I'm trying my hand at some reverse engineering, and I'm a bit stumped on how to do in-memory patching. My target binary is a simple Hello World app that's signed. So while I can easily patch the binary, gatekeeper blows up (as it should).
The string is in-memory, so I thought I'd just use posix_spawn() with POSIX_SPAWN_START_SUSPENDED, patch the memory of the process with xnumem, and resume it. For some reason, that seems to fail as well. My test code;
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <spawn.h>
#include <sys/wait.h>
#include "xnumem.h"
extern char **environ;
void run_cmd(char *cmd)
{
pid_t pid;
char *argv[] = {NULL};
int status;
printf("Run command: %s\n", cmd);
status = posix_spawn(&pid, cmd, NULL, NULL, argv, environ);
if (status == 0) {
printf("Child pid: %i\n", pid);
if (waitpid(pid, &status, 0) != -1) {
printf("Child exited with status %i\n", status);
} else {
perror("waitpid");
}
} else {
printf("posix_spawn: %s\n", strerror(status));
}
}
int main (int argc, const char * argv[]) {
char *arg;
arg = "./hello-world";
run_cmd(arg);
return 0;
}
I don't seem to be getting any errors, just a loop of;
Run command: ./hello-world
Child pid: 53209
Run command: ./hello-world
Child pid: 53210
...
and then it terminates.
Can someone point me in the right direction? How can I start a process in a suspended state, alter its memory, and resume without tripping gatekeeper?