Is it possible to read/write another process' memory using the new Apple Endpoint Security Framework?

225 Views Asked by At

With kexts we could to vm_read/vm_write, is there a similar way for Endpoint Security?

1

There are 1 best solutions below

0
On

No, you cannot generally obtain other processes' task ports in an Endpoint Security system extension, so while the API exists (mach_vm_read() etc.) you can typically only obtain the task port for child processes, or if a process sends its own task port to your process via a Mach message.