Fix enumerating loaded process modules on Apple platforms (#5487)

davidwrighton · web-flow · commit 84b028b7d7da · 2025-05-21T17:24:52.000-07:00
- This logic always assumed that the lowest address of a mapped file was its "base address", but in the presence of dotnet/runtime#114462 that is no longer correct. We may map stubs at lower addresses. - Fix by checking the start of the mapped region for the magic value for the start of a MachO binary
diff --git a/src/shared/pal/src/thread/process.cpp b/src/shared/pal/src/thread/process.cpp
@@ -2371,7 +2371,10 @@ CreateProcessModules(
             }
         }
 
-        if (!dup)
+        // Does the offset in the module correspond to a valid MachO header?
+        bool mightBeMachOHeader = rwpi.prp_prinfo.pri_offset == 0;
+
+        if (!dup && mightBeMachOHeader)
         {
             int cbModuleName = strlen(moduleName) + 1;
             ProcessModules *entry = (ProcessModules *)malloc(sizeof(ProcessModules) + cbModuleName);

Original file line number	Diff line number	Diff line change
`@@ -2371,7 +2371,10 @@ CreateProcessModules(`
`2371`	`2371`	`}`
`2372`	`2372`	`}`
`2373`	`2373`
`2374`		`- if (!dup)`
	`2374`	`+ // Does the offset in the module correspond to a valid MachO header?`
	`2375`	`+ bool mightBeMachOHeader = rwpi.prp_prinfo.pri_offset == 0;`
	`2376`	`+`
	`2377`	`+ if (!dup && mightBeMachOHeader)`
`2375`	`2378`	`{`
`2376`	`2379`	`int cbModuleName = strlen(moduleName) + 1;`
`2377`	`2380`	`ProcessModules entry = (ProcessModules )malloc(sizeof(ProcessModules) + cbModuleName);`