Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/steven-michaud/HookCase
Tool for reverse engineering macOS/OS X
https://github.com/steven-michaud/HookCase
assembly-language c-plus-plus dyld kernel-modules mach-o macos macosx objective-c-plus-plus reverse-engineering
Last synced: about 2 months ago
JSON representation
Tool for reverse engineering macOS/OS X
- Host: GitHub
- URL: https://github.com/steven-michaud/HookCase
- Owner: steven-michaud
- Created: 2017-04-28T17:18:18.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-10-10T14:26:00.000Z (2 months ago)
- Last Synced: 2024-10-13T20:42:46.693Z (about 2 months ago)
- Topics: assembly-language, c-plus-plus, dyld, kernel-modules, mach-o, macos, macosx, objective-c-plus-plus, reverse-engineering
- Language: C++
- Size: 701 KB
- Stars: 740
- Watchers: 33
- Forks: 110
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - steven-michaud/HookCase - Tool for reverse engineering macOS/OS X (C++)
README
# HookCase
HookCase is a tool for debugging and reverse engineering applications
on macOS (aka OS X), and the operating system itself. It re-implements
and extends
[Apple's `DYLD_INSERT_LIBRARIES` functionality](https://books.google.com/books?id=K8vUkpOXhN4C&pg=PA73&lpg=PA73&dq="dyld+interposing"+Singh.).
It can be used to hook any method in any module (even non-exported
ones, and even those that don't have an entry in their own module's
symbol table). In a single operation, it can be applied to a parent
process and all its child processes, whether or not the child
processes inherit their parent's environment. It supports
watchpoints. So HookCase is considerably more powerful than
`DYLD_INSERT_LIBRARIES`. It also doesn't have the restrictions Apple
has placed on `DYLD_INSERT_LIBRARIES`. So, for example, HookCase can
be used with applications that have
[entitlements](https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html).
HookCase runs on OS X 10.9 (Mavericks) through macOS 14 (Sonoma).Steven Michaud, 10/2023
## Table of Contents
* [What's New](0-whats-new.md)
* [More About HookCase](1-more-about.md)
* [Building](2-building.md)
* [Installing](3-installing.md)
* [Using](4-using.md)
* [Resources](5-resources.md)
* [Example Hook Libraries](6-examples.md)