In Leopard (Mac OS X 10.5), this policy was changed again (that much about consistent security policy – nice work Apple) such that an inspector process now depends on the security framework to authorize use of the taskforpid system service which gives a process the capability to control another process. Apple Mac OS X Before you can install Virtual PC for Mac Version 7.0.2, one or more of the following programs must be installed on your computer: Virtual PC for Mac Version 7.0 or 7.0.1 In addition, your computer must meet the following minimum requirements: Processor: 700 MHz native PowerPC G3, G4, or G5 processor.
SoundCloud is a music and podcast streaming platform that lets you listen to millions of songs from around the world, or upload your own. Start listening now! PIV Login for Macs is an ongoing initiative to implement the federally mandated smart card login requirement on Apple Macintosh computers at NIH.
If you never heard of mach system calls and specifically task_for_pid() call on Mac OS X, you can consider yourself lucky. If you want to stay that way – stop reading now! Still here? In that case let's start with disclaimer – author of this text is not and can not be in any way responsible for damage produced or influenced by this article.
Prior to the Mac OS X 10.4.X (Tiger), it was completely legal for one process to control another for the purpose of influencing its execution (single stepping, resuming, stopping etc) and inspecting or modifying its memory and registers. In one of the patches for Tiger, this policy was changed so that only a process owned by root or with a 'primary effective group of procmod or procview' has this privilege. In Leopard (Mac OS X 10.5), this policy was changed again (that much about consistent security policy – nice work Apple) such that an inspector process now depends on the security framework to authorize use of the task_for_pid system service which gives a process the capability to control another process.
To build a utility that will use task_for_pid(), you need to do the following:
So let's get started.
Step 1 – Create Info.plist
I used one of the standard Info.plist files I could find in Xcode and changed some particular parts as can be seen in following example:
The important part is key 'SecTaskAccess' with value 'allowed'.
Step 2 – Create self-signed code signing certificate
Open your Keychain Access and do the following:
When created – this certificate will be untrusted by default – change 'When using this certificate' to 'Always Trust' and you should be OK and ready to go for the next step.
Pid Macquarie
Step 3 – Write your program
I wrote a very simple program that takes PID of a process you want to investigate (ran by your UID), connects to it and writes current register values for it. Code is pretty self-explaining so I won't go into nifty details:
Step 4 – Compile and sign
To compile the program I used following command line:
To sign the code with certificate we prepared before – do this:
We can check if everything went OK:
This looks good – let's test it.
Step 5 – Test program
Pid Machine Expert
When created – this certificate will be untrusted by default – change 'When using this certificate' to 'Always Trust' and you should be OK and ready to go for the next step.
Pid Macquarie
Step 3 – Write your program
I wrote a very simple program that takes PID of a process you want to investigate (ran by your UID), connects to it and writes current register values for it. Code is pretty self-explaining so I won't go into nifty details:
Step 4 – Compile and sign
To compile the program I used following command line:
To sign the code with certificate we prepared before – do this:
We can check if everything went OK:
This looks good – let's test it.
Step 5 – Test program
Pid Machine Expert
It works.
