procexp on macOS Sierra

Used for discussing the various tools in the book as well as encouraging members to share tools

procexp on macOS Sierra

Postby duncanyoyo1 » Wed Sep 21, 2016 5:27 pm

So, when I try to run procexp on my MacBook Pro running macOS Sierra ( the final that came out on the 20th of Sep.2016 ) it just gives me
Code: Select all
Bad system call: 12

I read that because of SIP it couldn't do some stuff, but I already had SIP turned off.
The only things I have done to the binary was move it into my /bin directory and give it global RWX permissions. It gives me the same error when ran as a user or root
When I run it with the vmmon flag it seems to run, but I haven't dug any further. Otherwise, if I use no flags it just gives me the Bad System Call error. Any help on this would be appreciated.
duncanyoyo1
 
Posts: 2
Joined: Wed Sep 21, 2016 5:55 am

Re: procexp on macOS Sierra

Postby morpheus » Wed Sep 21, 2016 7:11 pm

so the bad syscall is because of stack_snapshot (#365) being unilaterally removed by AAPL without asking me. $#%#$%#$. I had a {perror(); exit();} which is why procexp exits. I just updated version so as to remove this; won't do stacks (yet, until I update to stack_snapshot_with_config), but won't exit either.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: procexp on macOS Sierra

Postby duncanyoyo1 » Wed Sep 21, 2016 11:18 pm

Great information, thank you!
duncanyoyo1
 
Posts: 2
Joined: Wed Sep 21, 2016 5:55 am


Return to Tools

Who is online

Users browsing this forum: No registered users and 5 guests