calling task_for_pid on MAC OS X

from mac 10.5 on, task_for_pid fails if the calling process has no root privilege.

today I wrote a small app that needs this function, so I decided to make it run.

Finding out the web , I found the result.

There are something wrong or outdated on sites talk about it, so I wrote this article to helper those meet this problem.

Just follow these steps:

1. Find your .plist file in XCode and add a new entry “SecTaskAccess” and set it to string value “allowed”. Make sure the Info.plist file generated in your bundle actually has this value in it.

2. You need get a real code signing certificate NOT a self made one. Some websites are still talking making a self-signed certificate. This is outdated. An iphone certificate is OK while I think a MAC dev center certificate is better.

3. Make XCode sign the executable during the build process, or sign it yourself manually using the codesign command line utility.

4.Call the following method before making calls to task_for_pid()

 
#include <Security/Authorization.h>
 
int acquireTaskportRight()
{
OSStatus status;
AuthorizationItem taskport_item = {"system.privilege.taskport"};
AuthorizationRights rights = {1, &taskport_item}, *out_rights = NULL;
AuthorizationRef author;
AuthorizationFlags authorizationFlags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize	|
kAuthorizationFlagInteractionAllowed | (1 << 5);
status = AuthorizationCreate(NULL,   kAuthorizationEmptyEnvironment, authorizationFlags, &author);
if (status != errAuthorizationSuccess) {  return -1;  }
status = AuthorizationCopyRights(author, &rights, kAuthorizationEmptyEnvironment,
authorizationFlags, &out_rights);
if (status != errAuthorizationSuccess) {  return -2;  }
return 0;
}

NOTE:

If you’re writing a command-line tool which has no info.plist file, you should make one and add the following arguments to your link command:

-sectcreate __TEXT   __info_plist  Info.plist.file.path

where Info.plist.file.path is the path to the Info.plist file.
此条目发表在MAC, 开发分类目录。将固定链接加入收藏夹。

1 则回应给 calling task_for_pid on MAC OS X

  1. wanghui说:

    在越狱机器上调用这个方法可以吗?我在越狱机器上使用,总是失败。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

*