How to get a base address of a module in C++ on Os X

Question

I've been experimenting with reading/writing to memory of another process in C++ on Os X.

The issue I've been having is that I get a pointer (e.g. server.dylib+0x123AB) but I can't seem to find a way to get the memory address/base address of server.dylib dynamically in c++. Are there any methods that would be recommended to try to find it. It's probably my skill level but I've found that trying to tinker with memory on OsX has been an uphill struggle (there's very little documentation around).

Any advice would be appreciated.

Answer 1

Merlin's answer is somewhat inaccurate. ASLR is not meant to prevent you from getting addresses in runtime - it's meant to prevent you from relying on FIXED addresses (i.e. when code injection). If you can already execute code, you can definitely get addresses (heck, GDB does, why can't you?)

DYLD exposes a very rich API (, and dyld_images.h) which enables you to easily get a list of all the images loaded into a process address space either from within the process or from outside of it. You can also get the "slide" , which is the ASLR offset used. This is, however, assuming you're already running code on that machine - i.e. it won't work when injecting code.

Answer 2

Part of OSX security is a technique known as ASLR (Address Space Layout Randomisation). This ensures that images are loaded into random areas of a process's address space to try to prevent malware exploitation. It is present in both the kernel and user space processes.

You can read more about it ASLR here

If you search google, you'll be able to find more information relevant to OSX, such as this article

If as you say, you're just experimenting, run the target process with gdb and you'll be able to find out the memory address of the dylib, after it has been loaded, which you can then use in your test program.