Skip to content


vm_read not working on Mac OS X (10.7) #1

iZsh opened this Issue · 6 comments

3 participants



I'm running Mac OS X, Lion (10.7), and I'm getting the following error when trying to call vm_read

/Library/Ruby/Gems/1.8/gems/ragweed-0.2.3/lib/ragweed/wraposx/wraposx.rb:247:in vm_read_overwrite': can't convert FFI::MemoryPointer into Integer (TypeError)
from /Library/Ruby/Gems/1.8/gems/ragweed-0.2.3/lib/ragweed/wraposx/wraposx.rb:247:in

As a reference here is the code I'm using:
buffer = Wraposx::vm_read(dbg.task, basic_region_info.base_address, basic_region_info.region_size)

I'm not very familiar with FFI, thus it might be faster for you to fix it. I'm still reading FFI's code to figure out the error.


I found the issue, line 49 should be
attach_function :vm_read_overwrite, [:vm_map_t, :vm_address_t, :vm_size_t, :pointer, :pointer], :kern_return_t

(note the 4th parameter is :pointer not :vm_address_t)

I didn't check the other vm_* function for same consistency issues.


Timur is the maintainer of the OSX port, ill make sure he gets this message. We arent running Lion yet but this is great feedback. We will definitely get ragweed working for Lion shortly.


It doesn't work on Snow Leopard either, since the 4th parameter is indeed a buffer pointer for the result, not an address.
With this fix it works on both 10.6 and 10.7.

(Thanks for forwarding it to the OSX maintainer! :) )


ahh. Easy fix. Done!

@struct struct closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.