Closed sdem closed 13 years ago
rentzsch
commented
13 years ago Interesting, I haven't heard about function implementations that start with jump instructions. I wonder if those have been hand-written by someone or if this is a new dyld trick.
Anyway, pulled. Thanks!
sdem
commented
13 years ago It's not just one isolated function. The first jmp (relative) is amongst other (packed) jmps. Then the second jmp (absolute from a relative pointer) is also in the middle of other similar jmps. It definitely looks like dynamic linking tricks to me.
I wanted to say thank you for maintaining mach_star. It's very precious to my app AccuBeatMix. Let me know if you want a serial BTW.
Sylvain.
Le 25 Jul 2011 à 12:13, rentzsch a écrit :
Interesting, I haven't heard about function implementations that start with jump instructions. I wonder if those have been hand-written by someone or if this is a new dyld trick.
Anyway, pulled. Thanks!
Reply to this email directly or view it on GitHub: https://github.com/rentzsch/mach_star/pull/8#issuecomment-1646904
This addresses overriding such functions as AudioOutputUnitStart() in Lion. There seems to be some double indirection before getting to the actual function. In 32 bits: jmp .+0x???????? then jmp *0x???????? In 64 bits: jmp .+0x???????? then jmp qword near [rip+0x????????] The fix works for both 32 and 64 bits. This could be addressed outside of mach_star, but then it would not be possible to use the MACH_OVERRIDE macro. There's a test project for checking the AudioOutputUnitStart() overriding, but being new to github, I don't know how to send it yet.
Also, small (potential) bug fix: try making islands executable before planting the jmp.
Regards, Sylvain Demongeot (author of AccuBeatMix)