So I'm working on a jailbrake tweak that hooks to a specific app on startup to allow users to use in-game mods for the app, but so far the only way I can get it to work is to use an ASLR disabled app. Since I can't release an ASLR disabled version of the app because of laws, I want to see the method used to calculate the app's memory location without ASLR disabled. I've seen it done before and just wonder if anyone else knows how to re-create it.
Asked
Active
Viewed 1,014 times
2
-
I'm assuming this is an app requiring a jailbreak? – Richard Brown Mar 09 '13 at 18:50
-
"that hooks to a specific app on startup" - maybe if you mentioned what this app is and what needs to be hooked in it, it would be easier for us to help you. – Mar 09 '13 at 18:51
-
@RichardBrown The tweak runs on mobilesubstrate, which is only available via jailbreak. – jocopa3 Mar 09 '13 at 18:52
-
@H2CO3 App is MinecraftPocket edition, but I don't see how that is relevant. – jocopa3 Mar 09 '13 at 18:53
-
@jocopa3 Well. Do you mean that MobileSubstrate fails to hook the methods/functions when ASLR is enabled? – Mar 09 '13 at 18:54
-
@H2C03 My tweak can't modify the app in memory without ASLR disabled, otherwise the app crashes. – jocopa3 Mar 09 '13 at 19:04
1 Answers
1
If you've successfully inserted your tweak (a dylib) into the target app, then you can use the dyld functions to get the ASLR offset (virtual memory address slide). Suppose you want to get the executable's offset, here's a snippet example:
for (uint32_t i = 0; i < _dyld_image_count(); i++) // enumerate all images (i.e. executables and libs)
{
const char *name = _dyld_get_image_name(i); // get full path of the image
NSString *path = [NSString stringWithFormat:@"%s", name];
if ([path hasSuffix:@"MinecraftPocket"]) NSLog(@"slide = %0x0lx", _dyld_get_image_vmaddr_slide(i)); // log the vm slide
}
Hope this helps!
snakeninny
- 213
- 4
- 8