Yet another code injection library for OS X. $ git clone --recursive https://github.com/rodionovd/task_vaccine.git task_vaccine $ cd ./task_vaccine $ rake test $ rake build # will build an x86_64 dynamic library and place it into ./build/x86_64 #include "task_vaccine.h" task_t target = ...; int err = task_vaccine(target, "./payload0.dylib"); if (err != KERN_SUCCESS) { fprintf(stderr, "task_vaccine() failed with error: %d\n", err); } see Usage for details. Why should I use this thing instead of mach_inject? Well, for a couple of reasons actually: mach_inject's codebase is old and it hasn't been updated for a while. You can not inject i386 targets from x86_64 hosts and vice versa using mach_inject, so you should use two different injectors. With task_vaccine you can actually do it. I have automated tests 🚦 How it works: Pretty straightforward, see: At first, we create a new thread inside a target task (process) and execute _pthread_set_self() function on it. We can only create a raw Mach thread inside a target task. But many functions (such as dlopen()) rely on pthread stuff (locks, etc), so we have to initialize a pthread first and only then execute dlopen() for lo