Mac Developer: mikeash.com: Friday Q&A 2009-01-30: Code Injection
mikeash.com: Friday Q&A 2009-01-30: Code Injection: "Basically, to override NSApplicationMain, you can do something like this:
#define DYLD_INTERPOSE(_replacment,_replacee) \ __attribute__((used)) static struct{ const void* replacment; const void* replacee; } _interpose_##_replacee \ __attribute__ ((section ('__DATA,__interpose'))) = { (const void*)(unsigned long)&_replacment, (const void*)(unsigned long)&_replacee };
DYLD_INTERPOSE(_SAApplicationMain, NSApplicationMain); "
mikeash.com seems to be a particularly rich source of low-level darwin techniques. In this case, a commenter has pointed out an easy (but unsupported/not for shipping applications) technique of chaining system functions. Check lists.apple.com for reasons why it's not supported.
Use the force, er, I mean source:
opensource.apple.com/source/dyld/dyld-132.13/include/mach-o/dyld-interposing.h
And take a look at the unit tests.
Labels: DYLD_INTERPOSE, sandbox, security, store receipt validation
Post a Comment