Location: | Projects | Mac Function Interception

Überhip

"Damn fine coffee! And hot!" - FBI Special Agent Dale Cooper

Mac OS X Function Interception/Interposing

Introduction

Some time ago I did a presentation on Linux Function Interception. It has been a fairly popular resource for those interested in security or virtualization techniques. The other day, I was reading through Amit Singh’s Mac OS X Internals and came across the section on dyld interposing and realized that its essentially the same trick as in my Linux post. So, I thought I would rehash the Linux post for Mac fans and toss in a few introductory tips for using Mac tools.

Introduction to Mac Tools

I will quickly cover just a few basic OS X command line tools. First, a handy tool to know about is otool, it has functionality similar to ldd in Linux. When called on an executable with the -L option it will show you the list of dynamic libraries the executable is linked to:

zig:~ godber$ otool -L `which xclock`
/usr/X11R6/bin/xclock:
        /usr/X11R6/lib/libXft.2.dylib (compatibility version 2.1.0, current version 2.1.0)
        /usr/X11R6/lib/libfontconfig.1.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/X11R6/lib/libfreetype.6.dylib (compatibility version 6.3.0, current version 6.3.0)
        /usr/X11R6/lib/libexpat.0.dylib (compatibility version 0.4.0, current version 0.4.0)
        /usr/X11R6/lib/libXrender.1.dylib (compatibility version 1.2.0, current version 1.2.0)
        /usr/X11R6/lib/libXaw.7.dylib (compatibility version 7.0.0, current version 7.0.0)
        /usr/X11R6/lib/libXmu.6.dylib (compatibility version 6.2.0, current version 6.2.0)
        /usr/X11R6/lib/libXt.6.dylib (compatibility version 6.0.0, current version 6.0.0)
        /usr/X11R6/lib/libSM.6.dylib (compatibility version 6.0.0, current version 6.0.0)
        /usr/X11R6/lib/libICE.6.dylib (compatibility version 6.3.0, current version 6.3.0)
        /usr/X11R6/lib/libXpm.4.dylib (compatibility version 4.11.0, current version 4.11.0)
        /usr/X11R6/lib/libXext.6.dylib (compatibility version 6.4.0, current version 6.4.0)
        /usr/X11R6/lib/libX11.6.dylib (compatibility version 6.2.0, current version 6.2.0)
        /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.3.4)

Blah blah blah

Welcome!

Uberhip.com is Austin Godber's technical site. You will mainly find Open Source, Linux, Programming or Technology related things here.

Pages:

Random Tidbits:

06.03.1039
Henry III becomes Holy Roman Emperor.

Skype Status:

Sitemap | Blog Feed | Back to top
© 2008 Austin Godber | Generated by webgen | Design by Andreas Viklund