comex/inject_and_interpose

Need some pointers in understanding code.

Allamaprabhu7 opened this issue · 2 comments

Hello Comex,I am huge fan of you and your code inject.c.
I wanted to try out interposing by myself,I read through few of apple documents regarding Mach-O file and Mike Ash blog about dynamic loading. But still concepts are not clear for me.Can you please suggest some blogs or documents so which have detailed explanation of Mach-O file and dynamic loading. My aim is to understand interpose.c and make use of it..

Thanks

Hi, @Allamaprabhu7! I'm not Comex, but have something for you anyway :0

Here's my list of resources about Mach-O dynamic linking and function redirection:

  1. Dynamic Linking of Imported Functions in Mach-O and Redirection of Imported Functions in Mach-O by @shoumikhin. Source code is available here.

    Yes, these articles are quite old, but still very relevant!

  2. fishhook library by Facebook.

    In the readme is a great writeup about how dynamic symbols binding works and how to get the advantage of it.

Also, I'd like to suggest you some other libraries for function hooking that don't rely on dynamic binding, but patch the original function code instead — so you can hook any function in your app, not only those from dynamic libraries!

  1. mach_override — the classic implementation of function hooking used by many OS X apps (like Dropbox).

    You can find a nice explanation about how the „overriding“ works in this article. See also this StackOverflow question about how it differs from Facebook's fishhook and the original @rentzsch slides about dynamic function overriding.

  2. ineffective_hooker by @tyilo. Same as mach_override but involves more assembly.

  3. rd_route from me :) It just remaps the original function into some safe location in memory and then patches it, so we don't need to use any handwritten assembly trampolines to make it work. See readme for more details.

Thank you very much @rodionovd .This will be help me alot.. :)