Skiptracing: Reversing

Sam Lerner
Jun 6 · 11 min read

The Project

The Data


Finding Where to Hook

Partial disassembly for startWatchingMediaKeys
Source code for startWatchingMediaKeys
CGEventTapEnable called in tapEventCallback
#include <CoreFoundation/CoreFoundation.h>
#include <dlfcn.h>
#include <stdlib.h>
#include <stdio.h>
void CGEventTapEnable(CFMachPortRef tap, bool enable)
typeof(CGEventTapEnable) *old_tap_enable;
printf(“I'm hooked!\n”);
old_tap_enable = dlsym(RTLD_NEXT, “CGEventTapEnable”);
(*old_tap_enable)(tap, enable);
gcc -fno-common -c <filename>.c 
gcc -dynamiclib -o <library name> <filename>.o


Finding sub_100CC2E20

Hooking sub_100CC2E20

The Rest

Where am I?


Sam Lerner

Written by

Computer science enthusiast

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade