mach_inject enables you to "inject" code into an arbitrary process on Mac OS X. "Injection" means both 1) copying over the necessary code into the target's address space and 2) remotely creating a new thread to execute the code.
Code injection is tricky business. You should be familiar with assembly and runtime calling conventions (ABIs) before using mach_inject.
mach_inject is certainly not bug free and patches are extremely welcome, but the onus is on you when things don't work. Please don't file a bug report stating mach_inject is crashing for you when you try to use it -- you have to be hard-core enough to debug the problem yourself.
Please base your work off the unstable branch. Then submit your Pull Request.
-
[NEW] Add demo project (Erwan Barrier)
-
[CHANGE] Switch from
__pthread_set_self
to_pthread_set_self
on 10.12. (wzqcongcong, rentzsch) -
[FIX] Adjust stack alignment for 10.9 to avoid crash. issue 5 (Giovanni Donelli)
-
[FIX] Comment out fprintf for 10.10 and genericize
CODE_SIGN_IDENTITY
. issue 13 (Rainburst) -
[FIX] Add error check. (Nat!)
-
[NEW] i386 and x86_64 support.
-
[CHANGE] Decoupled from mach_star. Most of folks were just using the side or the other of mach_star and this simplifies things (docs, tests).
-
General Xcode 2.2 project cleanup. mach_star now includes
.xcodeproj
Xcode 2.2 project files for all of its projects. The old.xcode
project files have been left in place, but they aren't maintained and may not work. Xcode 2.2 is the recommended mach_star development environment -- Xcode 2.1 had a bug with inter-project dependancies which would cause compilation failure. It works now again in Xcode 2.2. -
Inter-project dependancies should working under Xcode 2.2. Any project you pick, you should just be able to hit the "Build" button and everything should Just Work™.
-
There was a stray reference to my username in one of the project, which causes compilation headaches for some folks.
-
Bug fix: in
mach_inject_bundle.c
'smach_inject_bundle_pid()
I no longer callCFRelease()
on the framework bundle reference. Reported by Scott Kevill. -
Added some explicit casts now required by gcc 4.
-
Added this document.
-
New package added:
mach_inject_bundle
. It has a private subproject:mach_inject_bundle_stub
. The stub is a generic reusable implementation of the code that gets squirted across the address spaces, which was always tricky to write.mach_inject_bundle
is an embeddable framework that wrapsmach_inject
and the stub with a simple fire-and-forget API. -
The "DisposeWindowBeeperOverride" example is replaced by "DisposeWindow+Beep".
-
The "FinderDisposeWindowBeeperInjector" is replaced by "DisposeWindow+Beep_Injector".
-
All the text is now wrapped to 80 chars wide. Done to print nicely in Scott Knaster's Hacking Mac OS X Tiger. Probably will undo this word-wrap in the future. We all have widescreens nowadays, right? ;-)
-
Thanks to Jon Gotow for letting me peek at
SCPatch
, which I used as a guide formach_inject_bundle
. It saved me a bunch of time. Also thanks to Bob Ippolito forCALL_ON_LOAD
assistance.
- Initial release at MacHack 2003.