Question

我使用Cydia Substrate来挂钩一组C文件IO函数：open，read，write，pread，pwrite，lseek ......我发现iOS 4和5中的sqlite3实现实际上调用open函数从db文件中获取文件描述符。然后，文件描述符用于在查询/更新数据库时读取/写入数据库。

然而，当我使用iOS 6进行相同的测试时，我发现open（和其他函数：close，fstat）没有得到调用。我非常肯定我的函数钩子有效，因为我看到open / close / fstat在其他地方被调用了。

使用iOS 6进行测试时会打印以下日志：

ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=100 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=512 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=10 nbyte=8 offset = 512
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=12 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 8192
 Success create table
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=100 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=16 offset = 24
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 8192
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=512 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 512
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4096 offset = 516
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 4612
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 4616
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4096 offset = 4620
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 8716
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 8720
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4096 offset = 8724
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=4 offset = 12820
ssize_t pread_vg(int, void *, size_t, off_t) fildes=10 nbyte=8 offset = 13312
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=10 nbyte=12 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 8192
 Contact added
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=100 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=16 offset = 24
ssize_t pread_vg(int, void *, size_t, off_t) fildes=9 nbyte=4096 offset = 4096
 Match found: Sandiago 9939182

下面是相同的代码，但在iOS 5上运行：

int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514 --> 6
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts-journal oflag=514
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts-journal oflag=514 --> 7
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents oflag=0
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents oflag=0 --> 8
int open_vg(const char *, int, ...) path=/dev/urandom oflag=0
int open_vg(const char *, int, ...) path=/dev/urandom oflag=0 --> 9
ssize_t read_vg(int, void *, size_t) fildes=9 nbyte=256 --> 256
int close_vg(int) fildes=9 --> 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=512 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=512 offset = 0 --> 512
ssize_t pread_vg(int, void *, size_t, off_t) fildes=7 nbyte=8 offset = 512
ssize_t pread_vg(int, void *, size_t, off_t) fildes=7 nbyte=8 offset = 512 --> 0
int close_vg(int) fildes=8 --> 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=12 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=12 offset = 0 --> 12
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192 --> 4096
int close_vg(int) fildes=7 --> 0
Success create table
int close_vg(int) fildes=6 --> 0
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514 --> 6
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0 --> 100
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0 --> 4096
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=16 offset = 24
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=16 offset = 24 --> 16
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192 --> 4096
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096 --> 4096
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts-journal oflag=514
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts-journal oflag=514 --> 7
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents oflag=0
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents oflag=0 --> 8
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=512 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=512 offset = 0 --> 512
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 512
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 512 --> 4
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 516
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 516 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 4612
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 4612 --> 4
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 4616
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 4616 --> 4
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 4620
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 4620 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 8716
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 8716 --> 4
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 8720
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 8720 --> 4
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 8724
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4096 offset = 8724 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 12820
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=4 offset = 12820 --> 4
ssize_t pread_vg(int, void *, size_t, off_t) fildes=7 nbyte=8 offset = 13312
ssize_t pread_vg(int, void *, size_t, off_t) fildes=7 nbyte=8 offset = 13312 --> 0
int close_vg(int) fildes=8 --> 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=12 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=7 nbyte=12 offset = 0 --> 12
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096 --> 4096
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192
ssize_t pwrite_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 8192 --> 4096
int close_vg(int) fildes=7 --> 0
Contact added
int close_vg(int) fildes=6 --> 0
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514
int open_vg(const char *, int, ...) path=/var/mobile/Applications/B5E571B3-9119-416E-8132-954EB3AE2F05/Documents/contacts oflag=514 --> 6
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=100 offset = 0 --> 100
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 0 --> 4096
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=16 offset = 24
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=16 offset = 24 --> 16
int fstat_vg(int, struct stat *) fd=6 --> 0
int fstat_vg(int, struct stat *) fd=6 --> 0
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096
ssize_t pread_vg(int, void *, size_t, off_t) fildes=6 nbyte=4096 offset = 4096 --> 4096
Match found: Bukit Merah View 84049398
int close_vg(int) fildes=6 --> 0

很明显它在2个文件描述符9和10（我认为是db和db-journal文件）上调用pread / pwrite。如何在不调用open的情况下获取文件描述符？

Answer 1

我试过查看libsqlite3.dylib，导入的符号列表中没有open函数，而是guarded_open_np。我怀疑在iOS 4和iOS 5中，guarded_open_np是使用open构建的。在iOS 6中，可以不使用open来实现它。

在iOS 6中更改了sqlite3_open实现

1 个答案: