akaszynski · October 24, 2019 13:03 · akaszynski · Oct 24, 2019
diff --git a/rdmem.c b/rdmem.c
 /**
 Copied most of the read from:
 https://gist.github.com/FergusInLondon/fec6aebabc3c9e61e284983618f40730

 Added write portion at the end
 */

 #define _GNU_SOURCE
 #include <sys/uio.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>

 int main(int argc, char **argv) {
    if (argc < 3) {
        printf("usage: %s <pid> <mem address> [len]\n", argv[0]);
        printf("  <pid> - PID of process to target\n");
        printf("  <mem> - Memory address to target\n");
        printf("  [len] - Length (in size(int)) to read and modify\n");
        return -1;
    }

 // PARSE CLI ARGS
    pid_t pid = strtol(argv[1], NULL, 10);
    printf(" * Launching with a target PID of: %d\n", pid);

    void *remotePtr = (void *)strtol(argv[2], NULL, 0);
    printf(" * Launching with a target address of %p\n", remotePtr);

    /* size_t bufferLength = (argc > 3) ? strtol(argv[3], NULL, 10) : 20; */
    size_t bufferLength = sizeof(int)*strtol(argv[3], NULL, 10);
    printf(" * Launching with a buffer size of %ld bytes.\n", bufferLength);

 // Build iovec structs
    struct iovec local[1];
    local[0].iov_base = calloc(bufferLength, sizeof(char));
    local[0].iov_len = bufferLength;

    struct iovec remote[1];
    remote[0].iov_base = remotePtr;
    remote[0].iov_len = bufferLength;

 // Call process_vm_readv - handle any error codes
    ssize_t nread = process_vm_readv(pid, local, 2, remote, 1, 0);
    if (nread < 0) {
        switch (errno) {
            case EINVAL:
              printf("ERROR: INVALID ARGUMENTS.\n");
              break;
            case EFAULT:
              printf("ERROR: UNABLE TO ACCESS TARGET MEMORY ADDRESS.\n");
              break;
            case ENOMEM:
              printf("ERROR: UNABLE TO ALLOCATE MEMORY.\n");
              break;
            case EPERM:
              printf("ERROR: INSUFFICIENT PRIVILEGES TO TARGET PROCESS.\n");
              break;
            case ESRCH:
              printf("ERROR: PROCESS DOES NOT EXIST.\n");
              break;
            default:
              printf("ERROR: AN UNKNOWN ERROR HAS OCCURRED.\n");
        }

        return -1;
    }

    printf(" * Executed process_vm_ready, read %zd bytes.\n", nread);
    printf("%p\n", local[0].iov_base);

    int* arr = (int*) local[0].iov_base;
    printf("Array is: %d, %d, %d\n", arr[0], arr[1], arr[2]);

    /* change the local array and write to the remote process*/
    int i;
    for (i=0; i<3; i++){
      arr[i] = 2 - i;
    }

    /* write to remote process */
    printf("Modifying remote array to now: %d, %d, %d\n", arr[0], arr[1], arr[2]);
    process_vm_writev(pid, local, 2, remote, 1, 0);

    return 0;
 }
diff --git a/remote_process.c b/remote_process.c
 /* create a simple array and exit when it is modified */

 #include <unistd.h>
 #include <stdio.h> 
 #include <sys/types.h>
 #include <unistd.h>
  
 int main() 
 { 

  printf("My process ID is %d\n", getpid());

    int arr[3];
    arr[0] = 0;
    arr[1] = 1;
    arr[2] = 2;

    printf("pointer to arr is %p\n", (void*)&arr);
    printf("Original arr is: %d, %d, %d\n", arr[0], arr[1], arr[2]);

    /* sleep until my array has been changed */
    printf("Waiting until array is changed...\n\n");
    while (1){
      if (arr[0] != 0){
 	printf("ARRAY CHANGED\n");
 	printf("Array now: %d, %d, %d\n", arr[0], arr[1], arr[2]);
 	printf("Exiting...\n");
 	break;
      }
      sleep(1);
    }
    return 0; 
 }
	/**
	Copied most of the read from:
	https://gist.github.com/FergusInLondon/fec6aebabc3c9e61e284983618f40730

	Added write portion at the end
	*/

	#define _GNU_SOURCE
	#include <sys/uio.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <errno.h>

	int main(int argc, char **argv) {
	if (argc < 3) {
	printf("usage: %s <pid> <mem address> [len]\n", argv[0]);
	printf(" <pid> - PID of process to target\n");
	printf(" <mem> - Memory address to target\n");
	printf(" [len] - Length (in size(int)) to read and modify\n");
	return -1;
	}

	// PARSE CLI ARGS
	pid_t pid = strtol(argv[1], NULL, 10);
	printf(" * Launching with a target PID of: %d\n", pid);

	void remotePtr = (void )strtol(argv[2], NULL, 0);
	printf(" * Launching with a target address of %p\n", remotePtr);

	/* size_t bufferLength = (argc > 3) ? strtol(argv[3], NULL, 10) : 20; */
	size_t bufferLength = sizeof(int)*strtol(argv[3], NULL, 10);
	printf(" * Launching with a buffer size of %ld bytes.\n", bufferLength);

	// Build iovec structs
	struct iovec local[1];
	local[0].iov_base = calloc(bufferLength, sizeof(char));
	local[0].iov_len = bufferLength;

	struct iovec remote[1];
	remote[0].iov_base = remotePtr;
	remote[0].iov_len = bufferLength;

	// Call process_vm_readv - handle any error codes
	ssize_t nread = process_vm_readv(pid, local, 2, remote, 1, 0);
	if (nread < 0) {
	switch (errno) {
	case EINVAL:
	printf("ERROR: INVALID ARGUMENTS.\n");
	break;
	case EFAULT:
	printf("ERROR: UNABLE TO ACCESS TARGET MEMORY ADDRESS.\n");
	break;
	case ENOMEM:
	printf("ERROR: UNABLE TO ALLOCATE MEMORY.\n");
	break;
	case EPERM:
	printf("ERROR: INSUFFICIENT PRIVILEGES TO TARGET PROCESS.\n");
	break;
	case ESRCH:
	printf("ERROR: PROCESS DOES NOT EXIST.\n");
	break;
	default:
	printf("ERROR: AN UNKNOWN ERROR HAS OCCURRED.\n");
	}

	return -1;
	}

	printf(" * Executed process_vm_ready, read %zd bytes.\n", nread);
	printf("%p\n", local[0].iov_base);

	int* arr = (int*) local[0].iov_base;
	printf("Array is: %d, %d, %d\n", arr[0], arr[1], arr[2]);

	/* change the local array and write to the remote process*/
	int i;
	for (i=0; i<3; i++){
	arr[i] = 2 - i;
	}

	/* write to remote process */
	printf("Modifying remote array to now: %d, %d, %d\n", arr[0], arr[1], arr[2]);
	process_vm_writev(pid, local, 2, remote, 1, 0);

	return 0;
	}
	/* create a simple array and exit when it is modified */

	#include <unistd.h>
	#include <stdio.h>
	#include <sys/types.h>
	#include <unistd.h>

	int main()
	{

	printf("My process ID is %d\n", getpid());

	int arr[3];
	arr[0] = 0;
	arr[1] = 1;
	arr[2] = 2;

	printf("pointer to arr is %p\n", (void*)&arr);
	printf("Original arr is: %d, %d, %d\n", arr[0], arr[1], arr[2]);

	/* sleep until my array has been changed */
	printf("Waiting until array is changed...\n\n");
	while (1){
	if (arr[0] != 0){
	printf("ARRAY CHANGED\n");
	printf("Array now: %d, %d, %d\n", arr[0], arr[1], arr[2]);
	printf("Exiting...\n");
	break;
	}
	sleep(1);
	}
	return 0;
	}