README.md

@@ -284,9 +284,9 @@ brew install blacktop/tap/ipsw
 * `--dylib_hijacking` needs [ipsw](https://github.com/blacktop/ipsw) to be installed.
 * `--dylibtree` needs the [dyld-shared-cache-extractor](https://github.com/keith/dyld-shared-cache-extractor) to be installed.
 
-
 ## WHY UROBOROS? 
-I will write the code for each article as a class SnakeX, where X will be the article number. To make it easier for the audience to follow. Each Snake class will be a child of the previous one and infinitely "eat itself" (inherit methods of the previous class), like Uroboros.
+I will write the code for each article as a class SnakeX, where X will be the article number, to make it easier for the audience to follow. 
+Each Snake class will be a child of the previous one and infinitely "eat itself" (inherit methods of the previous class), like Uroboros.
 
 ## ADDITIONAL LINKS
 * [Apple Open Source](https://opensource.apple.com/releases/)
@@ -301,4 +301,6 @@ I will write the code for each article as a class SnakeX, where X will be the ar
 * After making a SuperBlob parser and CodeDirectory blob parser, modify hasHardenedRuntime to check Runtime flag by using bitmask, instead of string.
 * Build Dyld Shared Cache parser and extractor to make SnakeIV independant of dyld-shared-cache-extractor.
 * Make testing branch and implement tests, before pushing new updates.
-* Create `RottenApple.app` in another repository and use it for testing.
+* Create `RottenApple.app` in another repository and use it for testing.
+* Add Dyld Closure chapter to Snake&Apple V - Dyld
+* Move `dumpPrelink_info` and `dumpPrelink_text` to Snake & Apple chapter about Kernel Extensions when ready.

VI. AMFI/custom/AMFI_RE/PSEUDO_macos_dyld_policy_at_path.c

@@ -20,10 +20,10 @@ macos_dyld_policy_at_path(proc *process, amfi_dyld_policy_state_t *policy_state)
                 log("RPL: 0, HR: 0, RP: 0, LV: 0");
             }
         } else {
-            // 0x40 == CS_EXECSEG_JIT used ?? (not sure aobut it)
+            // Check if 0x40 == CS_EXECSEG_JIT is used ?? (not sure about it)
             if ((flags & 0x40) != 0) {
 
-                // (macOS Only) Page invalidation allowed by task port policy (CS_INVALID_ALLOWED == 0x20) not used
+                // Check if (macOS Only) Page invalidation allowed by task port policy (CS_INVALID_ALLOWED == 0x20) is not used
                 if ((flags & 0x20) == 0) { 
                     
                     // Check if process does not use Library Validation

VI. AMFI/custom/AMFI_RE/PSEUDO_macos_dyld_policy_collect_state.c

@@ -23,8 +23,8 @@ macos_dyld_policy_collect_state(calling_process, param_2, amfi_dyld_policy_state
     // Check if forced library validation is enabled (required by Hardened System Policy)
     has_CS_FORCED_LV = check_forced_library_validation(calling_process);
 
-    // Check macOS platform (hardware)
-    platform = get_platform();
+    // Check if binary is inside trust cache (CS_PLATFORM_BINARY == 0x4000000 | CS_DYLD_PLATFORM == 0x2000000) 
+    platform = is_platform_binary();
 
     // Check if Hardened Runtime is enabled
     has_HR = check_hardened_runtime(calling_process);
@@ -75,4 +75,3 @@ macos_dyld_policy_collect_state(calling_process, param_2, amfi_dyld_policy_state
 }
 
 
-