FlyJB
https://github.com/XsF1re/FlyJB-X/blob/main/Tweaks/MemHooks.xm#L81
Dobby Builtin Plugin
https://github.com/jmpews/Dobby/blob/master/builtin-plugin/InstrumentSVC/instrument_svc.cc#L39
#if 1
typedef int32_t arm64_instr_t;
__attribute__((constructor)) static void ctor() {
auto libsystem_c = ProcessRuntimeUtility::GetProcessModule("libsystem_kernel.dylib");
addr_t libsystem_c_header = (addr_t)libsystem_c.load_address;
auto text_section =
mach_kit::macho_get_section_by_name_64((struct mach_header_64 *)libsystem_c_header, "__TEXT", "__text");
addr_t shared_cache_load_addr = (addr_t)mach_kit::macho_get_shared_cache();
addr_t insn_addr = shared_cache_load_addr + (addr_t)text_section->offset;
addr_t insn_addr_end = insn_addr + text_section->size;
log_set_level(1);
addr_t write_svc_addr = (addr_t)DobbySymbolResolver("libsystem_kernel.dylib", "write");
write_svc_addr += 4;
for (insn_addr; insn_addr < insn_addr_end; insn_addr += sizeof(arm64_instr_t)) {
if (*(arm64_instr_t *)insn_addr == 0xd4001001) {
dobby_enable_near_branch_trampoline();
if(insn_addr == write_svc_addr)
continue;
DobbyInstrumentSVC((void *)insn_addr, NULL);
LOG(1, "instrument svc at %p", insn_addr);
}
}
}
#endif