With kexts we could to vm_read/vm_write, is there a similar way for Endpoint Security?
Asked
Active
Viewed 173 times
0
1 Answers
0
No, you cannot generally obtain other processes' task ports in an Endpoint Security system extension, so while the API exists (mach_vm_read() etc.) you can typically only obtain the task port for child processes, or if a process sends its own task port to your process via a Mach message.
pmdj
- 22,018
- 3
- 52
- 103