How would I go about editing the memory of other applications using Cocoa? I know the editing has to be done as root, but how would I do it in the first place?
+1
A:
Ptrace is the usual mechanism to do this (and has little/nothing to do with cocoa itself -- it's a unix api, man ptrace). Once you attach to a process, and the process is stopped, you can do things like read and write from the childs instruction or data space, single step, and so forth.
Brian Mitchell
2009-04-02 03:07:04
I need to do the editing in real-time, while the process is running
computergeek6
2009-04-02 03:14:29
Then the trick would be to limit the time you spend pausing the application, eg. if your changes takes < 10ms it's not going to really be noticable unless your messing with a multi media app, in which case you probably want <1ms per change.
olliej
2009-04-02 03:23:24
So should I write the changing part in C for speed, then create a Cocoa wrapper around it, to interface with the rest of the program?
computergeek6
2009-04-02 03:31:40
The language isn't that important, it's more important to limit the scope of the work you are doing when the program is stopped, so you can continue it as quickly as possible.
Brian Mitchell
2009-04-02 03:37:33
+5
A:
I'd point out that PTrace is terribly broken on OS X. Hopefully that article helps you sidestep the issues. You can also use mach directly to alter memory... check out how Mach_inject does it.
Paul
2009-04-02 04:09:29
broken is probably overstating the issue. I think "incomplete" would be a little more fair.
Brian Mitchell
2009-04-02 04:13:39
Thanks for the help. I looked at the Mach_inject code, and it's just what I was looking for.
computergeek6
2009-04-02 23:34:03
I agree Brian, it's a bit of a hyperbole. That said, I think Apple leaving PTrace incomplete is fairly bad thing.
Paul
2009-04-03 00:03:30