Need help with rwmem?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

133 Stars 17 Forks 26 Commits 0 Opened issues


Read and write physical memory on OS X

Services available


Need anything else?

Contributors list

# 70,612
Common ...
15 commits

Dangerous Software!

Read and Write physical memory on OS X

This ~~can~~ WILL crash your machine!

  • [X] No safety checks
  • [X] No validation of content
  • [X] No restrictions on where things are written (other than SMM, etc)
  • [X] No warranty

The purpose of this tool is to read and write physical memory addresses of the running system. It is possible to crash the machine by writing to arbitrary pages, corrupt the kernel, mess up memory mappings, etc. It is not recommended for novice users. This is probably not the chainsaw/sledgehammer/atomic-bomb that you're looking for.

Loading the

gives any root process the ability to poke anywhere on the system. It is basically a deliberate backdoor in the kernel. You can download it from Snare's site, if you trust him more than the one bundled in this repository:


After installing the

file, load the kernel extension as root:
sudo kextutil /System/Library/Extensions/DirectHW.kext

Read your machine's serial number:

sudo ./rdmem 0xffffff00 256 | xxd -g 1

Read the "BIOS Region" of your boot ROM for analysis (the flash descriptor, Intel management engine and gig-e sections show up as all 0xFF):

sudo ./rdmem 0xff990000 0x670000 > mac-bios.bin


  • Reading the SMM region will cause the kernel to panic.
  • Reading the PCI BAR regions byte at a time with
    will will generate all 0xFF since the byte-wise access is not defined.
    will do the right thing with their copy routine.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.