I need to get notified when a app (including system app/server) calls System Framework (CoreServices.framework). I am not sure whether Code Injection works on system-wide frameworks.
Is it possible to replace a system framework with my own copy, and then forward messages to the real one?
You can use the DYLD_INSERT_LIBRARIES environment variable, but that only works with applications that you start, not system wide. More info here.
You can override system functions with mach_override, but it requires root privivaleges or the procmod group. mach_override was released at MacHack 2003. From a quick glance, it looks as easy as one function call.
mach_override_ptr(&orginalFunction, &overrideFunction, NULL);
Please note that system-wide overriding is strongly discouraged for non-debugging applications.
