AI Summary: HookCase is a powerful debugging and reverse engineering tool for macOS that enhances the capabilities of Apple’s DYLD_INSERT_LIBRARIES. It allows users to hook methods in any module, including non-exported functions, and can target both parent and child processes simultaneously. Key features include support for watchpoints and the ability to bypass Apple’s restrictions on DYLD_INSERT_LIBRARIES, making it suitable for working with applications that have entitlements.

README

HookCase

HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method in any module (even non-exported ones, and even those that don’t have an entry in their own module’s symbol table). In a single operation, it can be applied to a parent process and all its child processes, whether or not the child processes inherit their parent’s environment. It supports watchpoints. So HookCase is considerably more powerful than DYLD_INSERT_LIBRARIES. It also doesn’t have the restrictions Apple has placed on DYLD_INSERT_LIBRARIES. So, for example, HookCase can be used with applications that have entitlements. HookCase runs on OS X 10.9 (Mavericks) through macOS 26 (Tahoe).

Steven Michaud, 9/2025

Table of Contents

• What’s New

• More About HookCase

• Building

• Installing

• Using

• Resources

• Example Hook Libraries