For the two relevant sections, the section headers ( struct sections from ) provide an offset (in the reserved1 field) into what is known as the indirect symbol table. In order to find the name of the symbol that corresponds to a particular location in one of these sections, we have to jump through several layers of indirection. _nl_symbol_ptr is an array of pointers to non-lazily bound data (these are bound at the time a library is loaded) and _la_symbol_ptr is an array of pointers to imported functions that is generally filled by a routine called dyld_stub_binder during the first call to that symbol (it's also possible to tell dyld to bind these at launch). fishhook re-binds these symbols by determining the locations to update for each of the symbol names passed to rebind_symbols and then writing out the corresponding replacements.įor a given image, the _DATA segment may contain two sections that are relevant for dynamic symbol bindings: _nl_symbol_ptr and _la_symbol_ptr. Return UIApplicationMain(argc, argv, nil, NSStringFromClass()) Ĭalling real open('/var/mobile/Applications/161DA598-5B83-41F5-8A44-675491AF6A2C/Test.app/Test', 0)ĭyld binds lazy and non-lazy symbols by updating pointers in particular sections of the _DATA segment of a Mach-O binary. Printf( "Mach-O Magic Number: %x \n ", magic_number) Open our own binary and print out first 4 bytes (which is the same // for all Mach-O binaries on a given architecture) int fd = open(argv, O_RDONLY) Int my_open( const char *path, int oflag. Printf( "Calling real close( %d) \n ", fd) Static int (*orig_open)( const char *, int. # import "fishhook.h " static int (*orig_close)( int)
0 kommentar(er)
