Hook & Inject methods - hewigovens/hewigovens.github.com GitHub Wiki

Hooking & Code injection is pain and fun, Here is a collection of this topics

###dynamic library

• dyld DYLD_INSERT_LIBRARIES environment variable
• dyld DYLD_INTERPOSE marco
• fishhook

###bundle loading

• Scripting Additions & Input Manager

###mach-o

• LC_LOAD_DYLIB command

###Mach VM API

• mach_inject/mach_override

###kernel extension

• syscall hijack

###objc-runtime

• MethodSwizzling

===

Anti-Hook/dyld

• Blocking Code Injection on iOS and OS X

There are three ways to flag a binary as "restricted" to the dynamic linker.

• Set restricted status by entitlements
• • This option is only available to applications on OS X with special entitlements.
• setuid and setgid
• • Any application that makes these two calls are going to be marked as restricted by the linker as a security measure.
• Restricted Segment of Header
• • The final way to mark a binary as restricted is by telling the linker to add new section to the binary header that is named "__RESTRICT" and has a section named "__restrict" when you compile it. This can be done in Xcode by adding the following flags into your "Other Linker Flags"

-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null

This segment type is not mentioned anywhere on Apple's documentation for the Mach-O ABI. Google results for how it works are also very sparse. The only place that this can be found documented is actually in the source code for dyld.