DYLD — Do You Like Death? (IX)

Karol Mazurek
7 min readMay 1, 2024

The lifecycle of a Dynamic Loader from its creation to its termination.

This is the ninth article in the series about debugging Dyld-1122 and analyzing its source code. We will introduce RuntimeState which APIs are used for tracking process-related data, such as threads or loaded Mach-Os.

Please note that this analysis may contain some errors as I am still learning and working on it alone. No one has checked it for mistakes. Please let me know in the comments or contact me through my social media if you find anything.

Let’s go!

WORKING MAP

As last time, we begin our journey by decompiling the Dyld using a Hopper.

hopper -e '/usr/lib/dyld'

We are in the dyld`start analysing the Memory Manager. In the fourth article, I introduced pseudo-code, which you can see below. Based on this, we finished creating the allocator, then we set the ProcessConfig in this allocator and now we follow with RuntimeState initialization:

In the last episode, we finished collecting ProcessConfig properties with ProcessConfig::PathOverrides. Now, we are going to…

--

--