-
Notifications
You must be signed in to change notification settings - Fork 46
A small OS X/iOS userland util to dump processes memory
gdbinit/readmem
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
_____ _ _____ | __ |___ ___ _| | |___ _____ | -| -_| .'| . | | | | -_| | |__|__|___|__,|___|_|_|_|___|_|_|_| A small userland util to dump processes memory Useful to dump stuff or verify stuff without gdb or running under gdb (c) fG! - 2012, 2013 - [email protected] - http://reverse.put.as This is a small and simple userland util to dump processes memory on the screen or to a binary file. Useful to dump stuff or verify something without gdb or running under gdb. A new option as been added as of version 0.3 that will dump the mach-o app or lib that is located at the given address. This makes process dumping easier (dumped binaries will not work because objective-c related stuff!), especially in iOS where there is no vmmap utility by default. With this, you can dump the main binary or any of its loaded libraries. You need to find the start address, which usually can be done using "info shared" command inside gdb. To use this feature, pass the -f option to the util (no need to specify the size in this case). Usage: readmem -p XXX -a ADDRESS -o WHATEVERNAMEYOUWANT -f It is compatible with Mac OS X and iOS. If you want to compile to iOS you need to modify the project target and add the below information to Xcode configurations. They will allow to build command-line executables for iOS. Don't forget that you need to give procmod permissions to the OS X version and the correct entitlements to the iOS version. For a good reference regarding entitlements go to http://246tnt.com/iPhone/. Nothing fancy to be seen here :-) Version 0.5 introduces code to locate and dump main binary of a given PID. No need anymore to input start address. fG! [email protected] Changes to iPhoneOSPackageTypes.xcspec: // Mach-O executable { Type = PackageType; Identifier = com.apple.package-type.mach-o-executable; Name = "Mach-O Executable"; Description = "Mach-O executable"; DefaultBuildSettings = { EXECUTABLE_PREFIX = ""; EXECUTABLE_SUFFIX = ""; EXECUTABLE_NAME = "$(EXECUTABLE_PREFIX)$(PRODUCT_NAME)$(EXECUTABLE_VARIANT_SUFFIX)$(EXECUTABLE_SUFFIX)"; EXECUTABLE_PATH = "$(EXECUTABLE_NAME)"; }; ProductReference = { FileType = compiled.mach-o.executable; Name = "$(EXECUTABLE_NAME)"; IsLaunchable = YES; }; }, Changes to iPhoneOSProductTypes.xcspec: // Tool (normal Unix command-line executable) { Type = ProductType; Identifier = com.apple.product-type.tool; Class = PBXToolProductType; Name = "Command-line Tool"; Description = "Standalone command-line tool"; IconNamePrefix = "TargetExecutable"; DefaultTargetName = "Command-line Tool"; DefaultBuildProperties = { FULL_PRODUCT_NAME = "$(EXECUTABLE_NAME)"; EXECUTABLE_PREFIX = ""; EXECUTABLE_SUFFIX = ""; REZ_EXECUTABLE = YES; INSTALL_PATH = "/usr/local/bin"; FRAMEWORK_FLAG_PREFIX = "-framework"; LIBRARY_FLAG_PREFIX = "-l"; LIBRARY_FLAG_NOSPACE = YES; GCC_DYNAMIC_NO_PIC = NO; GCC_SYMBOLS_PRIVATE_EXTERN = YES; GCC_INLINES_ARE_PRIVATE_EXTERN = YES; STRIP_STYLE = "all"; CODE_SIGNING_ALLOWED = YES; }; PackageTypes = ( com.apple.package-type.mach-o-executable // default ); },
About
A small OS X/iOS userland util to dump processes memory
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published