Skip to content

A simple set of POCs to demonstrate in-memory loading of Mach-O's like Wechat or something, so that you can do remote injection.

Notifications You must be signed in to change notification settings

triste24/MachOLoader

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

MachOLoader

A simple set of POCs to demonstrate in-memory loading of Mach-O's like Wechat or something, so that you can do remote injection.

  • Patch up dyld for in-memory loading of Mach-O bundles.

Usage

//backup exe
mv /Applications/WeChat.app/Contents/MacOS/WeChat /Applications/WeChat.app/Contents/MacOS/Backup

//move loader to exe path
cp ./MachOLoader /Applications/WeChat.app/Contents/MacOS/Wechat 

//check codesign
codesign -vvd /Applications/WeChat.app/Contents/MacOS/WeChat

//run wechat
/Applications/WeChat.app/Contents/MacOS/WeChat

/*
module name=/private/var/folders/b1/0fd1b6hs7lz0fm_mh346lybm0000gn/T/NSCreateObjectFileImageFromMemory-dCPkDRql
Invoking loaded function at 0x110d74324(10fb80000+11f4324)... hold onto your butts....!!
*/

//restore exe
mv /Applications/WeChat.app/Contents/MacOS/Backup /Applications/WeChat.app/Contents/MacOS/WeChat

//check codesign
codesign -vvd /Applications/WeChat.app/Contents/MacOS/WeChat

About

A simple set of POCs to demonstrate in-memory loading of Mach-O's like Wechat or something, so that you can do remote injection.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Objective-C 97.6%
  • C 2.4%