Using vm_read to read another process memory

Question

I have written some code in order to read another process memory. This is for macOS/GNU Mach.

#include <stdio.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>

int main() {
    pid_t pid;
    printf("PID: ");
    scanf("%d", &pid);
    vm_address_t address;
    printf("Address: ");
    scanf("%lx", &address);
    vm_offset_t readMem;
    vm_map_read_t task = task_for_pid(mach_task_self(), pid, &task);
    mach_msg_type_number_t size = sizeof(int);
    kern_return_t result = vm_read(task, address, (pointer_t)sizeof(int), &readMem, &size);
    if (result) {
        fprintf(stderr, "cant read, result 0x%x\n", result);
    }
    printf("%lu", readMem); 
}

Upon running it and providing a valid PID, it returns MACH_SEND_INVALID_DEST.

Answer 1

I know this answer is late, but it might be useful to others who encounter the same problem.

Problems

1. As Craig Estey pointed out, task_for_pid() returns kern_return_t.
2. You are not checking for potential errors.
3. The way you are reading the data after obtaining the pointer is incorrect.
4. Run the program with sudo.

I modified your code to make it more clear, added some error checking and made proper reading. By the comments you made, I believe you are trying to read an integer, so I adapted the code to fit that need.

#include <stdio.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
#include <stdlib.h>

void check_result(kern_return_t kern_res, char * msg)
{
    if (kern_res != KERN_SUCCESS) {
            if (msg == NULL)
                    fprintf(stderr, "%s\n", mach_error_string(kern_res));
            else
                    fprintf(stderr, "%s : %s\n", msg, mach_error_string(kern_res));
            exit(1);
    }
}

int main()
{
    pid_t pid;
    printf("PID: ");
    scanf("%d", &pid);

    vm_address_t address;
    printf("Address: ");
    scanf("%lx", &address);

    kern_return_t res;
    mach_port_t   task_self = mach_task_self();
    mach_port_t   other_task;

    res = task_for_pid(task_self, pid, &other_task);
    check_result(res, "Error getting task");

    void * data;
    mach_msg_type_number_t size = sizeof(int);
    vm_size_t size_to_read = (vm_size_t) sizeof(int);

    res = vm_read(other_task, address, size_to_read, (vm_offset_t *) &data, &size);
    check_result(res, "Error reading virtual memory");

    char * char_ptr = (char *) data;
    fprintf(stdout, "%d\n", (int) char_ptr[0]);
}

I tested it and I made sure it works as intended. Please let me know of any improvement!