PDA

View Full Version : Memory Walking in Cocoa




Jordan72
Dec 11, 2005, 03:16 PM
I want to take a memory walk through every address on my hard drive. As I walk, I want to read each 32 bit memory location's value into a variable for the Cocoa application. I'd like to know how to get a pointer to any memory location so that I could in turn write to that location, if I so choose. It would be helpfull to know how to get a pointer to every address where all files or applications start. How do I set this up in a Cocoa program?

And while I'm on the topic of memory walking, how do I set up the same situation to take a 32 bit walk through the entire RAM for any given moment?



robbieduncan
Dec 12, 2005, 04:58 AM
Just because you are in Cocoa doesn't mean that you can't use C. You get a pointer in the same was as you would in C.

Note that you will probably need to use much lower level frameworks than Cocoa to access the drive directly.

With respects to reading all memory: you can't. No modern OS will allow an app to read memory from outside it's process space (shared memory excepted).

Jordan72
Dec 17, 2005, 10:34 AM
I was directed to kexts as a solution by a Unix guy, but he only knew the Intel way. So Mac gurus, I'm part way to my goal.

What's the next step? How do I get a pointer to my first address in memory so I can read and write any address on my hard drive?

Will addresses be different on different machines? I have an iBook G4. Will I run into a hardware address such as the keyboard I can't write to? Can someone give some idea where the memory is?

mrichmon
Dec 17, 2005, 10:56 AM
I was directed to kexts as a solution by a Unix guy, but he only knew the Intel way. So Mac gurus, I'm part way to my goal.

What's the next step? How do I get a pointer to my first address in memory so I can read and write any address on my hard drive?

Will addresses be different on different machines? I have an iBook G4. Will I run into a hardware address such as the keyboard I can't write to? Can someone give some idea where the memory is?

Walking up a disk is trivial. Find the /dev/disk? "file" for the disk (where ? is an integer). Open that file and use seek() to perform the walk. Ensure that you close the file when you are done.

Walking through memory is generally a very, very bad idea. But this should also be possible using /dev/mem in a similar way to the disk walk.

You should not try to write to any location on your disk since you are very likely to end up corrupting your filesystem.

In terms of finding the address at which each file starts, this depends on the file system in use. For HFS+ file systems then you can only do this by walking through the filesystem finding each file inode and reading out the address.

It sounds like you are trying to code up a disk data visualizer and/or editor. If so, then you will need to spend some time reading up on file systems. An important point to remember is that a entire file is not stored in a continuous block on the disk. The file is sliced up into fixed size blocks (I think 4096K by default) and then each of these blocks is stored whereever there is space.

Rather than walking the disk you can find the locations of all files by directly reading off the inode tables then traversing the inode graph. In this approach, you assume that the disk is empty except for blocks that are specifically referenced in the inode graph. You also need to remember that the first few sectors of the disk are occupied by the partition table.

Jordan72
Dec 17, 2005, 01:13 PM
Ok, I'm going to get the pointers to each file and find out which one represent the entire hard drive. Thanks.

Jordan72
Dec 17, 2005, 01:34 PM
What type do I use for the file pointer? It seems the header for kexts don't understand the FILE type. Here's what I tried:


kern_return_t HelloKernel_start (kmod_info_t * ki, void * d)
{

printf("KEXT has loaded!\n");


FILE *f;

if ((f = fopen("/dev/disk0", "r")) == NULL)
printf("File was not opened.\n");
else
printf("File successfully opened.\n");

fclose(f);


return KERN_SUCCESS;
}



The errors:

error: `f' undeclared (first use in this function)
error: `FILE' undeclared (first use in this function)
error: (Each undeclared identifier is reported only once
error: for each function it appears in.)

mrichmon
Dec 17, 2005, 02:04 PM
The errors:

error: `f' undeclared (first use in this function)
error: `FILE' undeclared (first use in this function)
error: (Each undeclared identifier is reported only once
error: for each function it appears in.)

You need to include stdio.h

Jordan72
Dec 17, 2005, 09:16 PM
It will not allow me to include it the way I've always included it, so what is the special way they make us do it? Any ideas?

mrichmon
Dec 18, 2005, 01:01 AM
It will not allow me to include it the way I've always included it, so what is the special way they make us do it? Any ideas?

#include <stdio.h>

Jordan72
Dec 18, 2005, 02:25 AM
#include <stdio.h>

That doesn't work.