[求助]如何hook这个系统函数-enumeratorAtPath-iOS安全-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 2 楼首先，enumeratorAtPath没有 hook 到多半是你代码有问题。其次： enumeratorAtPath 的实现最终函数 opendir() - (NSDirectoryEnumerator) enumeratorAtPath: (NSString)path { return AUTORELEASE([[NSDirectoryEnumerator alloc] initWithDirectoryPath: path recurseIntoSubdirectories: YES followSymlinks: NO justContents: NO for: self]); } 具体实现： /** Initialize instance to enumerate contents at path, which should be a directory and can be specified in relative or absolute, and may include Unix conventions like '<code>~</code>' for user home directory, which will be appropriately converted on Windoze systems.The justContents flag, if set, is equivalent to recurseIntoSubdirectories = NO and followSymlinks = NO, but the implementation will be made more efficient. / - (id) initWithDirectoryPath: (NSString)path recurseIntoSubdirectories: (BOOL)recurse followSymlinks: (BOOL)follow justContents: (BOOL)justContents for: (NSFileManager)mgr { if (nil != (self = [super init])) { //TODO: the justContents flag is currently basically useless and should be //removed _DIRdir_pointer; const _CHAR*localPath; _mgr = RETAIN(mgr); _stack = NSZoneMalloc([self zone], sizeof(GSIArray_t)); GSIArrayInitWithZoneAndCapacity(_stack, [selfzone], 64); _flags.isRecursive = recurse; _flags.isFollowing = follow; _flags.justContents = justContents; _topPath = [[NSString alloc] initWithString: path]; localPath = [_mgrfileSystemRepresentationWithPath: path]; dir_pointer = _OPENDIR(localPath); if (dir_pointer) { GSIArrayItem item; item.ext.path = @""; item.ext.pointer = dir_pointer; GSIArrayAddItem(_stack, item); } else { NSDebugLog(@"Failed to recurse into directory '%@' - %@", path, [NSError _last]); } } returnself; } https://github.com/gnustep/libs-base/blob/a8c2c4965dc57d2edc98003d4cc8ed65e251e39b/Source/NSFileManager.m#L2224 2017-10-10 18:03 0
gemo 雪币： 257 活跃值： (44) 能力值： ( LV3，RANK：20 ) 在线值：发帖 28 回帖 99 粉丝 0 关注私信	gemo 3 楼多谢LS。我按照你说的hook了opendir，系统被损坏进不了系统了。但是恢复后我用同样的写法hook了fopen，系统正常。求指点。。。 DIR (old_opendir)(const char path); DIR my_opendir(const char * path) { return old_opendir(path); } %ctor { MSHookFunction(&opendir, &my_opendir, &old_opendir); } FILE (old_fopen)(const char path, const char mode); FILE my_fopen(const char path, const char *mode) { return old_fopen(path, mode); } %ctor { MSHookFunction(&fopen, &my_fopen, &old_fopen); } 2017-10-11 11:15 0
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 4 楼注意下嵌套调用就是，一般 hook 底层函数都要非常小心这个问题。 2017-10-11 13:46 0
roysue 雪币： 3907 活跃值： (5817) 能力值： ( LV12，RANK：200 ) 在线值：发帖 109 回帖 493 粉丝 632 关注私信	roysue 3 5 楼 2017-11-3 11:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 2 楼首先，enumeratorAtPath没有 hook 到多半是你代码有问题。其次： enumeratorAtPath 的实现最终函数 opendir() - (NSDirectoryEnumerator) enumeratorAtPath: (NSString)path { return AUTORELEASE([[NSDirectoryEnumerator alloc] initWithDirectoryPath: path recurseIntoSubdirectories: YES followSymlinks: NO justContents: NO for: self]); } 具体实现： /** Initialize instance to enumerate contents at path, which should be a directory and can be specified in relative or absolute, and may include Unix conventions like '<code>~</code>' for user home directory, which will be appropriately converted on Windoze systems.The justContents flag, if set, is equivalent to recurseIntoSubdirectories = NO and followSymlinks = NO, but the implementation will be made more efficient. / - (id) initWithDirectoryPath: (NSString)path recurseIntoSubdirectories: (BOOL)recurse followSymlinks: (BOOL)follow justContents: (BOOL)justContents for: (NSFileManager)mgr { if (nil != (self = [super init])) { //TODO: the justContents flag is currently basically useless and should be //removed _DIRdir_pointer; const _CHAR*localPath; _mgr = RETAIN(mgr); _stack = NSZoneMalloc([self zone], sizeof(GSIArray_t)); GSIArrayInitWithZoneAndCapacity(_stack, [selfzone], 64); _flags.isRecursive = recurse; _flags.isFollowing = follow; _flags.justContents = justContents; _topPath = [[NSString alloc] initWithString: path]; localPath = [_mgrfileSystemRepresentationWithPath: path]; dir_pointer = _OPENDIR(localPath); if (dir_pointer) { GSIArrayItem item; item.ext.path = @""; item.ext.pointer = dir_pointer; GSIArrayAddItem(_stack, item); } else { NSDebugLog(@"Failed to recurse into directory '%@' - %@", path, [NSError _last]); } } returnself; } https://github.com/gnustep/libs-base/blob/a8c2c4965dc57d2edc98003d4cc8ed65e251e39b/Source/NSFileManager.m#L2224 2017-10-10 18:03 0
gemo 雪币： 257 活跃值： (44) 能力值： ( LV3，RANK：20 ) 在线值：发帖 28 回帖 99 粉丝 0 关注私信	gemo 3 楼多谢LS。我按照你说的hook了opendir，系统被损坏进不了系统了。但是恢复后我用同样的写法hook了fopen，系统正常。求指点。。。 DIR (old_opendir)(const char path); DIR my_opendir(const char * path) { return old_opendir(path); } %ctor { MSHookFunction(&opendir, &my_opendir, &old_opendir); } FILE (old_fopen)(const char path, const char mode); FILE my_fopen(const char path, const char *mode) { return old_fopen(path, mode); } %ctor { MSHookFunction(&fopen, &my_fopen, &old_fopen); } 2017-10-11 11:15 0
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 4 楼注意下嵌套调用就是，一般 hook 底层函数都要非常小心这个问题。 2017-10-11 13:46 0
roysue 雪币： 3907 活跃值： (5817) 能力值： ( LV12，RANK：200 ) 在线值：发帖 109 回帖 493 粉丝 632 关注私信	roysue 3 5 楼 2017-11-3 11:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复