Comments (6)
Same is happening on non-apple processes also. Don't know how this can be fixed.
from mach_inject.
@darshan-yadav Interesting. At one point I tested mach_inject in 10.14 with debug protections disabled and filesystem protections enabled and was able to get it to work with my own process. Not sure if that could be explained by the target being a binary I built myself, something changing between 10.14.0 and 10.14.2, or something else entirely.
from mach_inject.
Seems in new xcode. Processes are hardened by default and that causing the problem.
from mach_inject.
@darshan-yadav I explicitly compiled my projects with hardened runtime disabled and still had this problem. Is there another setting or method for disabling it that fixes the issue?
from mach_inject.
@darshan-yadav I explicitly compiled my projects with hardened runtime disabled and still had this problem. Is there another setting or method for disabling it that fixes the issue?
One i can think is to compile with older version of X-Code. Other is check the CHFalgs value and see if
Any of following flags are set.
#define CS_ENFORCEMENT 0x00001000 /* require enforcement /
#define CS_RUNTIME 0x00010000 / Apply hardened runtime policies */
from mach_inject.
I did a little bit more looking into this and found that when trying to inject into the Dock in 10.15 you get an error printed to the system console:
CODE SIGNING: process 692[Dock]: rejecting invalid page at address 0x10e522000 from offset 0x0 in file "<nil>" (cs_mtime:0.0 == mtime:0.0) (signed:0 validated:0 tainted:0 nx:0 wpmapped:0 dirty:1 depth:0)
So I'm guessing it's another facet of SIP, and even though it's not explicitly about being able to modify system files the filesystem protections cover it. I recently discovered that there are a few other areas where the filesystem protections affect the execution of processes, one of which being that apps with hardened runtime can't link to dynamic libraries using relative paths. For whatever reason disabling filesystem protections also disables that restriction. So it's not surprising then that there are other restrictions that having filesystem protections will impose.
Just for the hell of it I tried codesigning the binaries I was trying to inject and that changed the error to:
CODE SIGNING: process 600[Dock]: rejecting invalid page at address 0x10816a000 from offset 0x1000 in file "/path/to/bootstrap.dylib" (cs_mtime:1565055005.627355007 == mtime:1565055005.627355007) (signed:0 validated:0 tainted:0 nx:0 wpmapped:1 dirty:1 depth:2)
I'm not at all surprised it still didn't work, of course. I did find it interesting that I'm trying to inject into the Dock and it doesn't have hardened runtime enabled. However I'm sure the Dock is special-cased out the wazoo with Apple's security features.
I gather that there's no way to work around this, and maybe it's not that big of a deal since in order to inject in Apple processes you have to disable debugging protections anyway. But it would be nice if that was the only protection I needed to disable to modify Apple processes so I'm going to leave this issue open in the vain hope that there will someday be a workaround.
from mach_inject.
Related Issues (19)
- Update Example
- swizzle applicationDidFinishLaunching using mach_inject HOT 4
- [Question] Scenario where the dylib library to load is out side of the target process' sandbox container HOT 5
- [Question] Do I need to re-inject the bundle if Finder restarts? HOT 2
- Yosemite compatibility? HOT 9
- using mach_inject in xamarin.mac HOT 1
- Invalid Memory Yosemite
- mach_inject doesn't work on OSX 10.11 (El Capitan). HOT 3
- mach_inject crashes target in OSX 10.12 (Sierra), unless if launched through Xcode HOT 3
- [QUESTION] mach_inject without root permissions like Dropbox HOT 20
- Inject code to deal with NSWindow HOT 5
- Not able to Inject on Mac OS X 10.12.6 & Mac OS X 10.13 (17A291j) Beta release HOT 2
- help me mac os sierra
- mach_inject causes the injected process to crash after installing Mojave security update 2020-005 HOT 2
- Support for M1 (arm) HOT 1
- mach_inject in Mavericks is broken HOT 16
- mach/MACH_ERROR.h
- One err check missing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mach_inject.