Using the functions find_main_binary
and get_image_size
from Attach.mm
in the source code of MachOView, you can get the ASLR slide of the process if you have the process' pid and you have root privileges like so:
pid_t pid = ...;
mach_vm_address_t main_address;
if(find_main_binary(pid, &main_address) != KERN_SUCCESS) {
printf("Failed to find address of header!\n");
return 1;
}
uint64_t aslr_slide;
if(get_image_size(main_address, pid, &aslr_slide) == -1) {
printf("Failed to find ASLR slide!\n");
return 1;
}
printf("ASLR slide: 0x%llx\n", aslr_slide);
I have made this into a small utility called get_aslr.