# 05.dylib注入 ## 一、分析MachO 可以发现系统动态库的路径是在系统下的 ![](/files/-MZrCxruR4-4OYAITt3X) 非系统库是在工程的相对路径中 ![](/files/-MZrCxrvd9qDxeUpxj6I) 因为我们并没有源码,所以想要注入代码就要通过直接修改MachO文件来实现。 ## 二、工具***yololib*** 在[利用Xcode进行重签名与调试](https://github.com/RyukieSama/RyukieDevGitBook/tree/7e62a87431cc22e494237a3bf0e1c4742485aea8/RyukieDevGitBook/逆向/04.利用Xcode进行重签名与调试.md)中有提到如何使用脚本进行重签名,这里我们也可以通过修改脚本快速的使用工具进行MachO文件的修改。 结尾加上这一句: ``` ./yololib "$TARGET_APP_PATH/$APP_BINARY" "Frameworks/你要注入的.dylib" ``` > 可能会遇到 ***./yololib: Permission denied*** 错误,为文件添加权限即可 ***chmod +x yololib*** ## 三、准备自己的dylib ### 3.1 建一个`MacOS`的`Library`。 ![1](/files/-Me5MicGRpbyYRC0YPWx) ```swift @implementation RyukieHook + (void)load { NSLog(@"\n\n\n\n\n\n\n\n\n\n\n RyukieHookSuccess \n\n\n\n\n\n\n\n\n\n\n"); } @end ``` ### 3.2 修改`BaseSDK`为`iOS` ![](/files/-MZrCxrz3Tnh_CACg2rT) ### 3.3 设置编译时拷贝文件 ![拷贝1](/files/-MZrCxs-xSzbvXaloEXj) ![拷贝2](/files/-MZrCxs0HLSABYebkGXv) ![拷贝3](/files/-MZrCxs1kYaOJQaalmG1) 运行注入成功! ![](/files/-MZrCxs25yP1erxtFObL) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ryukiedev.gitbook.io/wiki/ni-xiang/05.dylib-zhu-ru.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.