In computer, the instructions of a function are stored in memory. When the process is going to call the function, it needs to know where to locate the function in memory, and then executes its instructions at there. That is to say , the process needs to know the memory address of a function according to its name. The mapping of function names and addresses is stored in the "symbol table". "symbol" is the name of the function, according to which the process locates the function's address I'm memory and then jumps there to execute it.
Imagine such a scenario: Your App calls a "lookup", rhino it can import the dylib, and call the function as it wishes, causing great consumption of your server resources.
To avoid this, symbols are divided into 2 types, i.e. public symbols and private symbols (Besides, there are stripped symbols). Private symbols are not property of yours, you can not make use of them as you wish. That's to say, MSHookFunction will fail on private symbols without further manipulation. So saurik provides the MSFindSymbol function to access private symbols.
网友评论