Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS A challenge for skilled programmers here (I'm sure there are many)

What is the game you're trying to cheat at?

How do you know the target process hasn't taken countermeasures, such as ptrace(PT_DENY_ATTACH)?

Since the only reward is imaginary, does an imaginary program count?
 
chown33 said:
What is the game you're trying to cheat at?

How do you know the target process hasn't taken countermeasures, such as ptrace(PT_DENY_ATTACH)?

Since the only reward is imaginary, does an imaginary program count?
Click to expand...

You could find this out pretty easily with gdb. iTunes is protected, Safari is not

Code: 
home:~ adam$ gdb /Applications/iTunes.app/Contents/Resources/iTunes
GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...
warning: Unable to read symbols from "AVFoundationCF" (not yet mapped into memory).
Reading symbols for shared libraries .................................... done

(gdb) r
Starting program: /Applications/iTunes.app/Contents/MacOS/iTunes 
Reading symbols for shared libraries .+++++++++++++++++++++++++++++....++++++...................................................................................................... done

Program exited with code 055.
(gdb)

vs

Code: 
home:~ adam$ gdb /Applications/Safari.app/Contents/MacOS/Safari 
GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared libraries .............................. done

(gdb) r
Starting program: /Applications/Safari.app/Contents/MacOS/Safari 
Reading symbols for shared libraries .+++++++++++++++++++++++++++++.......................................................................................................... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries .. done
Reading symbols for shared libraries ... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/NSAlert_SIMBL.o" - no debug information available for "/Users/mike/Projects/simbl/src/NSAlert_SIMBL.m".

warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/SIMBL-4A64B91627DFD16A.o" - no debug information available for "/Users/mike/Projects/simbl/src/SIMBL.m".

warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/SIMBLPlugin.o" - no debug information available for "/Users/mike/Projects/simbl/src/SIMBLPlugin.m".

. done
Reading symbols for shared libraries . done


Chances are if it's a game, it is.
 
Last edited:
I can state with confidence that it isn't protected. Evidence is that I have successfully attached to it with a memory editing tool and changed the int8 value of a set address successfully, so protection isn't an issue. And no, I'd prefer if your program wasn't imaginary. :)
 
You can script GDB... look at the -x option. I've used this for automatically getting stack traces, etc. on a schedule. I can't remember why, but it worked pretty well.

-Lee
 
The memory tool is called "Bit Slicer", it's how I found the memory addresses in question. Could someone write together a short script?
 
locoputo said:
The memory tool is called "Bit Slicer", it's how I found the memory addresses in question. Could someone write together a short script?
Click to expand...

No, probably not. The GDB command you're likely to need is set. From there, you'll just need to cast the address to the proper pointer type, dereference it, and throw an = 1. I'm not sure how important checking for 0 is, or if it can just unconditionally set it to 1, but that probably wouldn't be too hard, either. If you write a gdb script and it doesn't work we'd be more likely to help you than we'd be to do this for you. I do not really like imaginary cake.

-Lee
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back