本文介绍了从dyld_shared_cache中的__objc_selrefs获取方法名称的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试制作类似于 dyld_decache 的dyld提取器.和 dsc_extractor .但是我在解析__objc_selrefs部分时遇到了麻烦.

I am trying to make a dyld extractor similar to dyld_decache and dsc_extractor. But I am having trouble parsing the __objc_selrefs section.

出于测试目的,我使用了libsystem_trace.dylib,并且能够找到并解析其mach_header及其分段和节.但是,在__DATA .__ objc_selrefs部分中,我发现了0x201b8647fc8和0x201b860d716之类的指针,它们的值太高了,指向缓存之外.

For testing purposes I used libsystem_trace.dylib, and was able to find and parse its mach_header and its segments and sections. But looking at the __DATA.__objc_selrefs section I find pointers like 0x201b8647fc8 and 0x201b860d716, which are way too high and point outside the cache.

相反,在普通的Macho文件中,__objc_selrefs节中的指针指向__TEXT .__ objc_methname节中的相应字符串.

In contrast, in a normal Macho file, the pointers in the __objc_selrefs section point to their corresponding string in the __TEXT.__objc_methname section.

我知道dyld可以滑动并调整部分的基准,但是经过大量的修改后,我仍然无法修复指针.任何指导都将是惊人的,特别是考虑到那里的资源很少.

I know that dyld slides and rebases sections, but after a lot of tinkering, I still could not fix the pointers. Any guidance would be amazing, especially given how little resources there is out there.

推荐答案

这些地址"不仅指向缓存之外,还指向iOS分配给用户空间地址空间的最大范围.
事实是,这些不是原始地址,它们是带有一些标志的地址.我至少看到了0x20000000000和0x40000000000,它们似乎是Objective-C代码所独有的.我不知道它们的含义或这些标志的真正位掩码是什么,但是到目前为止,保持地址的低40位( 0xffffffffff )对我来说已经很有效.
那会变成例如将您的 0x201b8647fc8 值添加到 0x1b8647fc8 中,该值应位于共享缓存边界之内.

These "addresses" don't just point outside the cache, they point outside the maximum range iOS allocates for the userland address space.
The thing is that these aren't raw addresses, they're addresses with some flags mixed into them. I've seen at least 0x20000000000 and 0x40000000000, and they seem to be exclusive to Objective-C code. I have no idea what they mean or what the true bitmask for these flags is, but so far keeping the lower 40 bits (0xffffffffff) of the addresses has done the job for me.
That would turn e.g. your 0x201b8647fc8 value into 0x1b8647fc8, which should be well inside the shared cache boundaries.

这篇关于从dyld_shared_cache中的__objc_selrefs获取方法名称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 23:57