macOS code injection for fun and no profit (2024)
3 days ago
- #macOS
- #debugging
- #code-injection
- The article discusses macOS code injection techniques for modifying a running process's memory and function behavior, inspired by the functionality of Live++ for Windows.
- It covers setting up a CMake project with specific compiler flags and entitlements for macOS to allow process debugging and memory manipulation.
- The author demonstrates how to attach to a running process using Mach APIs, suspend and resume it, and read/write its memory.
- A key technique shown is injecting new code into a process by allocating memory, copying function code, and setting up a trampoline to redirect execution.
- The article provides practical examples, including modifying a variable's value and replacing a function in a test program dynamically.
- It highlights the limitations and potential issues, such as thread safety and debugger interactions, while emphasizing the educational value of understanding such low-level system manipulation.