why can't hook socket function? about fishhook HOT 7 CLOSED

Unfortunately there are limits to what Fishhook can hook. Fishhook is able to hook function bindings. However, inside of any given library, when one function calls another function it will do so directly, without going through a binding. This is what's happening here. There's no way I know of to hook that bl.

from fishhook.

Thanks a lot , you are right, I can't hook the webview component by fishhook, It's so sad!!
But fishhook is a awesome tool!

I try to find another way to resolve the problem.
Thanks again for being so helpful! @kastiglione

from fishhook.

Which file/library/function are these instructions located?

from fishhook.

The bl instruction "0x1903d88bc <+64>: bl 0x190364fec ; socket " is in /usr/lib/system/libsystem_network.dylib.
I found that some functions in libsystem_network.dylib can't be hooked, For example:socket, setsockopt

from fishhook.

Can you hook the socket function by fishhook on real iphone ? @kastiglione

from fishhook.

I call the socket function by c language in an App and hook the socket function is ok.
In the App I use the webview component where I want to hook socket function, but fishhook can't work in iphone
I found that webview call socket pointer in libsystem_network.dylib implemented by libsystem_kernel.dylib
(lldb) bt

• thread #47: tid = 0x144a84, 0x0000000190364fec libsystem_kernel.dylib`socket, queue = 'com.apple.network.connections', stop reason = breakpoint 2.2
  • frame #0: 0x0000000190364fec libsystem_kernel.dylibsocket frame #1: 0x00000001903d88c0 libsystem_network.dylibnetcore_create_control_socket + 68
    frame #2: 0x0000000190409998 libsystem_network.dylibnw_get_host_stats + 72 frame #3: 0x000000019dbee430 libnetwork.dylibnw_endpoint_resolver_start_next_child + 1160
    frame #4: 0x0000000101965258 libdispatch.dylib_dispatch_call_block_and_release + 24 frame #5: 0x0000000101965218 libdispatch.dylib_dispatch_client_callout + 16
    frame #6: 0x0000000101972aec libdispatch.dylib_dispatch_queue_serial_drain + 1136 frame #7: 0x0000000101968ce0 libdispatch.dylib_dispatch_queue_invoke + 672
    frame #8: 0x0000000101974e2c libdispatch.dylib_dispatch_root_queue_drain + 584 frame #9: 0x0000000101974b78 libdispatch.dylib_dispatch_worker_thread3 + 140
    frame #10: 0x00000001904432a0 libsystem_pthread.dylib_pthread_wqthread + 1288 frame #11: 0x0000000190442d8c libsystem_pthread.dylibstart_wqthread + 4

On the frame #1, I found that in the libsystem_network.dylib the socket function called by bl instructions:
libsystem_network.dylib`netcore_create_control_socket:
0x1903d887c <+0>: stp x26, x25, [sp, #-80]!
0x1903d8880 <+4>: stp x24, x23, [sp, #16]
0x1903d8884 <+8>: stp x22, x21, [sp, #32]
0x1903d8888 <+12>: stp x20, x19, [sp, #48]
0x1903d888c <+16>: stp x29, x30, [sp, #64]
0x1903d8890 <+20>: add x29, sp, #64 ; =64
0x1903d8894 <+24>: sub sp, sp, #352 ; =352
0x1903d8898 <+28>: mov x20, x0
0x1903d889c <+32>: add x23, sp, #56 ; =56
0x1903d88a0 <+36>: adrp x22, 132542
0x1903d88a4 <+40>: ldr x22, [x22, #8]
0x1903d88a8 <+44>: ldr x22, [x22]
0x1903d88ac <+48>: str x22, [x23]
0x1903d88b0 <+52>: orr w0, wzr, #0x20
0x1903d88b4 <+56>: orr w1, wzr, #0x2
0x1903d88b8 <+60>: orr w2, wzr, #0x2
0x1903d88bc <+64>: bl 0x190364fec ; socket
0x1903d88c0 <+68>: mov x19, x0
0x1903d88c4 <+72>: cmn w19, #1 ; =1

The bl instruction can't be hooked?

from fishhook.

Happy to help, let m know if you have any more questions.

from fishhook.