A list,
-
In MaciOS, the /usr/lib/dyld program is used to load the dynamic library, the dyld_shared_cache_armX dynamic library from the previous article that shares cache files.
-
Dyld source: opensource.apple.com/tarballs/dy…
- Now that we’re through
dyldLoaded in, and generateddyld_shared_cache_armXThis resource pack, then it also naturally support unpack.
Second, generate extractor instructions
- We’re going to drop it
dyldOpen the project and find the one insidedsc_extractor.cppThis is onec++The document prepared, from the word can be seen is the meaning of extractor.
-
Open the command line, CD to the dsc_extractor. CPP folder, and then we need to generate the executable instructions for dsc_extractor. CPP via clang++.
DengzemiaodeMacBook - Pro: ~ dengzemiao $CD/Users/dengzemiao/Downloads/dyld - 832.7.1 dyld3 / Shared/cache /Copy the codeThen directly through clang++ to compile, the result is error, because it contains some can not compile in the file, we need to delete.
dengzemiaodeMacBook-Pro:shared-cache dengzemiao$ clang++ dsc_extractor.cpp dsc_extractor.cpp:40:10: fatal error: 'CodeSigningTypes.h' file not found #include "CodeSigningTypes.h" ^~~~~~~~~~~~~~~~~~~~ 1 error generated. Copy the codeWe just need the code in the red box to get rid of all the other code, except for this one code that is used to extract, which is at the bottom of the file, and we can just scroll down to the bottom.
Once deleted, this is all you need
But fprintf and stderr got an error after I deleted the code above, so I just commented it out, it’s just output.
dsc_extractor.cpp
// test program #include <stdio.h> #include <stddef.h> #include <dlfcn.h> typedef int (*extractor_proc)(const char* shared_cache_file_path, const char* extraction_root_path, void (^progress)(unsigned current, unsigned total)); int main(int argc, const char* argv[]) { if ( argc ! = 3 ) { // fprintf(stderr, "usage: dsc_extractor <path-to-cache-file> <path-to-device-dir>\n"); return 1; } //void* handle = dlopen("/Volumes/my/src/dyld/build/Debug/dsc_extractor.bundle", RTLD_LAZY); void* handle = dlopen("/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/usr/lib/dsc_extractor.bundle", RTLD_LAZY); if ( handle == NULL ) { // fprintf(stderr, "dsc_extractor.bundle could not be loaded\n"); return 1; } extractor_proc proc = (extractor_proc)dlsym(handle, "dyld_shared_cache_extract_dylibs_progress"); if ( proc == NULL ) { // fprintf(stderr, "dsc_extractor.bundle did not have dyld_shared_cache_extract_dylibs_progress symbol\n"); return 1; } int result = (*proc)(argv[1], argv[2], ^(unsigned c, unsigned total) { // printf("%d/%d\n", c, total); }); // fprintf(stderr, "dyld_shared_cache_extract_dylibs_progress() => %d\n", result); return 0; }Copy the codeThe command is then executed to obtain the DSC_Extractor instruction.
Dsc_extractor is the generated file name $clang++ -o dsc_extractor dsc_extractor.cppCopy the code
Three,dsc_extractorFetch instruction to use
-
How to use the dsc_extractor directive
$dsc_extractor Dynamic library file path after extraction storage pathCopy the code -
Place this directive file with the dyld_shared_cache_armX file you obtained earlier for easy use.
-
Execute the instructions and extract the dynamic library package
$ ./dsc_extractor dyld_shared_cache_arm64 arm64 Copy the code -
Then it can be dragged into the Hopper Disassmbler for analysis.
