我在动态库里面的一个类的+(void)load方法中用fishhook了ptrace函数,在程序的main函数中用dsym调用ptrace的时候走到了my_ptrace方法里面,用汇编的形式调用ptrace发现没有走my_ptrace,有大佬能说一下原理么?
//这里是参照网上资料hook的几个函数
- (void)load {
rebind_symbols((struct rebinding[1]){{“ptrace”, my_ptrace, (void*)&orig_ptrace}},1);
rebind_symbols((struct rebinding[1]){{“dlsym”, my_dlsym, (void*)&orig_dlsym}},1);
//some app will crash with _dyld_debugger_notification
// rebind_symbols((struct rebinding[1]){{“sysctl”, my_sysctl, (void*)&orig_sysctl}},1);
rebind_symbols((struct rebinding[1]){{“syscall”, my_syscall, (void*)&orig_syscall}},1);
}
//1.在main函数里面用下面方法调用可以走到my_ptrace
void *handle = dlopen(0, RTLD_GLOBAL | RTLD_NOW);
ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(handle, “ptrace”);
ptrace_ptr(PT_DENY_ATTACH, 0, 0, 0);
dlclose(handle);
//2.在main函数里面用汇编的方式走不到my_ptrace
asm volatile(
“mov x0,#31\n”
“mov x1,#0\n”
“mov x2,#0\n”
“mov x3,#0\n”
“mov x16,#26\n”//中断根据x16 里面的值,跳转ptrace
“svc #0x80\n”//这条指令就是触发中断(系统级别的跳转!)
);