from mac 10.5 on, task_for_pid fails if the calling process has no root privilege.
today I wrote a small app that needs this function, so I decided to make it run.
Finding out the web , I found the result.
There are something wrong or outdated on sites talk about it, so I wrote this article to helper those meet this problem.
Just follow these steps:
1. Find your .plist file in XCode and add a new entry “SecTaskAccess” and set it to string value “allowed”. Make sure the Info.plist file generated in your bundle actually has this value in it.
2. You need get a real code signing certificate NOT a self made one. Some websites are still talking making a self-signed certificate. This is outdated. An iphone certificate is OK while I think a MAC dev center certificate is better.
3. Make XCode sign the executable during the build process, or sign it yourself manually using the codesign command line utility.
4.Call the following method before making calls to task_for_pid()
#include <Security/Authorization.h> int acquireTaskportRight() { OSStatus status; AuthorizationItem taskport_item = {"system.privilege.taskport"}; AuthorizationRights rights = {1, &taskport_item}, *out_rights = NULL; AuthorizationRef author; AuthorizationFlags authorizationFlags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | kAuthorizationFlagInteractionAllowed | (1 << 5); status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, authorizationFlags, &author); if (status != errAuthorizationSuccess) { return -1; } status = AuthorizationCopyRights(author, &rights, kAuthorizationEmptyEnvironment, authorizationFlags, &out_rights); if (status != errAuthorizationSuccess) { return -2; } return 0; } |
NOTE:
If you’re writing a command-line tool which has no info.plist file, you should make one and add the following arguments to your link command:
-sectcreate __TEXT __info_plist Info.plist.file.path
在越狱机器上调用这个方法可以吗?我在越狱机器上使用,总是失败。