Skip to content

Loading…

vm_read not working on Mac OS X (10.7) #1

Closed
iZsh opened this Issue · 6 comments

3 participants

@iZsh

Hello,

I'm running Mac OS X, Lion (10.7), and I'm getting the following error when trying to call vm_read

/Library/Ruby/Gems/1.8/gems/ragweed-0.2.3/lib/ragweed/wraposx/wraposx.rb:247:in vm_read_overwrite': can't convert FFI::MemoryPointer into Integer (TypeError)
from /Library/Ruby/Gems/1.8/gems/ragweed-0.2.3/lib/ragweed/wraposx/wraposx.rb:247:in
vm_read'

As a reference here is the code I'm using:
buffer = Wraposx::vm_read(dbg.task, basic_region_info.base_address, basic_region_info.region_size)

I'm not very familiar with FFI, thus it might be faster for you to fix it. I'm still reading FFI's code to figure out the error.

@iZsh

I found the issue, line 49 should be
attach_function :vm_read_overwrite, [:vm_map_t, :vm_address_t, :vm_size_t, :pointer, :pointer], :kern_return_t

(note the 4th parameter is :pointer not :vm_address_t)

I didn't check the other vm_* function for same consistency issues.

@struct
Collaborator

Timur is the maintainer of the OSX port, ill make sure he gets this message. We arent running Lion yet but this is great feedback. We will definitely get ragweed working for Lion shortly.

@iZsh

It doesn't work on Snow Leopard either, since the 4th parameter is indeed a buffer pointer for the result, not an address.
With this fix it works on both 10.6 and 10.7.

(Thanks for forwarding it to the OSX maintainer! :) )

@struct
Collaborator

ahh. Easy fix. Done!

@struct struct closed this
@tduehr
Owner
@struct
Collaborator
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.