Hidden Gems in ./usr/include/

updated over 1 year ago; latest suggestion over 1 year ago

This proposal has been withdrawn...

Every year, developers gather in excitement for the new API wonders Apple releases at WWDC. Although these innovative classes and APIs are exciting, there's a whole secret world of amazing APIs right in front of you in {*OS_SDK}/usr/include/.... but only if you're brave enough to decipher the "meh" documentation.

This talk with examine several very interesting, little known C APIs and how they can be used

These include:

  • malloc_introspection_t struct (specifically, the enumerator field) found in malloc.h and how this struct can be used to enumerate all pointers in the heap
  • getsectiondata found in getsec.h Examine Mach-O sections, i.e. look at all the hardcoded strings in your app and make sure you're not exposing any internal info
  • dispatch_introspection_* found in dispatch/introspect.h, got a threading problem? Use these APIs to help discover the culprit, will use with DYLD interpose

You'll like this talk if you come from a security background, or you're interested in building introspection tools (like the next best Reveal tool), or if you just want to know what crazy APIs Apple gives you but don't really discuss much in detail


  • The proposal author responds over 1 year ago

    @4b5cf9d61559afe16fab7786af993e89cf049fc1 :]

    Thank you for the suggestions and highlighting the fact I only have 30 min. I agree that definitely is not enough time for what I want to cover, so I'll submit a different idea with 30 min in mind. Cheers

  • 4b5cf9d61559afe16fab7786af993e89cf049fc1?size=100x100 4b5cf9d61559afe16fab7786af993e89cf049fc1 suggests over 1 year ago

    This sounds like a great proposal — technical, in-depth, and low-level. It also sounds like a lot to cover in 30 minutes.

    The biggest thing missing for me is the "so what?" answer. Is this stuff day-to-day practical? How so? What will I be able to do with it? How will it change the way I write and think about application development?

    I think it's OK if it's for informational purpose only, but that would be good to highlight.