Thursday, May 3, 2012

Mac OS X Infector and Research Resources/Links

These are the links/resources collected by one of my friends Sandeep for his research purposes, shared with me. Most of it is worth the read. Hope this helps someone somewhere gain some knowledge........ !!!


HTE -- File manipulator
http://hte.sourceforge.net/

Mach-O filetype and infection methods
http://felinemenace.org/~nemo/slides/mach-o_infection.ppt

Same idea, different author
http://vx.netlux.org/lib/vrg01.html

Method Swizzling (you can remap the function name pointer to binary code mapping on OS-X)
http://www.cocoadev.com/index.pl?MethodSwizzling

Class Posing!
http://www.cocoadev.com/index.pl?ClassPosing
http://www.stepwise.com/Articles/Technical/PosersAndCategories/index.html

OS-X Tools:
otool -- Object File Displaying Tool http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/otool.1.html

gdb -- GNU Debugger (part of GCC)
http://developer.apple.com/tools/gcc_overview.html

gas -- host spoofing manager
http://www.apple.com/downloads/macosx/development_tools/gasmask.html

libtool -- Create Libraries
http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/libtool.1.html

file -- File Typer
http://linux.die.net/man/1/file

ktrace -- Kernel Trace Logging for a process
System Calls, Name Translations, Signal Processing, I/O

dtrace -- Debugger/Tracer in 10.5+
http://www.mactech.com/articles/mactech/Vol.23/23.11/ExploringLeopardwithDTrace/index.html

http://www.macosxhints.com/article.php?story=20071031121823710

kdump -- Kernel Dump Reader

class-dump -- Examines Objective-C Runtime data for MachO files.
http://codethecode.com/projects/class-dump/

Summary of other useful tools:
http://osxbook.com/book/bonus/ancient/whatismacosx/tools.html


Other interesting links are most welcome. I can update the post if there are any interesting links.