I’m trying to hook a specific library and create this hook in runtime. The algorithm is very simple:
Now, the problem with arm64 is that these values lead me to a non mapped memory. The values there are pretty big for what I’d expect (they end beyond the library’s mapped memory).
Did any of you hear about this ?
can you show us some code?
and in which step the problem occurs?
Yeah sure.
I just noticed that it’s something with the way the linker works on arm64 devices, with any address/offsets.
For example, I’m trying to location the LINKEDIT segment of the library RawCamera for example.
dyld_cache is loaded into 0x182dc0000
RawCamera is loaded into 0x183e4000
Now when I read the LC_SEGMENT_64 which holds the address of LINKEDIT segment (vmaddr) I get: 0x1a0de5000, which is way beyond what I expect it to be…
Sooooooo.You’re trying to patch a system method at assembly level?
Yeah, that’s right… Any idea what changed in iOS 9 on arm64 that the offsets and vmaddr act so weird?
Nah.Every single piece of shit is broken on iOS9
Can you resolve symbols using dlsym?
EDIT:Also,for OBJC methods.maybe method_getImplementation would work?
And.Can you resolve the address using mach_header,never dealt with this kind of issue before.
mach_header* _dyld_get_image_header(uint32_t image_index);
Thanks for the help. My purpose is to resolve symbols using dlsym and all I can use it the mach header image. The problem with the mach header, is that the dyld changes the offsets and the vmaddr in a weird way which I couldn’t figure out yet…
That’s basically my question here 