当前位置: 文江博客话题详情

开始对 OS X 进行逆向工程?

发布于 2024-08-20 16:43:48 字数 321 浏览 3 评论 0原文

学习逆向工程(特别是适用于 Mac OS X 的逆向工程)的好地方是什么?在这个主题方面我很欣赏的两个应用程序:

Hyperspaces – Link

Orbit – http://www.steventroughtonsmith.com/orbit/

谢谢大家。

原文

What is a good place to learn reverse engineering, specifically as it applies to Mac OS X? Two apps that I admire in terms of this subject:

Hyperspaces – Link

and

Orbit – http://www.steventroughtonsmith.com/orbit/

Thanks guys.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(8

忆伤 2024-08-27 16:43:48

你应该买一本Mac OS X Internals,这是一本很棒的书,讲述了苹果没有告诉你的一切。如果您对逆向工程感兴趣,这不仅非常有用,而且总体上还会让您成为更好的 OS X 程序员。

You should grab a copy of Mac OS X Internals which is an awesome book about everything that Apple does not tell you. Not only is this great if you are interested in reverse engineering, it will also make you a better OS X programmer in general.

回复 原文
套路撩心 2024-08-27 16:43:48

使用 class-dump-x/-z 获取 OS X/iPhone OS 系统框架的私有 Objective-C 标头。有很多类/方法对公众隐藏(有些是正确的)

Use class-dump-x/-z to get the private Objective-C headers for OS X/iPhone OS system frameworks. There are a lot of classes/methods hidden from the public (some rightly so)

回复 原文
栖竹 2024-08-27 16:43:48

Apple 以开源方式发布了大量 OS X 基础内容。 请参阅此处

此外,F-Script Anywhere将有助于剖析 Finder 和/或任何其他闭源应用程序。

Apple releases a ton of the foundation of OS X as open source. See here.

In addition, F-Script Anywhere will help a ton with dissecting the Finder and/or any other closed source application.

回复 原文
云醉月微眠 2024-08-27 16:43:48

特别是对于 iPhoneOS,class-dump-z 是转储标头的好方法。当然,唯一的问题是您实际上无法看到每个方法内部发生了什么。 IDA Pro 和一些脚本可以查看这些系统框架的汇编指令。 (示例图片:http://grab.by/1Vn6)。

最方便的 IDC 脚本是 fixobjc2 和 dyldinfo。您可以在此博客文章中找到其中的每个链接:http://networkpx.blogspot.com/2010/01/two-ida-pro-5x-scripts-for-iphoneos.html

但是,如果您无法使用这些信息有什么用它? iPhone 开发人员 saurik 编写了一种名为 MobileSubstrate 的东西,可以挂钩任何方法。 http://svn.saurik.com/repos/menes/trunk/mobilesubstrate/< /a>

For iPhoneOS specifically, class-dump-z is a great way to dump headers. The only problem, of course, is that you can't actually see what is going on inside of each method. IDA Pro and a few scripts make it possible to see the assembly instructions for these system frameworks. (example picture: http://grab.by/1Vn6).

The most handy IDC scripts are fixobjc2 and dyldinfo. You can find each of these linked from this blog post: http://networkpx.blogspot.com/2010/01/two-ida-pro-5x-scripts-for-iphoneos.html

But, what good is this information if you can't use it? iPhone developer saurik has written something called MobileSubstrate that enables hooking onto any method. http://svn.saurik.com/repos/menes/trunk/mobilesubstrate/

回复 原文
筱武穆 2024-08-27 16:43:48

其他人已经提到了 class-dump,它是从编译的可执行文件中检索类定义的出色工具。在相关说明中,您还应该看看 otx,它提供了非常好的(可读),拆解后的输出。

如果您需要一种快速测试代码片段的方法,请使用 F-Script(其他人提到过)、NuMacRuby。其中,我主要使用Nu。它能够动态定义桥接函数,并且可以处理指针,如果您需要调用任意 C 函数,这两者都非常方便。

既然您提到对 Spaces 和其他屏幕管理器感兴趣,您还应该阅读 有关逆向工程的简要教程操作系统 X。这是 Rich Wareham(Spaces 之前的多桌面应用程序“桌面管理器”的作者)撰写的一篇旧文章,介绍了他如何找出一些私有 CoreGraphics 方法的调用语法,以便实现良好的桌面转换。 桌面管理器的源代码也可用,这可能很有用给你。

Others have already mentioned class-dump, which is an excellent tool for retrieving the class definitions from a compiled executable. On a related note, you should also take a look at otx, which is provides very nice (readable), disassembled output.

If you need a way to quickly test snippets of code, use F-Script (mentioned by others), Nu or MacRuby. Of these, I've mainly used Nu. It has the capability to define bridged functions on the fly, and can handle pointers, both of which are pretty handy if you need to call arbitrary C functions.

Since you mentioned being interesting in Spaces and other screen managers, you should also read A brief tutorial on reverse engineering OS X. It's an old article by Rich Wareham (author of the pre-Spaces multi-desktop app: 'Desktop Manager') on how he figured out the call syntax for few private CoreGraphics methods in order to do nice desktop transitions. The source code for Desktop Manager is also available, which might be useful to you.

回复 原文
失而复得 2024-08-27 16:43:48

此站点展示了如何修补现有的 Objective C 程序:http://www.culater。 net/wiki/moin.cgi/CocoaReverseEngineering

即构成:

[[B class] poseAsClass:[A class]];

和方法调配:(

 /**
 * Renames the selector for a given method.
 * Searches for a method with _oldSelector and reassigned _newSelector to that
 * implementation.
 * @return NO on an error and the methods were not swizzled
 */
BOOL DTRenameSelector(Class _class, SEL _oldSelector, SEL _newSelector)
{
        Method method = nil;

        // First, look for the methods
        method = class_getInstanceMethod(_class, _oldSelector);
        if (method == nil)
                return NO;

        method->method_name = _newSelector;
        return YES;
}

// *** Example ***


// never implemented, just here to silence a compiler warning
@interface WebInternalImage (PHWebInternalImageSwizzle)
- (void) _webkit_scheduleFrame;
@end

@implementation WebInternalImage (PHWebInternalImage)

+ (void) initialize
{
        DTRenameSelector([self class], @selector(scheduleFrame), @selector (_webkit_scheduleFrame));
        DTRenameSelector([self class], @selector(_ph_scheduleFrame), @selector(scheduleFrame));
}

- (void) _ph_scheduleFrame
{
        // do something crazy...
        ...
        // call the "super" method - this method doesn't exist until runtime
        [self _webkit_scheduleFrame];
}

@end

代码复制自 http://www.culater.net/wiki/moin.cgi/CocoaReverseEngineering)

This site shows how to patch an existing Objective C program: http://www.culater.net/wiki/moin.cgi/CocoaReverseEngineering

Namely posing:

[[B class] poseAsClass:[A class]];

and method swizzling:

 /**
 * Renames the selector for a given method.
 * Searches for a method with _oldSelector and reassigned _newSelector to that
 * implementation.
 * @return NO on an error and the methods were not swizzled
 */
BOOL DTRenameSelector(Class _class, SEL _oldSelector, SEL _newSelector)
{
        Method method = nil;

        // First, look for the methods
        method = class_getInstanceMethod(_class, _oldSelector);
        if (method == nil)
                return NO;

        method->method_name = _newSelector;
        return YES;
}

// *** Example ***


// never implemented, just here to silence a compiler warning
@interface WebInternalImage (PHWebInternalImageSwizzle)
- (void) _webkit_scheduleFrame;
@end

@implementation WebInternalImage (PHWebInternalImage)

+ (void) initialize
{
        DTRenameSelector([self class], @selector(scheduleFrame), @selector (_webkit_scheduleFrame));
        DTRenameSelector([self class], @selector(_ph_scheduleFrame), @selector(scheduleFrame));
}

- (void) _ph_scheduleFrame
{
        // do something crazy...
        ...
        // call the "super" method - this method doesn't exist until runtime
        [self _webkit_scheduleFrame];
}

@end

(code copied from http://www.culater.net/wiki/moin.cgi/CocoaReverseEngineering)

回复 原文
可爱咩 2024-08-27 16:43:48

作为其他答案的补充,您将需要查看 DYLD_INSERT_LIBRARIES 来将代码注入到 Cocoa 程序中。

As an addition to the other answers, you are going to want to check out DYLD_INSERT_LIBRARIES to inject your code into a Cocoa program.

回复 原文
你在看孤独的风景 2024-08-27 16:43:48

您绝对应该考虑使用 DTrace。 BlackHat 有一个关于在 OS X 上使用 DTrace 进行逆向工程的精彩演示,题为“DTRACE:逆向工程师的意外瑞士军刀”。

您可以获取副本并观看视频演示 在这里

www.uninformed.org 上还有一些关于 OS X 逆向工程的优秀论文。

You should definitely consider using DTrace. There is an excellent BlackHat presentation on using DTrace for reverse engineering on OS X entitled, "DTRACE: The Reverse Engineer's Unexpected Swiss Army Knife".

You can get a copy and view the video presentation here.

There are also some excellent papers at www.uninformed.org on reverse engineering OS X.

回复 原文
~没有更多了~

关于作者

眼眸印温柔

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文