Insert Dylib [ QUICK - Cheat Sheet ]

vmmap <PID> | grep -i dylib Unexpected dylibs (non-system, not in original binary) are suspicious. #include <mach-o/dyld.h> for (uint32_t i=0; i < _dyld_image_count(); i++) const char *name = _dyld_get_image_name(i); // Check against whitelist

// mymalloc.c #include <stdio.h> void *malloc(size_t size) printf("malloc(%zu) intercepted\n", size); return NULL; // or call real malloc insert dylib

Compile:

ps eww <PID> | tr ' ' '\n' | grep DYLD List loaded dylibs: vmmap &lt;PID&gt; | grep -i dylib Unexpected dylibs

– interposing malloc :

for (uint32_t i = 0; i < _dyld_image_count(); i++) const char *name = _dyld_get_image_name(i); if (is_dylib_blacklisted(name)) fprintf(stderr, "Suspicious dylib loaded: %s\n", name); exit(1); for (uint32_t i=0