[求助]如何hook这个系统函数-enumeratorAtPath-iOS安全-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 2 楼首先，enumeratorAtPath没有 hook 到多半是你代码有问题。其次： enumeratorAtPath 的实现最终函数 opendir() - (NSDirectoryEnumerator) enumeratorAtPath: (NSString)path { return AUTORELEASE([[NSDirectoryEnumerator alloc] initWithDirectoryPath: path recurseIntoSubdirectories: YES followSymlinks: NO justContents: NO for: self]); } 具体实现： /** Initialize instance to enumerate contents at path, which should be a directory and can be specified in relative or absolute, and may include Unix conventions like '<code>~</code>' for user home directory, which will be appropriately converted on Windoze systems.The justContents flag, if set, is equivalent to recurseIntoSubdirectories = NO and followSymlinks = NO, but the implementation will be made more efficient. / - (id) initWithDirectoryPath: (NSString)path recurseIntoSubdirectories: (BOOL)recurse followSymlinks: (BOOL)follow justContents: (BOOL)justContents for: (NSFileManager)mgr { if (nil != (self = [super init])) { //TODO: the justContents flag is currently basically useless and should be //removed _DIRdir_pointer; const _CHAR*localPath; _mgr = RETAIN(mgr); _stack = NSZoneMalloc([self zone], sizeof(GSIArray_t)); GSIArrayInitWithZoneAndCapacity(_stack, [selfzone], 64); _flags.isRecursive = recurse; _flags.isFollowing = follow; _flags.justContents = justContents; _topPath = [[NSString alloc] initWithString: path]; localPath = [_mgrfileSystemRepresentationWithPath: path]; dir_pointer = _OPENDIR(localPath); if (dir_pointer) { GSIArrayItem item; item.ext.path = @""; item.ext.pointer = dir_pointer; GSIArrayAddItem(_stack, item); } else { NSDebugLog(@"Failed to recurse into directory '%@' - %@", path, [NSError _last]); } } returnself; } d00K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4L8Y4g2K6N6r3g2H3i4K6u0r3L8r3W2T1M7#2)9J5k6r3u0S2M7$3g2Q4x3V1k6T1L8r3!0T1i4K6u0r3j5e0S2U0x3X3x3@1z5e0j5#2k6r3x3#2y4$3b7J5k6h3c8U0z5e0R3H3x3o6y4V1y4r3y4U0z5r3g2V1y4U0g2W2x3U0f1I4k6e0x3&6j5W2)9J5c8W2y4G2N6i4u0U0k6g2)9J5c8V1&6e0c8X3W2D9k6f1#2S2L8X3q4Y4k6i4u0Q4x3X3g2E0i4K6t1K6e0o6t1J5x3U0b7`. 2017-10-10 18:03 0
gemo 雪币： 257 活跃值： (44) 能力值： ( LV3，RANK：20 ) 在线值：发帖 28 回帖 99 粉丝 0 关注私信	gemo 3 楼多谢LS。我按照你说的hook了opendir，系统被损坏进不了系统了。但是恢复后我用同样的写法hook了fopen，系统正常。求指点。。。 DIR (old_opendir)(const char path); DIR my_opendir(const char * path) { return old_opendir(path); } %ctor { MSHookFunction(&opendir, &my_opendir, &old_opendir); } FILE (old_fopen)(const char path, const char mode); FILE my_fopen(const char path, const char *mode) { return old_fopen(path, mode); } %ctor { MSHookFunction(&fopen, &my_fopen, &old_fopen); } 2017-10-11 11:15 0
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 4 楼注意下嵌套调用就是，一般 hook 底层函数都要非常小心这个问题。 2017-10-11 13:46 0
roysue 雪币： 3907 活跃值： (5922) 能力值： ( LV12，RANK：200 ) 在线值：发帖 108 回帖 491 粉丝 669 关注私信	roysue 3 5 楼 2017-11-3 11:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 2 楼首先，enumeratorAtPath没有 hook 到多半是你代码有问题。其次： enumeratorAtPath 的实现最终函数 opendir() - (NSDirectoryEnumerator) enumeratorAtPath: (NSString)path { return AUTORELEASE([[NSDirectoryEnumerator alloc] initWithDirectoryPath: path recurseIntoSubdirectories: YES followSymlinks: NO justContents: NO for: self]); } 具体实现： /** Initialize instance to enumerate contents at path, which should be a directory and can be specified in relative or absolute, and may include Unix conventions like '<code>~</code>' for user home directory, which will be appropriately converted on Windoze systems.The justContents flag, if set, is equivalent to recurseIntoSubdirectories = NO and followSymlinks = NO, but the implementation will be made more efficient. / - (id) initWithDirectoryPath: (NSString)path recurseIntoSubdirectories: (BOOL)recurse followSymlinks: (BOOL)follow justContents: (BOOL)justContents for: (NSFileManager)mgr { if (nil != (self = [super init])) { //TODO: the justContents flag is currently basically useless and should be //removed _DIRdir_pointer; const _CHAR*localPath; _mgr = RETAIN(mgr); _stack = NSZoneMalloc([self zone], sizeof(GSIArray_t)); GSIArrayInitWithZoneAndCapacity(_stack, [selfzone], 64); _flags.isRecursive = recurse; _flags.isFollowing = follow; _flags.justContents = justContents; _topPath = [[NSString alloc] initWithString: path]; localPath = [_mgrfileSystemRepresentationWithPath: path]; dir_pointer = _OPENDIR(localPath); if (dir_pointer) { GSIArrayItem item; item.ext.path = @""; item.ext.pointer = dir_pointer; GSIArrayAddItem(_stack, item); } else { NSDebugLog(@"Failed to recurse into directory '%@' - %@", path, [NSError _last]); } } returnself; } d00K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4L8Y4g2K6N6r3g2H3i4K6u0r3L8r3W2T1M7#2)9J5k6r3u0S2M7$3g2Q4x3V1k6T1L8r3!0T1i4K6u0r3j5e0S2U0x3X3x3@1z5e0j5#2k6r3x3#2y4$3b7J5k6h3c8U0z5e0R3H3x3o6y4V1y4r3y4U0z5r3g2V1y4U0g2W2x3U0f1I4k6e0x3&6j5W2)9J5c8W2y4G2N6i4u0U0k6g2)9J5c8V1&6e0c8X3W2D9k6f1#2S2L8X3q4Y4k6i4u0Q4x3X3g2E0i4K6t1K6e0o6t1J5x3U0b7`. 2017-10-10 18:03 0
gemo 雪币： 257 活跃值： (44) 能力值： ( LV3，RANK：20 ) 在线值：发帖 28 回帖 99 粉丝 0 关注私信	gemo 3 楼多谢LS。我按照你说的hook了opendir，系统被损坏进不了系统了。但是恢复后我用同样的写法hook了fopen，系统正常。求指点。。。 DIR (old_opendir)(const char path); DIR my_opendir(const char * path) { return old_opendir(path); } %ctor { MSHookFunction(&opendir, &my_opendir, &old_opendir); } FILE (old_fopen)(const char path, const char mode); FILE my_fopen(const char path, const char *mode) { return old_fopen(path, mode); } %ctor { MSHookFunction(&fopen, &my_fopen, &old_fopen); } 2017-10-11 11:15 0
enlangs 雪币： 155 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 47 粉丝 0 关注私信	enlangs 4 楼注意下嵌套调用就是，一般 hook 底层函数都要非常小心这个问题。 2017-10-11 13:46 0
roysue 雪币： 3907 活跃值： (5922) 能力值： ( LV12，RANK：200 ) 在线值：发帖 108 回帖 491 粉丝 669 关注私信	roysue 3 5 楼 2017-11-3 11:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复