apple-aslrtool
| Crates.io | apple-aslrtool |
| lib.rs | apple-aslrtool |
| version | 1.0.0 |
| created_at | 2024-02-07 12:09:18.72523+00 |
| updated_at | 2024-02-07 12:09:18.72523+00 |
| description | Simple utility to fetch ASLR slide on macOS >= 10.7 (recommended macOS >= 11) for x86_64 and aarch64 binaries |
| homepage | https://github.com/cvscade/apple-aslrtool |
| repository | https://github.com/cvscade/apple-aslrtool |
| max_upload_size | |
| id | 1130432 |
| size | 30,952 |
cascade! (cvscade)
documentation
README
apple-aslrtool
Simple tool to fetch the ASLR slide for a given process on Apple Silicon and Intel Mac systems.
Features
- Detect hardened runtime
- Note: If you have SIP disabled, this will always return
falseas the hardened runtime is enforced by SIP. - You can remove hardened runtime from a binary by removing its signature using
codesign --remove-signature.
- Note: If you have SIP disabled, this will always return
- Cross-architecture support (x86_64 binary can pull slide of aarch64 task and vice versa)
- Note: YOUR MILEAGE MAY VARY! arm64e is not officially supported and may require additional work on your part.
Usage
apple-aslrtool --pid=<pid>: Fetch the ASLR slide for the given process using a PID.apple-aslrtool --name=<pid>: Fetch the ASLR slide for the given process using a name. The first found task will be used. Any tasks using hardened runtime will be ignored!
You can also provide an additional --base-address flag in case you want to override the default 0x100000000 value.
Requirements
- x86_64-apple-darwin build requires macOS 10.7 or later (untested on Intel hardware)
- aarch64-apple-darwin build requires macOS >= 11.0 (tested on macOS 14 only)