Parasite is a powerful code insertion platform for OS X. It enables developers to easily create extensions which change the original behavior of functions. For users Parasite provides an easy way to install these extensions and tweak their OS.
Parasite consists of various components which altogether provide a safe and smooth experience. Here’s a short overview:
This is the core component of Parasite, a kernel extension. It injects ParasiteLoader.dylib into every process that is executed after the kext is loaded.
This is the trampoline that gets injected by the kext. It handles extensions loading and excludes blacklisted processes and root processes.
This is a framework that makes developing extensions easy. It includes some nice macros, ZKSwizzle for hooking Obj-C functions and substitute by comex for hooking C functions.
That’s pretty easy actually. Just disable kext validation via csrutil and paste curl -fsSL https://github.com/ParasiteTeam/installer/raw/master/install.sh | sudo bash into your terminal prompt.
Extensions can be .bundle files or just a .plist. Installing them is mainly just putting them into their designated directory.
No problem, extensions are located at /Library/Parasite/Extensions. Just put the .bundle file in there and it will be automatically loaded when the process it should inject into gets executed.
That’s cool. Runtime modification via a .plist is supported by Crucible. Crucible takes the information provided by the .plist and transforms them to code, so to say. The .plist files are located at /Library/Parasite/Crucible.
You have two options to create extensions, which are the following:
TODO
TODO
Soon, ayy.