Dylib - Insert

Compile:

:

int main() anti_injection_check(); // ... rest of program insert dylib

for (uint32_t i = 0; i < _dyld_image_count(); i++) const char *name = _dyld_get_image_name(i); if (is_dylib_blacklisted(name)) fprintf(stderr, "Suspicious dylib loaded: %s\n", name); exit(1);

void anti_injection_check() const char *env = getenv("DYLD_INSERT_LIBRARIES"); if (env && strlen(env) > 0) fprintf(stderr, "DYLD_INSERT_LIBRARIES detected: %s\n", env); exit(1); Compile: : int main() anti_injection_check(); //

gcc -dynamiclib -o mymalloc.dylib mymalloc.c Inject:

vmmap <PID> | grep -i dylib Unexpected dylibs (non-system, not in original binary) are suspicious. #include <mach-o/dyld.h> for (uint32_t i=0; i < _dyld_image_count(); i++) const char *name = _dyld_get_image_name(i); // Check against whitelist Compile: : int main() anti_injection_check()

// mymalloc.c #include <stdio.h> void *malloc(size_t size) printf("malloc(%zu) intercepted\n", size); return NULL; // or call real malloc