FishHook

- (void)viewDidLoad { [super viewDidLoad]; //hook NSLog struct rebinding nslog; nslog.name = "NSLog"; nslog.replaced = (void *)&sys_nslog; nslog.replacement = my_NSLog; struct rebinding bds[] = {nslog}; rebind_symbols(bds, 1); Static void (*sys_nslog)(NSString *format,...) ; Void my_NSLog(NSString *format,...) {format = [format stringByAppendingString:@"\nhook "]; Sys_nslog (format); } - (void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event { NSLog(@"nslog"); } // struct rebinding {const char *name; // The name of the function that needs a HOOK, C string void *replacement; // Address of the new function void **replace; // Pointer to the original function address! };Copy the code

The function that can be hooked is the system function, and the function that can not be hooked is the custom function. The custom function is in this MachO and has been bound symbol and fixed address at compile time, but NSLog is in Foundation framework, so can be hooked at compile time.

The difference between system functions and local functions & symbolic binding

FishHook call procedure

NSLog doesn’t know the address of the function at compile time, NSLog is in the Foundation framework, and DYLD will load the shared cache first when it loads MachO into memory,

Because some functions do not determine the address of the function at compile time, a placeholder is used to hold the function, and when the function is executed, the address of the function is calculated, and then the function is called by symbolic bindingC language is a static language, but the external function call through the dynamic call way, through symbols to find the address, can be bound or rebound

The binding process of symbols

First of all, the program execution will bind the symbols in the non-lazy loading symbol table and save them. When NSLog is called, it will find the pile first, execute the corresponding binary instruction of the pile after finding the pile, that is, execute the values in the lazy loading symbol table, and then find the dyLD_STUB_binder function in the non-lazy loading symbol table to bind the symbols

FishHook reverse lookup

symbol

External symbols: symbols other than this MachO 🌰 symbols of NSLog

Internal symbols: some custom methods or types within 🌰 of this MachO

Symbols are also divided into global symbols and local symbols

Global symbol: external can also be used, exposed to external use, 🌰 do some dynamic library

Local: used by yourself

Go to sign

Restore symbol

Use FishHook for protection

FishHook source code parsing