Created
July 13, 2024 04:07
-
-
Save pookjw/644adc8765c73946bea46ab25ab583fe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #include <substrate.h> | |
| #include <dlfcn.h> | |
| #import <sys/sysctl.h> | |
| namespace mtt_ptrace { | |
| int (*original)(int _request, pid_t _pid, caddr_t _addr, int _data); | |
| int custom(int _request, pid_t _pid, caddr_t _addr, int _data) { | |
| if (_request == 31 /* PT_DENY_ATTACH */) { | |
| return 0; | |
| } else { | |
| return original(_request, _pid, _addr, _data); | |
| } | |
| } | |
| void hook() { | |
| void *handle = dlopen("/usr/lib/system/libsystem_kernel.dylib", RTLD_NOW); | |
| void *symbol = dlsym(handle, "__ptrace"); | |
| MSHookFunction(symbol, reinterpret_cast<void *>(&custom), reinterpret_cast<void **>(&original)); | |
| } | |
| } | |
| namespace mtt_sysctl { | |
| int (*original)(int *arg0, u_int arg1, void *info, size_t *oldlenp, void *arg4, size_t newlen); | |
| int custom(int *arg0, u_int arg1, void *info, size_t *oldlenp, void *arg4, size_t newlen) { | |
| int result = original(arg0, arg1, info, oldlenp, arg4, newlen); | |
| kinfo_proc *kinfo = reinterpret_cast<kinfo_proc *>(info); | |
| if (kinfo->kp_proc.p_flag & P_TRACED) { | |
| kinfo->kp_proc.p_flag &= ~P_TRACED; | |
| } | |
| return result; | |
| } | |
| void hook() { | |
| void *handle = dlopen("/usr/lib/system/libsystem_c.dylib", RTLD_NOW); | |
| void *symbol = dlsym(handle, "sysctl"); | |
| MSHookFunction(symbol, reinterpret_cast<void *>(&custom), reinterpret_cast<void **>(&original)); | |
| } | |
| } | |
| __attribute__((constructor)) static void init() { | |
| mtt_ptrace::hook(); | |
| mtt_sysctl::hook(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment