foriosSpeaking,The main functionisiosThe entry function for the application. We can do it atmainThe function has a breakpoint, as shown below:throughbtPrinting the current call stack shows that,mainThe function call comes fromlibdyld.dylibIn thestartMethods. Today we’re going to explore thatdyldWhat exactly does it do.

Libobjc: 781

Libdyld: 750.6


Dyld (The Dynamic Link Editor) is apple’s dynamic linker, which is an important part of Apple’s operating system. After the program preparation of the system kernel, DyLD is responsible for the remaining work. It is also open source, so anyone can download the source code on apple’s website to read how it works and learn the details of how the system loads the dynamic library.

Dyld process


From the picture below, we can learn aboutdyldMore content.You can see that the starting point of the call stack is_dyld_start, we are indyldSearch the source code_dyld_start. _dyld_startIt is written in assembly, as can be seen from the annotations and corresponding screenshots above_dyld_startCall thedyldbootstrp::startMethods.


Comments indicate that this is startupdyldThe code. Generally speaking, the program is started byDyld and CRTTo do. But in thedyldIn, we need to manually start, because at this timedyldIt hasn’t started yet.

The startup code in the figure above does three things:


On the disk,dyldtheDATA segmentAll Pointers are chained together and need to be corrected to have executed correctly. The base address of all mirrors on the current correction chain is0, so the offsetslideThat’s the address of the load.


Set stack overflow protection


_mainisdyldthemainThe delta function, it’s not in our systemmainFunction, more code, the core code is as follows:Take a look at the comments:dyldThe entrance. The kernel is loadeddyldAnd jump to__dyld_start.__dyld_startMethod sets some registration callbacks and calls them_mainFunction. Setting contextcontextTo save some of the current state.


Print the following:It can be seen that there are three dynamic libraries inserted, respectively:libBacktraceRecording.dylib,libMainThreadChecker.dylibandlibViewDebuggerSupport.dylib. 2. Load the shared cache library

  • checkShareRegionDisableFunction implementation is as follows:

The bottom note reads:iOSCan’t run without a shared area, which means iOS must use a shared cache library.

  • mapShareCacheThe core call to the function isloadDyldCache, the code is as follows:

Thus, shared cache libraries do share this feature. 3. Then go back_mainMethod, instantiate the main program, is readmachoThe contents are saved. 4. Load the inserted dynamic library5. Link the main program The dependency libraries are loaded recursively. 6. Link the inserted dynamic library, which is executed after the main program is linked to ensure that other dynamic libraries that the inserted dynamic library depends on are not in front of the dynamic library used by the program.7. Recursively bind the main program and other libraries that the main program depends on8. Recursively bind the inserted image9. Weak symbol binding10. Perform all initializationsThe code is as follows:Initialization of the inserted dynamic library is performed first, followed by initialization of the main program. Because there are other dependent libraries, this is also a recursive process. It is important to note that ininitializeMainExecutableAt the end of the method, environment variables are determinedDYLD_PRINT_STATISTICSandDYLD_PRINT_STATISTICS_DETAILSAfter setting these two environment variables, the system will print out some data of startup time in the command line to help us optimize some startup time.

Initialize the method call relationship as follows:runInitializers->processInitializers->recursiveInitialization After the initialization is complete, a notification is sent indicating that the image initialization is complete. sNotifyObjCInitThe code for the assignment is as follows:_dyld_objc_notify_registercall _dyld_objc_notify_registerMethods in thedyldThe source code is not explicitly called, we hit the symbolic breakpoint run.The method was found to be_objc_initCall,_objc_initMethods inlibobjc, observe the call stack as follows:Actually,sNotifyObjCInitIs a callback registered during initialization. This is the next stepruntimeInitialization is critical. 11. Find the address of the main function and return it.