I'm hacking around, and trying to make some simple modification tools, and running into difficulty.

I'd like to be able to open a task, and read/write its memory without having to be root, and/or entering the root password each time the application is executed.

Currently, the choke-point appears to be task_for_pid. You start the task as normal for BSD/*nix, and for your efforts you receive the new task's PID. Now, to be able to modify the new task's code space, you must have the task_t struct. The only way to GET this, is through the task_for_pid function. This function has been used for rootkits and other malicious activity throughout the years, so it has been locked down.

My question: Does anyone know a non-driver (kext) way of getting this info, or a way or circumventing these requirements?