benphelps · June 22, 2018 15:08
diff --git a/vmwrite.c b/vmwrite.c
 #include <stdlib.h>
 #include <mach/mach.h>
 #include <Security/Authorization.h>

 int acquireTaskportRight()
 {
    OSStatus stat;
    AuthorizationItem taskport_item[] = {{"system.privilege.taskport:"}};
    AuthorizationRights rights = {1, taskport_item}, *out_rights = NULL;
    AuthorizationRef author;

    AuthorizationFlags auth_flags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | kAuthorizationFlagInteractionAllowed | ( 1 << 5);

    stat = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment,auth_flags,&author);
    if (stat != errAuthorizationSuccess)
    {
        return 0;
    }

    stat = AuthorizationCopyRights ( author, &rights, kAuthorizationEmptyEnvironment, auth_flags, &out_rights);
    if (stat != errAuthorizationSuccess)
    {
        printf("fail");
        return 1;
    }
    return 0;
 }

 int main()
 {
  int infoPid;

  kern_return_t kret;
  mach_port_t task;
  pointer_t buffer;
  uint32_t size;
  char readtest[14];

  printf("Enter pid: \n");
  scanf("%d", &infoPid);

  if (acquireTaskportRight() != 0)
  {
    printf("acquireTaskportRight() failed!\n");
    exit(0);
  }

  kret = task_for_pid(mach_task_self(), infoPid, &task);
  if (kret!=KERN_SUCCESS)
  {
    printf("task_for_pid() failed with message %s!\n",mach_error_string(kret));
    exit(0);
  }

  kret = vm_read(task, 0x89C442, sizeof(char) * 14, &buffer, &size);
  if (kret!=KERN_SUCCESS)
  {
    printf("task_for_pid() failed with message %s!\n",mach_error_string(kret));
    exit(0);
  }
  else {
    memcpy(readtest, (const void *)buffer, size);
    printf("Read Sucess: %s\n", readtest);
  }

  char patch[1] = {0xeb};
  kret = mach_vm_write(task, 0x89C442, (vm_address_t)&patch, sizeof(patch));
  if (kret!=KERN_SUCCESS)
  {
    printf("mach_vm_write() failed with message %s!\n", mach_error_string(kret));
    exit(0);
  }
  else {
    // success
  }

  return 0;
 }
	#include <stdlib.h>
	#include <mach/mach.h>
	#include <Security/Authorization.h>

	int acquireTaskportRight()
	{
	OSStatus stat;
	AuthorizationItem taskport_item[] = {{"system.privilege.taskport:"}};
	AuthorizationRights rights = {1, taskport_item}, *out_rights = NULL;
	AuthorizationRef author;

	AuthorizationFlags auth_flags = kAuthorizationFlagExtendRights \| kAuthorizationFlagPreAuthorize \| kAuthorizationFlagInteractionAllowed \| ( 1 << 5);

	stat = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment,auth_flags,&author);
	if (stat != errAuthorizationSuccess)
	{
	return 0;
	}

	stat = AuthorizationCopyRights ( author, &rights, kAuthorizationEmptyEnvironment, auth_flags, &out_rights);
	if (stat != errAuthorizationSuccess)
	{
	printf("fail");
	return 1;
	}
	return 0;
	}

	int main()
	{
	int infoPid;

	kern_return_t kret;
	mach_port_t task;
	pointer_t buffer;
	uint32_t size;
	char readtest[14];

	printf("Enter pid: \n");
	scanf("%d", &infoPid);

	if (acquireTaskportRight() != 0)
	{
	printf("acquireTaskportRight() failed!\n");
	exit(0);
	}

	kret = task_for_pid(mach_task_self(), infoPid, &task);
	if (kret!=KERN_SUCCESS)
	{
	printf("task_for_pid() failed with message %s!\n",mach_error_string(kret));
	exit(0);
	}

	kret = vm_read(task, 0x89C442, sizeof(char) * 14, &buffer, &size);
	if (kret!=KERN_SUCCESS)
	{
	printf("task_for_pid() failed with message %s!\n",mach_error_string(kret));
	exit(0);
	}
	else {
	memcpy(readtest, (const void *)buffer, size);
	printf("Read Sucess: %s\n", readtest);
	}

	char patch[1] = {0xeb};
	kret = mach_vm_write(task, 0x89C442, (vm_address_t)&patch, sizeof(patch));
	if (kret!=KERN_SUCCESS)
	{
	printf("mach_vm_write() failed with message %s!\n", mach_error_string(kret));
	exit(0);
	}
	else {
	// success
	}

	return 0;
	}