Yi Liu liuyi12138

🤡

HaHa

liuyi12138 / dlhook.cpp

Created February 16, 2023 07:03 — forked from jakobrs/dlhook.cpp

	#include <dlfcn.h>
	#include <mach-o/dyld-interposing.h>

	void dyld_func_lookup(const char name, void *address);
	void dlopen_from(const char file, int mode, void *caller) __attribute__((weak));

	void dlopen_post_hook(const char file, int mode, void caller, void *result);

	void interposed_dlopen(const char file, int mode) {
	void *caller = __builtin_extract_return_addr(__builtin_return_address(0));

liuyi12138 / EndpointSecurityDemo.m

Created January 3, 2023 06:48 — forked from Omar-Ikram/EndpointSecurityDemo.m

A demo of using Apple's EndpointSecurity framework - tested on macOS Monterey 12.2.1 (21D62)

	//
	// main.m
	// EndpointSecurityDemo
	//
	// Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
	// Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
	// Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
	// Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
	// Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
	// Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)

	#include <dlfcn.h>
	#include <mach-o/dyld-interposing.h>

	void dyld_func_lookup(const char name, void *address);
	void dlopen_from(const char file, int mode, void *caller) __attribute__((weak));

	void dlopen_post_hook(const char file, int mode, void caller, void *result);

	void interposed_dlopen(const char file, int mode) {
	void *caller = __builtin_extract_return_addr(__builtin_return_address(0));