插入OS X系统调用 [英] Interposing of OS X system calls
问题描述
我需要插入(调用我的函数而不是原始函数)一些OS X系统调用来克服一个封闭源代码软件中的缺陷.
I need to interpose (get my functions called instead of the original functions) some OS X system calls to overcome a flaw in a piece of closed-source software.
最好,最终的解决方案可以在10.5(Leopard)及更高版本下工作,但如果论点足够强大,我 可能可以要求10.6(Snow Leopard).
Preferably, the resulting solution would work under 10.5 (Leopard) and newer, but I might be able to require 10.6 (Snow Leopard) if the argument were strong enough.
最好,最终的解决方案将是可执行文件,但我可能会选择脚本.
Preferably, the resulting solution would be an executable, but I might settle for a script.
最好,即使在目标应用程序运行后,生成的解决方案也可以插入(窃取向量"),但是我可以满足必须在应用程序运行时注入自身的技术正在加载.
Preferably, the resulting solution would be able to interpose ("steal the vectors") even after the target application is running, but I could settle for a technology that must inject itself as the application is loading.
最好将最终的解决方案用C或C ++开发,但我可以选择使用Objective-C或其他东西.
Preferably, the resulting solution would be developed in C or C++, but I could settle for Objective-C or something else.
到目前为止,我已经尝试过:
So far, I've experimented with:
1) DTrace 脚本,它教给了我很多知识,但是D语言(有限的流量控制等)的局限性使它成为了我在做什么,更不用说结果将是一个脚本,它不像我要拍摄的那样整洁和自成体系.
1) DTrace scripting, which has taught me a lot, but the limitations of the D language (limited flow control, etc.) make it a major pain for what I'm doing, not to mention that the result would be a script, which isn't as tidy and self-contained as what I'm shooting for.
2) DYLD_INSERT_LIBRARIES 插入,它在许多方面都很流畅,但是可能是由于名称空间变平了(我不会假装深入了解这意味着什么),在较简单的可执行文件上可以很好地工作,但是即使我构建了一个实际上不插入任何调用的无所事事库,我的目标应用程序也无法正常工作.
2) DYLD_INSERT_LIBRARIES interposition, which is slick in many ways, but perhaps due to namespace flattening (I won't pretend to deeply understand what this means), it works nicely against simpler executables, but makes my target application choke, even when I build a do-nothing library that doesn't actually interpose any calls.
我的最新想法是尝试使用 mach_star ( https://github.com/rentzsch/mach_star ),但是我首先要在这里停下来,向Stack Overflow社区询问,该社区总是比我了解更多...
My latest idea is to experiment with mach_star (https://github.com/rentzsch/mach_star), but I'm stopping here first, to ask the Stack Overflow community which invariably knows more than do I...
...接下来我应该看除mach_star以外的东西吗?
...should I be looking at something besides mach_star next?
推荐答案
我认为您在选择mach_star时是正确的选择.
I think you've made the right choice looking at mach_star.
如果您实际上想了解darwin链接加载程序的工作原理等,那么我将花更多的时间解决DYLD插入问题.但是显然您正在寻找一种快速的解决方案,而不是深入的学习经验.而且我怀疑任何人都可以在没有访问您的项目的情况下找出您遇到的问题.因此,这可能是一个死胡同.此外,无论如何,Mach覆盖和注入都更加有趣.
If you actually want to learn how the darwin link-loader works, etc., I'd put more time into your DYLD insertion problems. But obviously you're looking for a quick solution, not an in-depth learning experience. And I doubt anyone's going to be able to figure out the problems you're having without having access to your project. So, this is probably a dead end. Besides, Mach overriding and injection are more fun anyway.
Mach注入的基础知识实际上并不难,但是您有很多事情要做对,大多数都没有得到很好的记录.在您得到可以在系统上运行的功能之前,您将弄错11件事,然后它对于您尝试的下一个功能将不起作用,然后在10.5或10.8上将不起作用,并且……mach_star库为您包装所有东西.那么,为什么不使用它呢?
The basics of Mach injection aren't actually that hard, but there are a ton of things you have to get right, most of which aren't well documented. You're going to get 11 things wrong before you get something that works on your system, and then it won't work for the next function you try, and then it won't work on 10.5 or 10.8, and… The mach_star library wraps up all that stuff for you. So, why not use it?
我应该提到,自Intel以前以来,我就没有使用过mach_star.但看起来它仍在定期更新,如x86_64和10.7以及Xcode 4等的更改.
I should mention that I haven't used mach_star since pre-Intel days. But it looks like it's still being updated regularly-ish, with changes for x86_64 and 10.7 and Xcode 4 and so on.
这篇关于插入OS X系统调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
