Get pids of XPC services launched by Safari/MiniBrowser -> WebKit ProcessLauncher

injection.mm

//
//  main.m
//  safari_fuzzer
//
//  Created by ant4g0nist on 09/11/2021.
//

/*
Build: ➜ clang++ injection.mm -framework Foundation -dynamiclib -o injection.dylib
Usage: ➜ DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=injection.dylib /Users/ant4g0nist/Desktop/macOSResearch/WebKit/WebKit/WebKitBuild/Release/MiniBrowser.app/Contents/MacOS/MiniBrowser 

injection=>com.apple.WebKit.WebContent: 332
injection=>MiniBrowser: 1432
injection=>com.apple.WebKit.WebContent: 0
injection=>MiniBrowser: 1432
injection=>com.apple.WebKit.WebContent: 0
injection=>MiniBrowser: 1432
injection=>com.apple.WebKit.WebContent: 616
injection=>MiniBrowser: 1432
injection=>com.apple.WebKit.WebContent: 1441
injection=>MiniBrowser: 1432
injection=>com.apple.WebKit.WebContent: 1442
injection=>MiniBrowser: 1432
*/



#include <string.h>
#include <xpc/xpc.h> 

#define INTERPOSE(_replacement, _replacee) \
    __attribute__((used)) static struct { \
        const void* replacement; \
        const void* replacee; \
    } _interpose_##_replacee __attribute__ ((section("__DATA, __interpose"))) = { \
        (const void*) (unsigned long) &_replacement, \
        (const void*) (unsigned long) &_replacee \
    };

pid_t my_xpc_connection_get_pid(xpc_connection_t connection);

pid_t my_xpc_connection_get_pid(xpc_connection_t connection)
{
    const char* name = xpc_connection_get_name(connection);
    pid_t pid = xpc_connection_get_pid(connection);

    if (name && strcmp(name, "com.apple.WebKit.WebContent") == 0)
    {
        printf("com.apple.WebKit.WebContent: %i\n", pid);
    }
    
    return pid;
}

INTERPOSE(my_xpc_connection_get_pid, xpc_connection_get_pid);