I want to take a snapshot of memory of process in action on mac. I have no idea how to do it.
I have IDA-PRO for mac with me. Can it be used? How?
Can anyone suggest me a way to do this? (some documentation or example). May be some techniques from uni can be used but I am also not aware of that.
I dont want to kill the process as I want to see whats changing after execution of instructions/commands.
You can send a signal to a running process to dump core into a file, which can be used with gdb later for postmortem analysis.
kill -ABRT <process-id>
It seems that you must configure your system to enable core dump. See http://developer.apple.com/library/mac/#technotes/tn2124/_index.html for details.
UPDATE:
Well, above link introduces a third party implementation of gcore, a command line tool to make a core dump of running processes:
http://www.osxbook.com/book/bonus/chapter8/core/
You may just want to grab the source and try:
http://www.osxbook.com/book/bonus/chapter8/core/download/gcore-1.3.tar.gz
To make a single FAT binary to use with ppc/i386/x86_64, just modify following lines from Makefile:
gcore: gcore.c
gcc -O2 -arch ppc -arch i386 -Wall -o $@ $<
as:
gcore: gcore.c
gcc -O2 -arch ppc -arch i386 -arch x86_64 -Wall -o $@ $<