Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-03-07 00:37:32 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md
CPol 7fa013e17b
GitBook: [master] 5 pages modified
2021-07-26 22:50:14 +00:00

763 B
Raw Blame History

Inspecting and debugging Mac OS Apps

Static Analysis

otool

otool -L /bin/ls #List dynamically linked libraries
otool -tv /bin/ps #Decompile application

Dynamic Analysis

{% hint style="warning" %} These tools require SIP to be disabled or to copy the binaries to a temporary folder and remove the signature with codesign --remove-signature <binary-path> {% endhint %}

dtruss

dtruss -c ls #Get syscalls of ls
dtruss -c -p 1000 #get syscalls of PID 1000

ktrace

You can use this one even with SIP activated

ktrace trace -s -S -t c -c ls | grep "ls("

dtrace

sudo dtrace -n 'syscall:::entry {@[execname] = count()}' #Count the number of syscalls of each running process