堆栈内存溢出
  简体   繁体   English

cycript /底物如何与一个过程挂钩?

[英]How does cycript / substrate work to hook into a process?

 原文  2016-10-21 20:21:30       hook/ code-injection/ cydia-substrate/ cycript/ runtimemodification

问题描述

I am currently doing some research on techniques about hooking mobile applications and came across some frameworks like Xposed (Android), Frida (Android and iOS) and Cycript (iOS). 我目前正在研究有关挂钩移动应用程序的技术,并遇到了诸如Xposed(Android),Frida(Android和iOS)和Cycript(iOS)等框架。

The documentation about Xposed and Frida is fairly good explaining how exactly they are doing it. 关于Xposed和Frida的文档很好地解释了它们的工作方式。 Xposed states to manipulate the binary starting the Zygote process and loading an additional JAR file that assists in hooking the methods. Xposed状态用于操纵二进制文件,从而开始Zygote进程并加载有助于挂钩方法的其他JAR文件。 Frida documentation explains that it uses ptrace (in Linux environments) to attach to a process, allocating and populating a bootstrapper that loads a thread to launch a .so file containing the frida agent, in a nutshell, if I understood it correctly. Frida文档解释说,如果我正确理解的话,简而言之,它使用ptrace(在Linux环境中)连接到进程,分配并填充引导程序,该引导程序加载线程以启动包含frida代理的.so文件。

I couldn't find useful documentation about the strategy that Cycript pursues. 我找不到有关Cycript所采用的策略的有用文档。 I know that it is built on top of Cydia Substrate that does the actual hooking. 我知道它建立在Cydia Substrate的顶部,可以进行实际的挂钩。 I couldn't find details about how exactly Substrate accomplishes this either. 我也找不到有关Substrate如何准确完成此操作的详细信息。

I further understand that on iOS the objective-c runtime enables runtime manipulation as it is runtime-oriented. 我进一步了解,在iOS上,objective-c运行时启用了运行时操纵,因为它是面向运行时的。

Does anybody know how exactly Cycript / Cydia Substrate works to hook/inject into applications? 有谁知道Cycript / Cydia Substrate如何准确地勾搭/注入应用程序?

Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 2 已采纳  2016-10-21 22:43:06

It figured out that is apparently working by adding the DYLD_INSERT_LIBRARIES into the program's launchd manifest and thereby every time the application is started it loads the malicious payload by loading the dynamic library. 通过将DYLD_INSERT_LIBRARIES添加到程序的启动清单中,可以发现它显然是有效的,因此,每次启动应用程序时,它都会通过加载动态库来加载恶意负载。

Still, are there other techniques how to perform runtime hooking / manipulations on Android and iOS? 还有,还有其他技术如何在Android和iOS上执行运行时挂钩/操作?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Android Substrate如何工作? - How does Android Substrate work? 如何使用Cydia Substrate在Android中挂钩C / C ++方法 - How to hook C/C++ methods in Android using Cydia Substrate 如何在Feathers.js中使用钩子工作 - How does pluck hook work in feathersjs hook_theme()如何工作? - How does hook_theme() work? 网络挂钩iOS基板调整 - Network hook iOS Substrate Tweak Discord 如何连接到特定进程的音频? - How does Discord hook into a specific process's audio? 如何在.net中的对象创建过程中添加钩子 - how to add hook in object creation process in .net 如何挂钩具有更高完整性级别的进程? - How to hook a process with higher integrity level? 如何在使用CreateProcess创建的进程上安装钩子? - How to install a hook on a process created with CreateProcess? 如何在Windows中挂钩应用程序和进程启动? - How to hook into application and process startup in windows?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM