堆栈内存溢出
  简体   繁体   English

OS X上的WriteProcessMemory等价物

[英]WriteProcessMemory equivalent on OS X

 原文  2012-06-01 17:37:48       macos/ delphi/ hook/ delphi-xe2

问题描述

I am using method hooking/detour in my library. 我在我的图书馆使用方法挂钩/绕行

What would be the solution for method hooking/detour on OS X since WriteProcessMemory/ReadProcessMemory are Windows API functions? 由于WriteProcessMemory / ReadProcessMemory是Windows API函数,因此OS X上方法挂钩/绕行的解决方案是什么?

Edit: 编辑:

Ok, let me put a bit more information here so it gets clearer why I am asking that question: 好的,让我在这里提供更多信息,以便更清楚我为什么要问这个问题:

In an upcoming feature in my DSharp library I have this code: 在我的DSharp库的即将推出的功能中,我有以下代码: 

procedure FreeInstance(Self: TObject);
begin
  ...

  Self.CleanupInstance;
  FreeMem(Pointer(Self));
end;

var
  FreeInstanceBackup: TXRedirCode;

initialization
  ...
  HookCode(@TObject.FreeInstance, @FreeInstance, FreeInstanceBackup);

finalization
  UnhookCode(@TObject.FreeInstance, FreeInstanceBackup);
  ...

end.

Fact is, I need to hook into the TObject.FreeInstance method to be notified of every object destruction (yes I know, it might not be called if someone decides to override it and does not call inherited). 事实是,我需要挂钩到TObject.FreeInstance方法以获得每个对象销毁的通知(是的,我知道,如果有人决定覆盖它并且不调用继承,则可能不会调用它)。

Another unit that uses the WriteProcessMemory is ReturnTypePatch.pas which fixes QC #98687 which is nessecary for Mocking libraries like mine and Delphi Mocks from Vincent Parrett (he basically had a user reporting that problem before we both were aware of that problem). 另一个使用WriteProcessMemory的单元是ReturnTypePatch.pas ,它修复了QC#98687 ,这对于像我这样的模拟库和来自Vincent Parrett的Delphi Mocks来说不必要的 (他们基本上有一个用户在我们都知道这个问题之前报告了这个问题)。

Yet another use of WriteProcessMemory is in the AOP part of DSharp where I basically replace the VMT of a class with the proxy class VMT that is created from the TVirtualMethodInterceptor class from the RTTI. WriteProcessMemory的另一个用途是在DSharp的AOP部分中,我基本上用从RTTI的TVirtualMethodInterceptor类创建的代理类VMT替换类的VMT。 With TVirtualMethodInterceptor you can only proxify an existing object - my implementation does that for the whole class (so all existing and future objects, even if inherited). 使用TVirtualMethodInterceptor,您只能代理现有对象 - 我的实现为整个类执行此操作(因此所有现有和将来的对象,即使是继承的)。

In all cases the memory cannot be written by using Move because they are protected (getting AV when replacing WriteProcessMemory with a call to CopyMemory). 在所有情况下,使用Move都无法写入内存,因为它们受到保护(在通过调用CopyMemory替换WriteProcessMemory时获取AV)。

Hope that was enough information on what I am doing with these functions - and someone can point me to a solution that will work on OS X (unfortunately I don't have one so I cannot test anything). 希望这是关于我正在使用这些功能的足够信息 - 有人可以指出我将在OS X上工作的解决方案(不幸的是我没有,所以我无法测试任何东西)。

1 个解决方案

解决方案1
 10  2012-06-01 19:13:48

The most direct equivalent to WriteProcessMemory/ReadProcessMemory are the Mach calls vm_write/vm_read. 与WriteProcessMemory / ReadProcessMemory最直接相同的是Mach调用vm_w​​rite / vm_read。 Instead of an HPROCESS you need a Mach task (which you can get via task_for_pid), and of course there are lots of little differences. 你需要一个Mach任务(你可以通过task_for_pid获得)而不是HPROCESS,当然还有很多不同之处。

Since Apple has helpfully removed the manpages for these functions, and not documented them in any of the Xcode docsets, you have to deal with the slightly-out-of-date non-Apple Mach/MK/Gnu-Mach documentation, the header file comments (which are pretty good), and/or third-party articles like http://www.uninformed.org/?v=4&a=3 and http://www.phrack.org/issues.html?issue=66&id=16 (you can probably guess just from the URLs who their target audience is). 由于Apple已经帮助删除了这些函数的联机帮助页,并且没有将它们记录在任何Xcode文档集中,因此您必须处理稍微过时的非Apple Mach / MK / Gnu-Mach文档,即头文件评论(非常好)和/或第三方文章,如http://www.uninformed.org/?v=4&a=3http://www.phrack.org/issues.html?issue=66&id = 16 (您可以从他们的目标受众的URL中猜出)。 But it's pretty easy. 但这很容易。 Porting a "memory cheat tool" from Windows to Mac, you'd spend a lot more time rewriting the GUI than implementing the low-level stuff. 将“内存作弊工具”从Windows移植到Mac,您将花费更多时间重写GUI而不是实现低级别的东西。

But this may not be the best way to do method hooking. 但这可能不是做方法挂钩的最佳方法。 Especially if you're hooking ObjC methods, but even for C APIs. 特别是如果您正在使用ObjC方法,甚至是C API。 Describe what you want to do in more detail, and I can provide better alternatives. 详细描述您想要做的事情,我可以提供更好的选择。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OS X相当于OutputDebugString()? - OS X equivalent to OutputDebugString()? OS X 中的 TrackPopupMenu 等效项 - TrackPopupMenu equivalent in OS X OS X 是否有等效的 lsusb - Is there an equivalent of lsusb for OS X 在mac os x上showkey等价? - showkey equivalent on mac os x? Mac OS X中是否有相当于mallopt()的功能? - Is there an equivalent of mallopt() in Mac OS X? OS X的.def文件等效 - .def file equivalent for OS X 在Mac OS X上相当于PostThreadMessage - PostThreadMessage equivalent on Mac OS X OS X上的SWT:等效于NSSheet - SWT on OS X: NSSheet equivalent 什么是OS X的UIGraphicsGetCurrentContext()等价物? - What is the UIGraphicsGetCurrentContext() equivalent for OS X? xsel -o 等效于 OS X - xsel -o equivalent for OS X
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM