Hook called in iOS simulator but not called on-device

[NSExceptional]

I'm trying to hook os_log_shim_enabled, a private function in CoreFoundation that changes how NSLog() behaves. Here's my code:

static BOOL FLEXDidHookNSLog = NO;
BOOL (*orig_os_log_shim_enabled)() = nil;
BOOL my_os_log_shim_enabled() {
    return NO;
}

@implementation FLEXSystemLogViewController

+ (void)load {
    FLEXDidHookNSLog = rebind_symbols((struct rebinding[1]) {
        "os_log_shim_enabled",
        (void *)my_os_log_shim_enabled,
        (void **)&orig_os_log_shim_enabled
    }, 1) == 0;
}

...

As the title says, it works in the simulator, but has no effect on-device. I came across this issue, but I don't really understand what might be going wrong. rebind_symbols returns 0 in both cases, and stepping through the code running on-device I can see that fishhook does indeed find the symbol and does replace it here from within __la_symbol_ptr:

static void perform_rebinding_with_section(...) {
    ...
--> indirect_symbol_bindings[i] = cur->rebindings[j].replacement;
    ...
}

When I set a breakpoint for the original function, I can see it's being called instead of my replacement. Here's a screenshot of the debugger:

Is _CFLogvEx3 just not using the lazy binding in this case? Does that mean I'll need to use another hooking library that uses trampolines?

[saagarjha]

I think calls to symbols in the shared cache just go through directly, since they're all linked together? Since the simulator doesn't use a shared cache (to my knowledge) it must go through a PLT stub, which fishhook can intercept.

[NSExceptional]

Ah, that makes sense. Well, now anyone else running into this will hopefully find this issue through Google with this explanation. Thanks!