Lib.rs

Operating systemsmacOS and iOS APIs
#macos #slide #fetch #x86-64 #process #aarch64 #aslr

app apple-aslrtool

Simple utility to fetch ASLR slide on macOS >= 10.7 (recommended macOS >= 11) for x86_64 and aarch64 binaries

Owned by cvscade.

1 stable release

1.0.0 Feb 7, 2024

#32 in macOS and iOS APIs

MIT/Apache

11KB
119 lines

apple-aslrtool

Simple tool to fetch the ASLR slide for a given process on Apple Silicon and Intel Mac systems.

Features

  • Detect hardened runtime
    • Note: If you have SIP disabled, this will always return false as the hardened runtime is enforced by SIP.
    • You can remove hardened runtime from a binary by removing its signature using codesign --remove-signature.
  • Cross-architecture support (x86_64 binary can pull slide of aarch64 task and vice versa)
    • Note: YOUR MILEAGE MAY VARY! arm64e is not officially supported and may require additional work on your part.

Usage

  • apple-aslrtool --pid=<pid>: Fetch the ASLR slide for the given process using a PID.
  • apple-aslrtool --name=<pid>: Fetch the ASLR slide for the given process using a name. The first found task will be used. Any tasks using hardened runtime will be ignored!

You can also provide an additional --base-address flag in case you want to override the default 0x100000000 value.

Requirements

  • x86_64-apple-darwin build requires macOS 10.7 or later (untested on Intel hardware)
  • aarch64-apple-darwin build requires macOS >= 11.0 (tested on macOS 14 only)

Dependencies

~3.5MB
~77K SLoC