feat: switch logging to os_log via oslog crate, use cfg(debug_assertions)

Batchhh · Batchhh · commit b4903f8d6611 · 2026-04-11T00:56:17.000+02:00
Replace manual eprintln! logger with Apple's unified logging system
(os_log) using the oslog crate. Logs now appear in Console.app under
subsystem "com.specter", category "memory".

Replace cfg(feature = "dev_release") with cfg(debug_assertions) across
all modules so debug logging is automatic in debug builds with no
feature flag needed. Remove the dev_release feature from Cargo.toml.

Bump version to 1.0.5.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "specter-mem"
-version = "1.0.4"
+version = "1.0.5"
 edition = "2024"
 description = "ARM64 memory manipulation framework for iOS/macOS — inline hooking, stealth code patching, hardware breakpoints, and shellcode loading"
 license = "MIT"
@@ -19,9 +19,6 @@ targets = ["aarch64-apple-darwin"]
 name = "specter"
 crate-type = ["staticlib", "rlib"]
 
-[features]
-dev_release = []
-
 [dependencies]
 mach2 = "0.6.0"
 once_cell = "1"
@@ -31,3 +28,5 @@ libc = "0.2"
 hex = "0.4"
 dashmap = "6"
 jit-assembler = { version = "0.3", default-features = false, features = ["aarch64"] }
+log = "0.4"
+oslog = { version = "0.2", default-features = false, features = ["logger"] }
diff --git a/README.md b/README.md
@@ -33,6 +33,17 @@ make check                            # verify exported symbols match specter.h
 -L<path> -lspectre -lc++ -framework Foundation -framework Security
 ```
 
+## Debug logging
+
+Debug builds automatically log to Apple's unified logging system (`os_log`). Messages appear in **Console.app** under subsystem `com.specter`, category `memory`.
+
+To filter in Console.app, use:
+
+```
+subsystem:com.specter category:memory
+```
+Logging is compiled out of release builds (`cfg(debug_assertions)`).
+
 ## Docs
 
 [docs/usage.md](docs/usage.md) — C/C++ API reference and examples
diff --git a/src/memory/allocation/shellcode.rs b/src/memory/allocation/shellcode.rs
@@ -1,7 +1,7 @@
 //! Shellcode loader with symbol resolution and position-independent code support
 
 use crate::memory::{code_cave, info::symbol, rw};
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use std::arch::asm;
 use std::collections::HashMap;
@@ -254,7 +254,7 @@ impl ShellcodeBuilder {
             invalidate_icache(cave.address as *mut c_void, code.len());
         }
 
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::info(&format!(
             "Shellcode loaded at {:#x} ({} bytes)",
             cave.address,
diff --git a/src/memory/info/code_cave.rs b/src/memory/info/code_cave.rs
@@ -1,7 +1,7 @@
 //! Code cave finder and manager
 
 use crate::memory::info::{image, scan};
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use once_cell::sync::Lazy;
 use parking_lot::Mutex;
@@ -300,7 +300,7 @@ pub fn find_caves_in_image(
 
     let scan_size = 32 * 1024 * 1024; // 32MB
 
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::info(&format!(
         "Scanning image '{}' at {:#x} for code caves (min size: {} bytes)",
         image_name, base, min_size
@@ -337,7 +337,7 @@ pub fn allocate_cave(size: usize) -> Result<CodeCave, CodeCaveError> {
         if cave.size >= size {
             cave.allocate();
             REGISTRY.lock().register(cave.clone())?;
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::info(&format!(
                 "Allocated code cave at {:#x} (size: {} bytes)",
                 cave.address, cave.size
@@ -382,7 +382,7 @@ pub fn allocate_cave_near(target: usize, size: usize) -> Result<CodeCave, CodeCa
 
             cave.allocate();
             REGISTRY.lock().register(cave.clone())?;
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::info(&format!(
                 "Allocated code cave near {:#x} at {:#x} (size: {} bytes)",
                 target, cave.address, cave.size
@@ -404,7 +404,7 @@ pub fn allocate_cave_near(target: usize, size: usize) -> Result<CodeCave, CodeCa
 pub fn free_cave(address: usize) -> Result<(), CodeCaveError> {
     let mut cave = REGISTRY.lock().unregister(address)?;
     cave.free();
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::info(&format!("Freed code cave at {:#x}", address));
     Ok(())
 }
@@ -461,6 +461,6 @@ pub fn get_cave_stats() -> (usize, usize) {
 /// Clears all allocated code caves from the registry
 pub fn clear_all_caves() {
     REGISTRY.lock().clear();
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::info("Cleared all allocated code caves");
 }
diff --git a/src/memory/info/image.rs b/src/memory/info/image.rs
@@ -1,10 +1,10 @@
 //! Dynamic library image lookup utilities
 
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use std::ffi::CStr;
 
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use mach2::dyld::_dyld_get_image_vmaddr_slide;
 use mach2::dyld::{_dyld_get_image_header, _dyld_get_image_name, _dyld_image_count};
 use thiserror::Error;
@@ -51,10 +51,10 @@ pub fn get_image_base(image_name: &str) -> Result<usize, ImageError> {
             let name = CStr::from_ptr(name_ptr).to_string_lossy();
             if name.contains(image_name) {
                 let header = _dyld_get_image_header(i);
-                #[cfg(feature = "dev_release")]
+                #[cfg(debug_assertions)]
                 let slide = _dyld_get_image_vmaddr_slide(i);
 
-                #[cfg(feature = "dev_release")]
+                #[cfg(debug_assertions)]
                 logger::info(&format!(
                     "Found image: {} (Index: {}, Base: {:p}, Slide: {:#x})",
                     name, i, header, slide
@@ -69,7 +69,7 @@ pub fn get_image_base(image_name: &str) -> Result<usize, ImageError> {
         }
     }
 
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::warning(&format!("Image not found: {}", image_name));
     Err(ImageError::NotFound(image_name.to_string()))
 }
diff --git a/src/memory/info/protection.rs b/src/memory/info/protection.rs
@@ -1,6 +1,6 @@
 //! Memory page protection query utilities
 
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use mach2::{
     kern_return::KERN_SUCCESS,
@@ -252,7 +252,7 @@ pub fn get_all_regions() -> Result<Vec<RegionInfo>, ProtectionError> {
         address += size;
     }
 
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::info(&format!("Found {} memory regions", regions.len()));
     Ok(regions)
 }
diff --git a/src/memory/info/scan.rs b/src/memory/info/scan.rs
@@ -2,7 +2,7 @@
 
 use crate::memory::image;
 use crate::memory::info::protection;
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use once_cell::sync::Lazy;
 use parking_lot::Mutex;
@@ -165,7 +165,7 @@ pub fn scan_pattern_cached(
     {
         let cache = SCAN_CACHE.lock();
         if let Some(cached) = cache.get(&cache_key) {
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::info(&format!("Cache hit for pattern: {}", ida_pattern));
             return Ok(cached.clone());
         }
@@ -180,7 +180,7 @@ pub fn scan_pattern_cached(
 /// Clears the scan cache
 pub fn clear_cache() {
     SCAN_CACHE.lock().clear();
-    #[cfg(feature = "dev_release")]
+    #[cfg(debug_assertions)]
     logger::info("Scan cache cleared");
 }
 
diff --git a/src/memory/manipulation/backup.rs b/src/memory/manipulation/backup.rs
@@ -5,7 +5,7 @@
 
 use crate::memory::manipulation::patch::stealth_write;
 use crate::memory::platform::thread;
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use thiserror::Error;
 
@@ -29,7 +29,7 @@ impl MemoryBackup {
     pub fn create(address: usize, size: usize) -> Result<Self, BackupError> {
         let original_bytes = unsafe { read_bytes(address, size) };
 
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::debug(&format!("Backup created: {:#x} ({} bytes)", address, size));
 
         Ok(Self {
@@ -50,7 +50,7 @@ impl MemoryBackup {
 
             thread::resume_threads(&suspended);
 
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::debug(&format!("Backup restored: {:#x}", self.address));
         }
         Ok(())
diff --git a/src/memory/manipulation/checksum.rs b/src/memory/manipulation/checksum.rs
@@ -11,7 +11,7 @@ use std::sync::atomic::{AtomicBool, Ordering};
 use std::thread::{self, JoinHandle};
 use std::time::Duration;
 
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 
 use crate::memory::info::protection;
@@ -284,7 +284,7 @@ fn default_tamper_callback(tampered: &[usize]) {
     use super::hook::restore_hook_bytes;
 
     for &addr in tampered {
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::warning(&format!("Hook tampered at {:#x}, restoring...", addr));
 
         if restore_hook_bytes(addr) {
@@ -295,10 +295,10 @@ fn default_tamper_callback(tampered: &[usize]) {
             }
             drop(checksums);
 
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::info(&format!("Hook restored at {:#x}", addr));
         } else {
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::error(&format!("Failed to restore hook at {:#x}", addr));
         }
     }
@@ -327,7 +327,7 @@ pub fn start_monitor(
     let state_clone = Arc::clone(&state);
 
     let handle = thread::spawn(move || {
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::info("Integrity monitor started");
 
         while state_clone.running.load(Ordering::Relaxed) {
@@ -343,7 +343,7 @@ pub fn start_monitor(
             }
         }
 
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::info("Integrity monitor stopped");
     });
 
diff --git a/src/memory/manipulation/hook.rs b/src/memory/manipulation/hook.rs
@@ -14,7 +14,7 @@ use super::checksum;
 use crate::config;
 use crate::memory::info::{code_cave, symbol};
 use crate::memory::{image, patch, protection, thread};
-#[cfg(feature = "dev_release")]
+#[cfg(debug_assertions)]
 use crate::utils::logger;
 use once_cell::sync::Lazy;
 use parking_lot::Mutex;
@@ -202,14 +202,14 @@ pub unsafe fn hook_symbol(symbol_name: &str, replacement: usize) -> Result<Hook,
 pub unsafe fn install_at_address(target: usize, replacement: usize) -> Result<usize, HookError> {
     unsafe {
         if REGISTRY.lock().contains_key(&target) {
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::warning("Hook already exists at target");
             return Err(HookError::AlreadyExists(target));
         }
 
         let first_instr = super::rw::read::<u32>(target).map_err(|_| HookError::PatchFailed)?;
         if is_b_instruction(first_instr) {
-            #[cfg(feature = "dev_release")]
+            #[cfg(debug_assertions)]
             logger::debug("Detected thunk, using short hook");
             return install_thunk_hook(target, replacement, first_instr);
         }
@@ -448,7 +448,7 @@ unsafe fn install_thunk_hook(
         );
         let _ = checksum::register(target, 4);
         thread::resume_threads(&suspended);
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::debug("Thunk hook installed");
         Ok(trampoline_base)
     }
@@ -517,7 +517,7 @@ unsafe fn install_regular_hook(target: usize, replacement: usize) -> Result<usiz
         );
         let _ = checksum::register(target, MAX_STOLEN_BYTES);
         thread::resume_threads(&suspended);
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::debug("Hook installed");
         Ok(trampoline_base)
     }
@@ -567,7 +567,7 @@ pub unsafe fn remove_at_address(target: usize) -> bool {
         libc::munmap(entry.trampoline as *mut c_void, TRAMPOLINE_SIZE);
         checksum::unregister(target);
         thread::resume_threads(&suspended);
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::debug("Hook removed");
         true
     }
@@ -892,7 +892,7 @@ pub unsafe fn install_in_cave_at_address(
         let _ = checksum::register(target, MAX_STOLEN_BYTES);
 
         thread::resume_threads(&suspended);
-        #[cfg(feature = "dev_release")]
+        #[cfg(debug_assertions)]
         logger::debug("Cave hook installed");
 
         Ok(Hook {
diff --git a/src/memory/manipulation/patch.rs b/src/memory/manipulation/patch.rs
diff --git a/src/memory/manipulation/rw.rs b/src/memory/manipulation/rw.rs
diff --git a/src/memory/platform/breakpoint.rs b/src/memory/platform/breakpoint.rs
diff --git a/src/utils/logger.rs b/src/utils/logger.rs

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`//! Memory page protection query utilities`
`2`	`2`
`3`		`-#[cfg(feature = "dev_release")]`
	`3`	`+#[cfg(debug_assertions)]`
`4`	`4`	`use crate::utils::logger;`
`5`	`5`	`use mach2::{`
`6`	`6`	`kern_return::KERN_SUCCESS,`
`@@ -252,7 +252,7 @@ pub fn get_all_regions() -> Result<Vec<RegionInfo>, ProtectionError> {`
`252`	`252`	`address += size;`
`253`	`253`	`}`
`254`	`254`
`255`		`- #[cfg(feature = "dev_release")]`
	`255`	`+ #[cfg(debug_assertions)]`
`256`	`256`	`logger::info(&format!("Found {} memory regions", regions.len()));`
`257`	`257`	`Ok(regions)`
`258`	`258`	`}`