Skip to content

Tool for reverse engineering macOS/OS X

Notifications You must be signed in to change notification settings

fengjixuchui/HookCase

 
 

Repository files navigation

HookCase

HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple's DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method in any module (even non-exported ones, and even those that don't have an entry in their own module's symbol table). In a single operation, it can be applied to a parent process and all its child processes, whether or not the child processes inherit their parent's environment. It supports watchpoints. So HookCase is considerably more powerful than DYLD_INSERT_LIBRARIES. It also doesn't have the restrictions Apple has placed on DYLD_INSERT_LIBRARIES. So, for example, HookCase can be used with applications that have entitlements. HookCase runs on OS X 10.9 (Mavericks) through macOS 14 (Sonoma).

Steven Michaud, 10/2023

Table of Contents

About

Tool for reverse engineering macOS/OS X

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 81.2%
  • Objective-C++ 8.3%
  • C 5.4%
  • Assembly 4.6%
  • Makefile 0.5%