Memory Walking in Cocoa

Discussion in 'Mac Programming' started by Jordan72, Dec 11, 2005.

  1. macrumors member

    Nov 23, 2005
    I want to take a memory walk through every address on my hard drive. As I walk, I want to read each 32 bit memory location's value into a variable for the Cocoa application. I'd like to know how to get a pointer to any memory location so that I could in turn write to that location, if I so choose. It would be helpfull to know how to get a pointer to every address where all files or applications start. How do I set this up in a Cocoa program?

    And while I'm on the topic of memory walking, how do I set up the same situation to take a 32 bit walk through the entire RAM for any given moment?
  2. Moderator emeritus


    Jul 24, 2002
    Just because you are in Cocoa doesn't mean that you can't use C. You get a pointer in the same was as you would in C.

    Note that you will probably need to use much lower level frameworks than Cocoa to access the drive directly.

    With respects to reading all memory: you can't. No modern OS will allow an app to read memory from outside it's process space (shared memory excepted).
  3. thread starter macrumors member

    Nov 23, 2005
    .kext is the part of the answer

    I was directed to kexts as a solution by a Unix guy, but he only knew the Intel way. So Mac gurus, I'm part way to my goal.

    What's the next step? How do I get a pointer to my first address in memory so I can read and write any address on my hard drive?

    Will addresses be different on different machines? I have an iBook G4. Will I run into a hardware address such as the keyboard I can't write to? Can someone give some idea where the memory is?
  4. macrumors 6502a

    Jun 17, 2003
    Walking up a disk is trivial. Find the /dev/disk? "file" for the disk (where ? is an integer). Open that file and use seek() to perform the walk. Ensure that you close the file when you are done.

    Walking through memory is generally a very, very bad idea. But this should also be possible using /dev/mem in a similar way to the disk walk.

    You should not try to write to any location on your disk since you are very likely to end up corrupting your filesystem.

    In terms of finding the address at which each file starts, this depends on the file system in use. For HFS+ file systems then you can only do this by walking through the filesystem finding each file inode and reading out the address.

    It sounds like you are trying to code up a disk data visualizer and/or editor. If so, then you will need to spend some time reading up on file systems. An important point to remember is that a entire file is not stored in a continuous block on the disk. The file is sliced up into fixed size blocks (I think 4096K by default) and then each of these blocks is stored whereever there is space.

    Rather than walking the disk you can find the locations of all files by directly reading off the inode tables then traversing the inode graph. In this approach, you assume that the disk is empty except for blocks that are specifically referenced in the inode graph. You also need to remember that the first few sectors of the disk are occupied by the partition table.
  5. thread starter macrumors member

    Nov 23, 2005
    Ok, I'm going to get the pointers to each file and find out which one represent the entire hard drive. Thanks.
  6. thread starter macrumors member

    Nov 23, 2005
    What type do I use for the file pointer? It seems the header for kexts don't understand the FILE type. Here's what I tried:

    kern_return_t HelloKernel_start (kmod_info_t * ki, void * d)
    	printf("KEXT has loaded!\n");
    	FILE *f;
    	if ((f = fopen("/dev/disk0", "r")) == NULL)
    		printf("File was not opened.\n");
    		printf("File successfully opened.\n");
    	return KERN_SUCCESS;

    The errors:

    error: `f' undeclared (first use in this function)
    error: `FILE' undeclared (first use in this function)
    error: (Each undeclared identifier is reported only once
    error: for each function it appears in.)
  7. macrumors 6502a

    Jun 17, 2003
    You need to include stdio.h
  8. thread starter macrumors member

    Nov 23, 2005
    It will not allow me to include it the way I've always included it, so what is the special way they make us do it? Any ideas?
  9. macrumors 6502a

    Jun 17, 2003
    #include <stdio.h>
  10. thread starter macrumors member

    Nov 23, 2005
    That doesn't work.

Share This Page