A dynamic macOS dylib injector. This method uses a bootstrapping module since mach_inject doesn't fully emulate library loading and crashes when loading complex modules.
mach_injectwas taken fromrentzsch/mach_inject. Thanks!testappis a sample app to inject intotestdylibis a sample dylib to inject into an appbootstrapis a dylib that is initially injected to load another dylib (e.g.testdylib)
You can compile osxinject by running the following set of commands.
git clone https://github.com/RPwnage/osxinject/
cd osxinject
cd Source
xcodebuild -project osxinj/osxinj.xcodeproj/ -scheme osxinj build
xcodebuild -project bootstrap/bootstrap.xcodeproj/ -scheme bootstrap build
You'll be given a small executable, with 2 shown hardcoded memory addresses, leading to an integer and a boolean object in memory (/Samples/SimpleExecutable/testapp/). Keep in mind that this executable was configured to be built without address randomization, so to do this kind of patching on your own executables/projects might require modifications in the build process.
Using the given dylib source (/Samples/SimpleApplication/testdylib) you'll be able to hook into the program, create a reference to the integer and boolean objects by creating a pointer to the shown addresses, and then printing out the values.
This a fork of this original repo