tinyhook

A tiny macOS inline hook framework

Functions

Inline hook

/*
hook `function` to `destination`, store the original pointer in `origin`
- `origin` can be NULL
*/
int tiny_hook(void *function, void *destination, void **origin);

/*
create a backup of original function head after hooking
then use `tiny_unhook` to remove the hook
 */
int tiny_hook_ex(th_bak_t *bak, void *function, void *destination, void **origin);

int tiny_unhook_ex(th_bak_t *bak);

/* interpose a symbol in a given image */
int tiny_interpose(uint32_t image_index, const char *symbol_name, void *replacement);

/* insert a function call (bl / call) at `address`, auto select far or near */
int tiny_insert(void *address, void *destination);

Objective-C runtime hook

/* similar to `tiny_hook`, but for objc */
int ocrt_hook(const char *cls, const char *sel, void *destination, void **origin);

/* swap two objc methods */
int ocrt_swap(const char *cls1, const char *sel1, const char *cls2, const char *sel2);

/*
get implemention of an objc method
- available types are: '+' (class method), '-' (instance method)
*/
void *ocrt_impl(char type, const char *cls, const char *sel);

/* get method struct pointer from name */
Method ocrt_method(char type, const char *cls, const char *sel);

Read and write memory

int read_mem(void *destination, const void *source, size_t len);

int write_mem(void *destination, const void *source, size_t len);

Get function address from name

/* get symbol address from symbol table (LC_SYMTAB) */
void *symtbl_solve(uint32_t image_index, const char *symbol_name);

/* get symbol address from export table (LC_DYLD_INFO) */
void *symexp_solve(uint32_t image_index, const char *symbol_name);

Examples

make test

Details are in test.

References

Thanks to these projects for their inspiring idea and code!

• https://github.com/rodionovd/rd_route
• https://github.com/GiveMeZeny/fde64
• https://github.com/facebook/fishhook