Comments (11)
I just noticed that when I change the protection type to "Write", Bit Slicer "survives" a bit longer. I see the progress circle in the lower right corner start to do something before it crashes. When protection type is "All", the crash is truly instant.
from bit-slicer.
Hm. Do you have the full crash log?
Does it only occur on a specific app/game?
If you run a deep codesign verification check in Terminal on Bit Slicer, what does it output (and does it fail)? (assuming Bit Slicer is in /Applications/)
codesign -vvv --verify --deep /Applications/Bit\ Slicer.app/
If it fails, it means the application on disk was likely modified / hampered / corrupt, which may result in a bad code signature.
There is also a pre-release of version 1.7.10 here: https://github.com/zorgiepoo/Bit-Slicer/releases but other than it being compiled more recently, I haven't seen this issue before.
from bit-slicer.
The codesign verification passes:
--prepared:/Applications/Bit Slicer.app/Contents/MacOS/yasm
--validated:/Applications/Bit Slicer.app/Contents/MacOS/yasm
--prepared:/Applications/Bit Slicer.app/Contents/Frameworks/ShortcutRecorder.framework/Versions/Current/.
--prepared:/Applications/Bit Slicer.app/Contents/Frameworks/Sparkle.framework/Versions/Current/.
--prepared:/Applications/Bit Slicer.app/Contents/Frameworks/DDMathParser.framework/Versions/Current/.
--prepared:/Applications/Bit Slicer.app/Contents/Frameworks/HexFiend.framework/Versions/Current/.
--validated:/Applications/Bit Slicer.app/Contents/Frameworks/DDMathParser.framework/Versions/Current/.
--prepared:/Applications/Bit Slicer.app/Contents/Frameworks/Python.framework/Versions/Current/.
--validated:/Applications/Bit Slicer.app/Contents/Frameworks/HexFiend.framework/Versions/Current/.
--validated:/Applications/Bit Slicer.app/Contents/Frameworks/ShortcutRecorder.framework/Versions/Current/.
--validated:/Applications/Bit Slicer.app/Contents/Frameworks/Sparkle.framework/Versions/Current/.
--validated:/Applications/Bit Slicer.app/Contents/Frameworks/Python.framework/Versions/Current/.
/Applications/Bit Slicer.app/: valid on disk
/Applications/Bit Slicer.app/: satisfies its Designated Requirement
Is there anything in particular from the crash report you'd want to see? I hesitate to include the entire report, given that there's potentially sensitive information in that report.
I think it's possible that there are some IT security based services that could possibly be in play here as well. The crash happens on a machine that uses SentinelOne security software, while the other machine where it doesn't crash is a standard, unmanaged machine.
For what it's worth, the recently released Cheat Engine for macOS has no issues searching for and modifying locations on memory.
I'll see if the 1.7.10 pre-release crashes as well and report back.
from bit-slicer.
Here's a section of the crash report from the pre-release:
System Integrity Protection: enabled
Notes: Translocated Process
Crashed Thread: 6 Dispatch queue: com.apple.root.default-qos
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x000000010f61a000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x2
I don't recall, but should SIP be disabled for Bit Slicer to work properly? I'm pretty sure on the machine where Bit Slicer works, SIP is disabled.
from bit-slicer.
Is there anything in particular from the crash report you'd want to see? I hesitate to include the entire report, given that there's potentially sensitive information in that report.
The backtrace of the crashed thread if there is one so I can see the spot in code that triggered this violation. And the state of the registers. You can strip/replace any paths or the names that you see there that is sensitive information (some of the generated crash log may already be stripped of sensitive information.)
I think it's possible that there are some IT security based services that could possibly be in play here as well. The crash happens on a machine that uses SentinelOne security software, while the other machine where it doesn't crash is a standard, unmanaged machine.
SIP or 3rd party kexts installed could potentially impact things.
I don't recall, but should SIP be disabled for Bit Slicer to work properly? I'm pretty sure on the machine where Bit Slicer works, SIP is disabled.
If the application is not opted into the Hardened Runtime (or similar security enforcement), then no, it should not be required to disable SIP. Increasingly, more applications are opting into Hardened Runtime and it might be required these days for developers notarizing their applications.. So the answer is generally becoming "yes".
from bit-slicer.
The other piece of interesting information is if this issue is isolated to targeting this one app/game. If Cheat Engine works fine, it may be some specific code in Bit Slicer triggering it (or a different configuration or SIP being disabled with that test).
from bit-slicer.
https://scrivener.tenderapp.com/help/kb/macos-troubleshooting/known-issues-2
Crash on launch with CODESIGNING error
Symptoms
Scrivener or Scapple crashes when launching the software. The crash log will contain the following information toward the top of the report:
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x000000010fb275c0
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x2
Further in the report, the appearance of the text "sentinel" will appear, followed by a string of numbers, followed by ".dylib". For example: sentinel-4581354897452564.dylib.
Cause
This crash is caused by a conflict with an older version of SentinelOne security software. Some unknown process in that software is causing Scrivener and Scapple to fail the code signing check (which is used by Apple to verify the authenticity of your software), despite our software all being correctly code signed and notarised.
Workaround
The most recent versions of SentinelOne have been patched to fix the conflict that was causing hardened software like our to crash. You should update to this version, or submit a request to your IT department to do so.
If you are working in a context where SentinelOne cannot be updated, you may download an older version of Scrivener 3.1.1 or Scapple 1.3.1, which both have a lower level of security, but should function in tandem with SentinelOne.
Please do note that this version uses an outdated activation system, tied to a company that is no longer in business. When their activation servers go down, you may have to manually cancel activation every time the software is launched. We apologise for this inconvenience.
Hah, this actually surprises me. Well I suppose that is worth checking too.
from bit-slicer.
As Scrivener's page notes, you may want to see "sentinel" followed by ".dylib" is in the crash log somewhere (eg sentinel-4581354897452564.dylib)
from bit-slicer.
More info here bdkjones/CodeKit#520
Please let me know if the sentinel dylib is in the crash log and you have SIP enabled. Bit Slicer opts into Hardened Runtime, so it should not normally be possible for code to be injected into Bit Slicer (when SIP is enabled), unless perhaps they also install a kernel extension (kext) of their own.
from bit-slicer.
Sentinel is indeed in the crash log:
0x1098f2000 - 0x109911fff +sentinel.dylib (0) <BF124B80-0B07-3D96-AC17-A73211284B1D> /usr/local/lib/sentinel.dylib
SIP is enabled on the machine where Bit Slicer crashes.
At this point, I think it's fair to say that Sentinel is the cause of the crash.
And Sentinel does have their own kext:
Sentinel:
Version: 4.3.0
Last Modified: 10/8/18, 9:54 AM
Bundle ID: com.sentinelone.sentinel-kext
Notarized: Yes
Loaded: Yes
Obtained from: Identified Developer
Kind: Intel
Architectures: x86_64
64-Bit (Intel): Yes
Location: /Library/Extensions/Sentinel.kext
Kext Version: 3277
Load Address: 18446743521879093000
Loadable: Yes
Dependencies: Deprecated
Signed by: Developer ID Application: Sentinel Labs Inc. (4AYE5J54KN), Developer ID Certification Authority, Apple Root CA
from bit-slicer.
Thanks for the info and confirming this. This is more problematic by the fact that Bit Slicer is code signed (as it should be), but at this point I don't think there's anything I can do here. Kernel extensions like these were deprecated if I recall correctly and future versions of macOS (maybe Big Surr or something?) may stop loading them at least when SIP is enabled. Otherwise if version 4.3.0 is out of date and a newer version does "fix" this issue you may need to get their software updated. Other software like Scrivener is also impacted.
from bit-slicer.
Related Issues (20)
- Memory cannot be searched because it may be running with elevated privileges. HOT 5
- Threading for a lot of While loops HOT 3
- Bit Slicer suddenly doesn't work for any app HOT 7
- [Feature Request] Can you add a feature that we can see decimal value in memory viewer or debugger. HOT 1
- Group-Search function HOT 3
- "<game name> memory cannot be searched due to system protections." HOT 5
- Support code injection for Apple Silicon HOT 3
- use external python or use pip of internal python HOT 6
- debugger defaults to ARM on x86 executable HOT 7
- Add closable section of variables HOT 1
- Allow use of symbol() function in variable address field HOT 5
- Feature request: Searching for multiples HOT 2
- Addresses not corresponding to addresses in ROM HOT 1
- ~1MB difference in 1.7.12 DMG file sizes HOT 6
- Need more guide of Scripting
- Scripts fail to edit/open in IDLE HOT 20
- Feature Request: Nearby Search HOT 9
- Feature Request: Searching in Memory Viewer
- 1.8 Alphas HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bit-slicer.