dyld-635.2源码,https://opensource.apple.com/tarballs/dyld/
dyld,最开始的入口点在dyld里的_dyld_start函数,从内核态切换过来。
导出函数相关
MachO文件格式,ImageLoaderMachOCompressed/ImageLoaderMachOClassic。
现在iOS/MacOSX支持的都是Compressed格式。
参考:
- http://networkpx.blogspot.com/2009/09/about-lcdyldinfoonly-command.html
- https://opensource.apple.com/source/xnu/xnu-4903.221.2/EXTERNAL_HEADERS/mach-o/loader.h.auto.html
- https://en.wikipedia.org/wiki/MacOS
PAC指针保护,pointer authentication codes (PACs),ARMv8.3提供,2018的iPhone models (XS/XS Max/XR)引入。
__has_feature(ptrauth_calls)编译器支持。
参考:
- https://developer.apple.com/documentation/security/preparing_your_app_to_work_with_pointer_authentication?language=objc
- ptrauth.h
- http://quabr.com/52624308/xcode-arm64-vs-arm64e
- https://www.4hou.com/mobile/13756.html
- https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html
- https://www.qualcomm.com/documents/whitepaper-pointer-authentication-armv83
导出符号,uleb128编码的树里压缩存储。
参考:
- https://adrummond.net/posts/macho
- http://www.m4b.io/reverse/engineering/mach/binaries/2015/03/29/mach-binaries.html
导出函数hook,interposing overrides。
mach-o files advertise interposing by having a __DATA __interpose section
参考:
- dyld-interposing.h
208
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
