Home > OS >  Reading memory from another process on Mac
Reading memory from another process on Mac

Time:04-22

I'm building a library for reading memory that I'd like to expand to Mac OS.

Among many other functions, the one main function used by many of the methods is ReadProcessMemory;

[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool ReadProcessMemory(
    [In] IntPtr hProcess,
    [In] IntPtr lpBaseAddress,
    [Out] byte[] lpBuffer,
    [In] SIZE_T nSize,
    [Out] out SIZE_T lpNumberOfBytesRead
);

I'm now wondering what the equivalent for this is on Mac. Looking around online (of course it's hardly documented at all), I think the method signature should look something like this;

[DllImport("...")]
[return: MarshalAs(UnmanagedType.I4)]
static extern int vm_read_overwrite(
    [In] IntPtr target_task,
    [In] IntPtr address,
    [In] SIZE_T size,
    [Out] byte[] data,
    [Out] out SIZE_T outsize
);

vm_read_overwrite is also what's used by several Rust libraries.

What library/package is vm_read_overwrite part of? Is the signature correct? Perhaps additionally, can I use conditional compilation to use the different functions, or do I have to use RuntimeInformation.IsOSPlatform?

CodePudding user response:

    [DllImport("libc")]
    static extern int vm_read_overwrite(
        [In] IntPtr target_task,
        [In] IntPtr address,
        [In] uint size,
        [Out] byte[] data,
        [Out] out uint outsize
    );

This works on my machine. Hope it helps.

Page link:https//www.codepudding.com/os/380962.html

Prev:Iterate thread strategy for the FXML ProgressBar
Next:write Jasmine testcase for error cases so that it becomes green
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding