Objective C is a Dynamic Runtime, so you can load code like plugins during runtime. This dynamic runtime can be very useful for exploring what applications are doing. I use this to assess the security of applications for example.
F-Script provides an easy way to inject itself into a running app and explore around.
Download F-Script here
Launch the app you want to explore.
Then find the process id number of the app in a Terminal shell:
ps auxww | grep “App Name”
Load the F-Script Framework into the app and insert its menu using:
sudo gdb --pid AppNameProcessID --batch --nx --command=/dev/stdin << EOT p (char)[[NSBundle bundleWithPath:@"path/to/Library/Frameworks/FScript.framework"] load] p (void)[FScriptMenuItem insertInMainMenu] EOT
I found the above snippet by reviewing this automator service.
Note that sudo is only required if you are not in the _developer group.
At this point, switch to your running application. You will notice an F-Script Menu is added to the menu bar.
Choose Console from the F-Script menu and type:
del := NSApplication sharedApplication delegate
This will give you a reference to the application delegate. The application delegate is a top level class of the application, so it should provide a good starting point.
Next, choose Open Object Browser from the F-Script menu.
Now you should have a nice GUI window to explore the app.
Click on del in the Workspace to explore the app delegate. You can call methods, change values, etc.
See the F-Script documentation for more details.