6
    Last Post: 01-13-2011, 03:55 PM
  4. [Question] Finding the Player Base Address in C++
    By l0l1dk in forum WoW Memory Editing
    Replies: 29
    Last Post: 12-16-2010, 07:38 AM
  5. [Question] PBA(Player Base Address)
    By hestas in forum WoW Memory Editing
    Replies: 6
    Last Post: 10-23-2009, 06:50 AM
All times are GMT -5. The time now is 02:03 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search