2

背景:https ://github.com/kennytm/Miscellaneous/issues/1

特别看一下planetbeing的评论。但他们仍然让我感到困惑:

  1. “当在启用了 ASLR 的 iOS 上运行的进程读取时,/System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7 似乎由于应用了 ASLR 而发生了变化,尽管文件系统上实际上并没有被更改”。根据我的测试,/System/Library/Caches/com.apple.dyld/dyld_shared_cache_armvXX 的 md5 有时会发生变化,因此文件系统上的这个文件似乎正在发生变化。我有什么误解吗?
  2. 如果此文件在文件系统上未更改,并且没有 PIC 的程序(例如https://gist.github.com/theiostream/4366719)将其复制到另一个位置,则两个文件在文件系统上应该是相同的。当我将它们 scp 到我的 MAC 时,为什么不能解缓存原始文件但新复制的文件?
4

1 回答 1

0

dyld_shared_cache_armvXX is not changing in filesystem. Did simple test. Copied the file to my PC, checked MD5 with iFile on device itself. After reboot did it again. MD5 in iFile was indeed different but MD5 of the files on my PC was the same.

I quess it's due to how this file is treated by iOS. On application launch this file is being mapped into the app's address space so dyld don't need to lookup, open and read every library thus reducing application launch time. Because ASLR is enabled when app launches libraries are being placed at random offsets in it's virtual memory space (I don't think OS is changing something in the actual physical memory, offsets are added to virtual addresses). That's why you get different MD5 when ASLR enabled and the same MD5 when ASLR disabled.

于 2013-09-27T23:39:12.773 回答