{"id":255,"date":"2012-05-21T02:28:46","date_gmt":"2012-05-21T07:28:46","guid":{"rendered":"http:\/\/areciv.com\/blog\/?p=255"},"modified":"2021-09-22T17:25:22","modified_gmt":"2021-09-22T22:25:22","slug":"f-script-injection-in-lion","status":"publish","type":"post","link":"https:\/\/areciv.com\/blog\/2012\/05\/f-script-injection-in-lion\/","title":{"rendered":"F-Script Injection in Lion"},"content":{"rendered":"\n<p><strong>UPDATE<\/strong>: This workflow no longer works on Mavericks due to a debugger change. See <a title=\"F-Script Injection in Mavericks\" href=\"http:\/\/areciv.com\/blog\/2014\/08\/f-script-injection-in-mavericks\/\">this post<\/a> for details on a new version.<\/p>\n\n\n\n<p>I wanted to use the very handy <a title=\"F-Script\" href=\"http:\/\/www.fscript.org\/\">F-Script<\/a> environment to snoop around inside an application. F-Script can be injected into running applications by using gdb, which of course works fine, but they also provide a services-menu item for performing the injection. Due to several changes in OS X 10.7 Lion, the automator workflow that came with F-Script to perform this did not work.<\/p>\n\n\n\n<p>I reworked the injector service so it works on Lion and doesn't leave behind (or even create) any temp files.<\/p>\n\n\n\n<a  data-e-Disable-Page-Transition=\"true\" class=\"download-link download-button aligncenter\" title=\"\" href=\"https:\/\/areciv.com\/blog\/download\/4379\/?tmstv=1776596353\" rel=\"nofollow\" id=\"download-link-4379\" data-redirect=\"false\" >\n\tDownload &ldquo;Inject-F-Script-into-application.zip&rdquo;\t<small>Inject-F-Script-into-application.zip\t\t&ndash; Downloaded 30123 times\t\t&ndash; 63.58 KB<\/small>\n<\/a>\n\n\n\n<p>Installation is identical to the one that comes with F-Script, so follow their readme.<\/p>\n\n\n\n<p>The automator workflow consists of two steps: <\/p>\n\n\n\n<p>1.  Run Applescript, with contents<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: applescript; title: ; notranslate\" title=\"\">\ntell application \"System Events\"\nset pid to unix id of the first process whose frontmost is true\nend tell\n\nreturn \"\" & pid\n<\/pre><\/div>\n\n\n<p>This gets the PID of the active application and returns it as a string.<\/p>\n\n\n\n<p>2. Run Shell Script (Shell: \/bin\/bash, Pass input: as arguments), with contents<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\ncat &lt;&lt; EOF | sudo -u`whoami` gdb -n -q\nattach '$1'\np (char)&#x5B;&#x5B;NSBundle bundleWithPath:@&quot;\/Library\/Frameworks\/FScript.framework&quot;] load]\np (void)&#x5B;FScriptMenuItem insertInMainMenu]\ndetach\nquit\nEOF\n<\/pre><\/div>\n\n\n<p>Using the <a title=\"Here Documents\" href=\"http:\/\/tldp.org\/LDP\/abs\/html\/here-docs.html\">\"here-document\"<\/a> feature of bash, lines 2-6 are sent as STDIN to GDB without using a temp file. The PID to attach is passed in as an argument from the previous block. Invoking GDB directly (without sudo) doesn't allow attaching to a process, presumably due to services sandboxing. Sudoing as the current user works fine and allows the attach to happen.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wanted to use the very handy F-Script environment to snoop around inside an application.  F-Script can be injected into running applications by using gdb, which of course works fine, but they also provide a services-menu item for performing the injection. Due to several changes in OS X 10.7 Lion, the automator workflow that came with F-Script to perform this did not work.<\/p>\n<p>I reworked the injector service so it works on Lion and doesn't leave behind (or even create) any temp files.<\/p>\n","protected":false},"author":1,"featured_media":1355,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88],"tags":[41,39,42],"class_list":["post-255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-f-script","tag-hack","tag-osx"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/areciv.com\/blog\/wp-content\/uploads\/2014\/08\/automator-icon.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/posts\/255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/comments?post=255"}],"version-history":[{"count":13,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/posts\/255\/revisions"}],"predecessor-version":[{"id":4385,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/posts\/255\/revisions\/4385"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/media\/1355"}],"wp:attachment":[{"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/media?parent=255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/categories?post=255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/areciv.com\/blog\/wp-json\/wp\/v2\/tags?post=255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}