A challenge for skilled programmers here (I'm sure there are many)

Discussion in 'Mac Programming' started by locoputo, Mar 21, 2011.

  1. locoputo, Mar 21, 2011
    Last edited: Mar 24, 2011
  2. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #2
    There has got to be a better way to query and set MachineLocation.u.gmtDelta.

    B
     
  3. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #3
    What is the game you're trying to cheat at?

    How do you know the target process hasn't taken countermeasures, such as ptrace(PT_DENY_ATTACH)?

    Since the only reward is imaginary, does an imaginary program count?
     
  4. ulbador, Mar 21, 2011
    Last edited: Mar 21, 2011

    ulbador macrumors 68000

    ulbador

    Joined:
    Feb 11, 2010
    #4
    You could find this out pretty easily with gdb. iTunes is protected, Safari is not

    Code:
    home:~ adam$ gdb /Applications/iTunes.app/Contents/Resources/iTunes
    GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
    Copyright 2004 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB.  Type "show warranty" for details.
    This GDB was configured as "x86_64-apple-darwin"...
    warning: Unable to read symbols from "AVFoundationCF" (not yet mapped into memory).
    Reading symbols for shared libraries .................................... done
    
    (gdb) r
    Starting program: /Applications/iTunes.app/Contents/MacOS/iTunes 
    Reading symbols for shared libraries .+++++++++++++++++++++++++++++....++++++...................................................................................................... done
    
    Program exited with code 055.
    (gdb)
    
    vs

    Code:
    
    home:~ adam$ gdb /Applications/Safari.app/Contents/MacOS/Safari 
    GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
    Copyright 2004 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB.  Type "show warranty" for details.
    This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared libraries .............................. done
    
    (gdb) r
    Starting program: /Applications/Safari.app/Contents/MacOS/Safari 
    Reading symbols for shared libraries .+++++++++++++++++++++++++++++.......................................................................................................... done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries .. done
    Reading symbols for shared libraries ... done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries . done
    Reading symbols for shared libraries warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/NSAlert_SIMBL.o" - no debug information available for "/Users/mike/Projects/simbl/src/NSAlert_SIMBL.m".
    
    warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/SIMBL-4A64B91627DFD16A.o" - no debug information available for "/Users/mike/Projects/simbl/src/SIMBL.m".
    
    warning: Could not find object file "/Users/mike/Projects/simbl/build/SIMBL.build/Deployment/SIMBL.build/Objects-normal/x86_64/SIMBLPlugin.o" - no debug information available for "/Users/mike/Projects/simbl/src/SIMBLPlugin.m".
    
    . done
    Reading symbols for shared libraries . done
    

    Chances are if it's a game, it is.
     
  5. locoputo thread starter macrumors newbie

    Joined:
    Dec 25, 2008
    #5
    I can state with confidence that it isn't protected. Evidence is that I have successfully attached to it with a memory editing tool and changed the int8 value of a set address successfully, so protection isn't an issue. And no, I'd prefer if your program wasn't imaginary. :)
     
  6. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #6
    What is the memory editing tool? Write a script for it. Problem solved.
     
  7. lee1210 macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #7
    You can script GDB... look at the -x option. I've used this for automatically getting stack traces, etc. on a schedule. I can't remember why, but it worked pretty well.

    -Lee
     
  8. locoputo thread starter macrumors newbie

    Joined:
    Dec 25, 2008
    #8
    The memory tool is called "Bit Slicer", it's how I found the memory addresses in question. Could someone write together a short script?
     
  9. lee1210 macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #9
    No, probably not. The GDB command you're likely to need is set. From there, you'll just need to cast the address to the proper pointer type, dereference it, and throw an = 1. I'm not sure how important checking for 0 is, or if it can just unconditionally set it to 1, but that probably wouldn't be too hard, either. If you write a gdb script and it doesn't work we'd be more likely to help you than we'd be to do this for you. I do not really like imaginary cake.

    -Lee
     

Share This Page