# 12.去符号与恢复符号 ## 一、去符号 我们在做逆向的时候,App的符号都被去掉了,所以我们需要对符号进行符号恢复。 去符号会使应用包更小。 > 动态库:保留全局符号 ### 1.1 设置去符号的类型 ![1](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F7640aed7b6e598af45c96f11629d32cf7b76ed6a.png?generation=1621265704964034\&alt=media) * `Deployment Postprocessing` * YES: 编译也去符号 * NO: 只在打包时去符号 * `Strip Style` * `All Symbols` * 所有符号 * `Non-Global Symbols` * 除了全局符号 * `Debugging Symbols` * 调试符号 ### 1.2 去符号前后的MachO #### a.去符号之前 ![0](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F5a8c3a8a44f04511d8ec9bda3655b58bff09fdfd.png?generation=1621265704447238\&alt=media) #### b.去符号之后 ![1](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F8627095ec697c080b63041a84e14fa7f46a6b011.png?generation=1621265705271542\&alt=media) ![1](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2Fc095ed8be0159f15c2a71945f71e91d5e0cc4a26.png?generation=1621265704868800\&alt=media) 只剩下`间接符号`和`一个全局`、`一个本地` ### 1.3 函数的实现地址 ![1](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F52eb7d845473570e1b8f8644df41dfc131a03d08.png?generation=1621265705402745\&alt=media) * 这里是函数的实现地址 * 间接符号的地址这里全是0,调用的时候会先去找桩 * [详情参考](https://ryukiedev.gitbook.io/wiki/ni-xiang/08.hook) * 去符号之前可以看到全局符和本地符号的地址 ## 二、符号类型 ### 3.1 全局符号 我们定义的基本都是全集符号 ### 3.2 本地符号 static 是本地符号 ### 3.3 命令查看类型 ![](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F1401aa64fbc532d99a299b2b70cc450f41af22ee.png?generation=1621265704564257\&alt=media) `objdump --macho -t 你的macho文件名` ``` SymbolBind: SYMBOL TABLE: 0000000100005f18 l F __TEXT,__text -[ViewController viewDidLoad] 0000000100005f88 l F __TEXT,__text -[ViewController test] 0000000100005fd0 l F __TEXT,__text -[AppDelegate application:didFinishLaunchingWithOptions:] 000000010000604c l F __TEXT,__text -[AppDelegate application:configurationForConnectingSceneSession:options:] 000000010000614c l F __TEXT,__text -[AppDelegate application:didDiscardSceneSessions:] 000000010000625c l F __TEXT,__text -[SceneDelegate scene:willConnectToSession:options:] 00000001000062f8 l F __TEXT,__text -[SceneDelegate sceneDidDisconnect:] 0000000100006344 l F __TEXT,__text -[SceneDelegate sceneDidBecomeActive:] 0000000100006390 l F __TEXT,__text -[SceneDelegate sceneWillResignActive:] 00000001000063dc l F __TEXT,__text -[SceneDelegate sceneWillEnterForeground:] 0000000100006428 l F __TEXT,__text -[SceneDelegate sceneDidEnterBackground:] 0000000100006474 l F __TEXT,__text -[SceneDelegate window] 0000000100006498 l F __TEXT,__text -[SceneDelegate setWindow:] 00000001000064d4 l F __TEXT,__text -[SceneDelegate .cxx_destruct] 00000001000080c0 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_NSObject 00000001000080c8 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UIApplicationDelegate 00000001000080d0 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UISceneDelegate 00000001000080d8 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UIWindowSceneDelegate 000000010000c068 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_ViewController 000000010000c0b0 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_ViewController 000000010000c0e8 l O __DATA,__objc_const __OBJC_CLASS_RO_$_ViewController 000000010000c130 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000c300 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000c320 l O __DATA,__objc_const __OBJC_$_PROP_LIST_NSObject 000000010000c368 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000c408 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UIApplicationDelegate 000000010000c420 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIApplicationDelegate 000000010000c938 l O __DATA,__objc_const __OBJC_$_PROP_LIST_UIApplicationDelegate 000000010000c950 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UIApplicationDelegate 000000010000cb00 l O __DATA,__objc_const __OBJC_CLASS_PROTOCOLS_$_AppDelegate 000000010000cb18 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_AppDelegate 000000010000cb60 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_AppDelegate 000000010000cbb0 l O __DATA,__objc_const __OBJC_$_PROP_LIST_AppDelegate 000000010000cc08 l O __DATA,__objc_const __OBJC_CLASS_RO_$_AppDelegate 000000010000cc50 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000ce20 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000ce40 l O __DATA,__objc_const __OBJC_$_PROP_LIST_NSObject 000000010000ce88 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000cf28 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UISceneDelegate 000000010000cf40 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UISceneDelegate 000000010000d068 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UISceneDelegate 000000010000d0c8 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UIWindowSceneDelegate 000000010000d0e0 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIWindowSceneDelegate 000000010000d160 l O __DATA,__objc_const __OBJC_$_PROP_LIST_UIWindowSceneDelegate 000000010000d178 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UIWindowSceneDelegate 000000010000d1a0 l O __DATA,__objc_const __OBJC_CLASS_PROTOCOLS_$_SceneDelegate 000000010000d1b8 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_SceneDelegate 000000010000d200 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_SceneDelegate 000000010000d2e0 l O __DATA,__objc_const __OBJC_$_INSTANCE_VARIABLES_SceneDelegate 000000010000d308 l O __DATA,__objc_const __OBJC_$_PROP_LIST_SceneDelegate 000000010000d360 l O __DATA,__objc_const __OBJC_CLASS_RO_$_SceneDelegate 000000010000d3e0 l O __DATA,__objc_ivar _OBJC_IVAR_$_SceneDelegate._window 000000010000d4d8 l O __DATA,__data __dyld_private 000000010000d4e0 w O __DATA,__data __OBJC_PROTOCOL_$_NSObject 000000010000d540 w O __DATA,__data __OBJC_PROTOCOL_$_UIApplicationDelegate 000000010000d5a0 w O __DATA,__data __OBJC_PROTOCOL_$_UISceneDelegate 000000010000d600 w O __DATA,__data __OBJC_PROTOCOL_$_UIWindowSceneDelegate 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* ViewController.m 0000000060a0b161 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/ViewController.o 0000000100005f18 d *UND* 0000000100005f18 d *UND* -[ViewController viewDidLoad] 0000000000000070 d *UND* 0000000000000070 d *UND* 0000000100005f88 d *UND* 0000000100005f88 d *UND* -[ViewController test] 000000000000002c d *UND* 000000000000002c d *UND* 0000000100005fb4 d *UND* 0000000100005fb4 d *UND* _testLocalFunction 000000000000001c d *UND* 000000000000001c d *UND* 000000010000c068 d *UND* __OBJC_METACLASS_RO_$_ViewController 000000010000c0b0 d *UND* __OBJC_$_INSTANCE_METHODS_ViewController 000000010000c0e8 d *UND* __OBJC_CLASS_RO_$_ViewController 0000000000000000 d *UND* _OBJC_CLASS_$_ViewController 0000000000000000 d *UND* _OBJC_METACLASS_$_ViewController 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* AppDelegate.m 0000000060a0b161 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/AppDelegate.o 0000000100005fd0 d *UND* 0000000100005fd0 d *UND* -[AppDelegate application:didFinishLaunchingWithOptions:] 000000000000007c d *UND* 000000000000007c d *UND* 000000010000604c d *UND* 000000010000604c d *UND* -[AppDelegate application:configurationForConnectingSceneSession:options:] 0000000000000100 d *UND* 0000000000000100 d *UND* 000000010000614c d *UND* 000000010000614c d *UND* -[AppDelegate application:didDiscardSceneSessions:] 0000000000000074 d *UND* 0000000000000074 d *UND* 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_NSObject 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UIApplicationDelegate 000000010000c130 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000c300 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000c320 d *UND* __OBJC_$_PROP_LIST_NSObject 000000010000c368 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000c408 d *UND* __OBJC_$_PROTOCOL_REFS_UIApplicationDelegate 000000010000c420 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIApplicationDelegate 000000010000c938 d *UND* __OBJC_$_PROP_LIST_UIApplicationDelegate 000000010000c950 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UIApplicationDelegate 000000010000cb00 d *UND* __OBJC_CLASS_PROTOCOLS_$_AppDelegate 000000010000cb18 d *UND* __OBJC_METACLASS_RO_$_AppDelegate 000000010000cb60 d *UND* __OBJC_$_INSTANCE_METHODS_AppDelegate 000000010000cbb0 d *UND* __OBJC_$_PROP_LIST_AppDelegate 000000010000cc08 d *UND* __OBJC_CLASS_RO_$_AppDelegate 0000000000000000 d *UND* _OBJC_METACLASS_$_AppDelegate 0000000000000000 d *UND* _OBJC_CLASS_$_AppDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_NSObject 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UIApplicationDelegate 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* main.m 0000000060a0b161 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/main.o 00000001000061c0 d *UND* 00000001000061c0 d *UND* _main 000000000000009c d *UND* 000000000000009c d *UND* 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* SceneDelegate.m 0000000060a0b161 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/SceneDelegate.o 000000010000625c d *UND* 000000010000625c d *UND* -[SceneDelegate scene:willConnectToSession:options:] 000000000000009c d *UND* 000000000000009c d *UND* 00000001000062f8 d *UND* 00000001000062f8 d *UND* -[SceneDelegate sceneDidDisconnect:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006344 d *UND* 0000000100006344 d *UND* -[SceneDelegate sceneDidBecomeActive:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006390 d *UND* 0000000100006390 d *UND* -[SceneDelegate sceneWillResignActive:] 000000000000004c d *UND* 000000000000004c d *UND* 00000001000063dc d *UND* 00000001000063dc d *UND* -[SceneDelegate sceneWillEnterForeground:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006428 d *UND* 0000000100006428 d *UND* -[SceneDelegate sceneDidEnterBackground:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006474 d *UND* 0000000100006474 d *UND* -[SceneDelegate window] 0000000000000024 d *UND* 0000000000000024 d *UND* 0000000100006498 d *UND* 0000000100006498 d *UND* -[SceneDelegate setWindow:] 000000000000003c d *UND* 000000000000003c d *UND* 00000001000064d4 d *UND* 00000001000064d4 d *UND* -[SceneDelegate .cxx_destruct] 000000000000003c d *UND* 000000000000003c d *UND* 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UISceneDelegate 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UIWindowSceneDelegate 000000010000cc50 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000ce20 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000ce40 d *UND* __OBJC_$_PROP_LIST_NSObject 000000010000ce88 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000cf28 d *UND* __OBJC_$_PROTOCOL_REFS_UISceneDelegate 000000010000cf40 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UISceneDelegate 000000010000d068 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UISceneDelegate 000000010000d0c8 d *UND* __OBJC_$_PROTOCOL_REFS_UIWindowSceneDelegate 000000010000d0e0 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIWindowSceneDelegate 000000010000d160 d *UND* __OBJC_$_PROP_LIST_UIWindowSceneDelegate 000000010000d178 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UIWindowSceneDelegate 000000010000d1a0 d *UND* __OBJC_CLASS_PROTOCOLS_$_SceneDelegate 000000010000d1b8 d *UND* __OBJC_METACLASS_RO_$_SceneDelegate 000000010000d200 d *UND* __OBJC_$_INSTANCE_METHODS_SceneDelegate 000000010000d2e0 d *UND* __OBJC_$_INSTANCE_VARIABLES_SceneDelegate 000000010000d308 d *UND* __OBJC_$_PROP_LIST_SceneDelegate 000000010000d360 d *UND* __OBJC_CLASS_RO_$_SceneDelegate 0000000000000000 d *UND* _OBJC_IVAR_$_SceneDelegate._window 0000000000000000 d *UND* _OBJC_METACLASS_$_SceneDelegate 0000000000000000 d *UND* _OBJC_CLASS_$_SceneDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UISceneDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UIWindowSceneDelegate 0000000000000000 d *UND* 000000010000d460 g O __DATA,__objc_data _OBJC_CLASS_$_AppDelegate 000000010000d4b0 g O __DATA,__objc_data _OBJC_CLASS_$_SceneDelegate 000000010000d3e8 g O __DATA,__objc_data _OBJC_CLASS_$_ViewController 000000010000d438 g O __DATA,__objc_data _OBJC_METACLASS_$_AppDelegate 000000010000d488 g O __DATA,__objc_data _OBJC_METACLASS_$_SceneDelegate 000000010000d410 g O __DATA,__objc_data _OBJC_METACLASS_$_ViewController 0000000100000000 g F __TEXT,__text __mh_execute_header 00000001000061c0 g F __TEXT,__text _main 0000000100005fb4 g F __TEXT,__text _testLocalFunction 0000000000000000 *UND* _NSLog 0000000000000000 *UND* _NSStringFromClass 0000000000000000 *UND* _OBJC_CLASS_$_UIResponder 0000000000000000 *UND* _OBJC_CLASS_$_UISceneConfiguration 0000000000000000 *UND* _OBJC_CLASS_$_UIViewController 0000000000000000 *UND* _OBJC_METACLASS_$_NSObject 0000000000000000 *UND* _OBJC_METACLASS_$_UIResponder 0000000000000000 *UND* _OBJC_METACLASS_$_UIViewController 0000000000000000 *UND* _UIApplicationMain 0000000000000000 *UND* ___CFConstantStringClassReference 0000000000000000 *UND* __objc_empty_cache 0000000000000000 *UND* _objc_alloc 0000000000000000 *UND* _objc_autoreleasePoolPop 0000000000000000 *UND* _objc_autoreleasePoolPush 0000000000000000 *UND* _objc_autoreleaseReturnValue 0000000000000000 *UND* _objc_msgSend 0000000000000000 *UND* _objc_msgSendSuper2 0000000000000000 *UND* _objc_opt_class 0000000000000000 *UND* _objc_release 0000000000000000 *UND* _objc_retainAutoreleasedReturnValue 0000000000000000 *UND* _objc_storeStrong 0000000000000000 *UND* dyld_stub_binder ➜ 11 clear ➜ 11 objdump --macho -t SymbolBind SymbolBind: SYMBOL TABLE: 0000000100005f10 l F __TEXT,__text -[ViewController viewDidLoad] 0000000100005f80 l F __TEXT,__text -[ViewController test] 0000000100005fc8 l F __TEXT,__text -[AppDelegate application:didFinishLaunchingWithOptions:] 0000000100006044 l F __TEXT,__text -[AppDelegate application:configurationForConnectingSceneSession:options:] 0000000100006144 l F __TEXT,__text -[AppDelegate application:didDiscardSceneSessions:] 0000000100006254 l F __TEXT,__text -[SceneDelegate scene:willConnectToSession:options:] 00000001000062f0 l F __TEXT,__text -[SceneDelegate sceneDidDisconnect:] 000000010000633c l F __TEXT,__text -[SceneDelegate sceneDidBecomeActive:] 0000000100006388 l F __TEXT,__text -[SceneDelegate sceneWillResignActive:] 00000001000063d4 l F __TEXT,__text -[SceneDelegate sceneWillEnterForeground:] 0000000100006420 l F __TEXT,__text -[SceneDelegate sceneDidEnterBackground:] 000000010000646c l F __TEXT,__text -[SceneDelegate window] 0000000100006490 l F __TEXT,__text -[SceneDelegate setWindow:] 00000001000064cc l F __TEXT,__text -[SceneDelegate .cxx_destruct] 00000001000080c0 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_NSObject 00000001000080c8 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UIApplicationDelegate 00000001000080d0 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UISceneDelegate 00000001000080d8 w O __DATA_CONST,__objc_protolist __OBJC_LABEL_PROTOCOL_$_UIWindowSceneDelegate 000000010000c068 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_ViewController 000000010000c0b0 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_ViewController 000000010000c0e8 l O __DATA,__objc_const __OBJC_CLASS_RO_$_ViewController 000000010000c130 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000c300 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000c320 l O __DATA,__objc_const __OBJC_$_PROP_LIST_NSObject 000000010000c368 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000c408 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UIApplicationDelegate 000000010000c420 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIApplicationDelegate 000000010000c938 l O __DATA,__objc_const __OBJC_$_PROP_LIST_UIApplicationDelegate 000000010000c950 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UIApplicationDelegate 000000010000cb00 l O __DATA,__objc_const __OBJC_CLASS_PROTOCOLS_$_AppDelegate 000000010000cb18 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_AppDelegate 000000010000cb60 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_AppDelegate 000000010000cbb0 l O __DATA,__objc_const __OBJC_$_PROP_LIST_AppDelegate 000000010000cc08 l O __DATA,__objc_const __OBJC_CLASS_RO_$_AppDelegate 000000010000cc50 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000ce20 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000ce40 l O __DATA,__objc_const __OBJC_$_PROP_LIST_NSObject 000000010000ce88 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000cf28 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UISceneDelegate 000000010000cf40 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UISceneDelegate 000000010000d068 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UISceneDelegate 000000010000d0c8 l O __DATA,__objc_const __OBJC_$_PROTOCOL_REFS_UIWindowSceneDelegate 000000010000d0e0 l O __DATA,__objc_const __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIWindowSceneDelegate 000000010000d160 l O __DATA,__objc_const __OBJC_$_PROP_LIST_UIWindowSceneDelegate 000000010000d178 l O __DATA,__objc_const __OBJC_$_PROTOCOL_METHOD_TYPES_UIWindowSceneDelegate 000000010000d1a0 l O __DATA,__objc_const __OBJC_CLASS_PROTOCOLS_$_SceneDelegate 000000010000d1b8 l O __DATA,__objc_const __OBJC_METACLASS_RO_$_SceneDelegate 000000010000d200 l O __DATA,__objc_const __OBJC_$_INSTANCE_METHODS_SceneDelegate 000000010000d2e0 l O __DATA,__objc_const __OBJC_$_INSTANCE_VARIABLES_SceneDelegate 000000010000d308 l O __DATA,__objc_const __OBJC_$_PROP_LIST_SceneDelegate 000000010000d360 l O __DATA,__objc_const __OBJC_CLASS_RO_$_SceneDelegate 000000010000d3e0 l O __DATA,__objc_ivar _OBJC_IVAR_$_SceneDelegate._window 000000010000d4d8 l O __DATA,__data __dyld_private 000000010000d4e0 w O __DATA,__data __OBJC_PROTOCOL_$_NSObject 000000010000d540 w O __DATA,__data __OBJC_PROTOCOL_$_UIApplicationDelegate 000000010000d5a0 w O __DATA,__data __OBJC_PROTOCOL_$_UISceneDelegate 000000010000d600 w O __DATA,__data __OBJC_PROTOCOL_$_UIWindowSceneDelegate 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* ViewController.m 0000000060a0b259 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/ViewController.o 0000000100005f10 d *UND* 0000000100005f10 d *UND* -[ViewController viewDidLoad] 0000000000000070 d *UND* 0000000000000070 d *UND* 0000000100005f80 d *UND* 0000000100005f80 d *UND* -[ViewController test] 000000000000002c d *UND* 000000000000002c d *UND* 0000000100005fac d *UND* 0000000100005fac d *UND* _testGlobalFunction 000000000000001c d *UND* 000000000000001c d *UND* 000000010000c068 d *UND* __OBJC_METACLASS_RO_$_ViewController 000000010000c0b0 d *UND* __OBJC_$_INSTANCE_METHODS_ViewController 000000010000c0e8 d *UND* __OBJC_CLASS_RO_$_ViewController 0000000000000000 d *UND* _OBJC_CLASS_$_ViewController 0000000000000000 d *UND* _OBJC_METACLASS_$_ViewController 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* AppDelegate.m 0000000060a0b259 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/AppDelegate.o 0000000100005fc8 d *UND* 0000000100005fc8 d *UND* -[AppDelegate application:didFinishLaunchingWithOptions:] 000000000000007c d *UND* 000000000000007c d *UND* 0000000100006044 d *UND* 0000000100006044 d *UND* -[AppDelegate application:configurationForConnectingSceneSession:options:] 0000000000000100 d *UND* 0000000000000100 d *UND* 0000000100006144 d *UND* 0000000100006144 d *UND* -[AppDelegate application:didDiscardSceneSessions:] 0000000000000074 d *UND* 0000000000000074 d *UND* 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_NSObject 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UIApplicationDelegate 000000010000c130 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000c300 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000c320 d *UND* __OBJC_$_PROP_LIST_NSObject 000000010000c368 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000c408 d *UND* __OBJC_$_PROTOCOL_REFS_UIApplicationDelegate 000000010000c420 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIApplicationDelegate 000000010000c938 d *UND* __OBJC_$_PROP_LIST_UIApplicationDelegate 000000010000c950 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UIApplicationDelegate 000000010000cb00 d *UND* __OBJC_CLASS_PROTOCOLS_$_AppDelegate 000000010000cb18 d *UND* __OBJC_METACLASS_RO_$_AppDelegate 000000010000cb60 d *UND* __OBJC_$_INSTANCE_METHODS_AppDelegate 000000010000cbb0 d *UND* __OBJC_$_PROP_LIST_AppDelegate 000000010000cc08 d *UND* __OBJC_CLASS_RO_$_AppDelegate 0000000000000000 d *UND* _OBJC_METACLASS_$_AppDelegate 0000000000000000 d *UND* _OBJC_CLASS_$_AppDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_NSObject 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UIApplicationDelegate 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* main.m 0000000060a0b259 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/main.o 00000001000061b8 d *UND* 00000001000061b8 d *UND* _main 000000000000009c d *UND* 000000000000009c d *UND* 0000000000000000 d *UND* 0000000000000000 d *UND* /Users/RyukieW/RyukieSamaProject/Study/逆向/Code/SymbolBind/SymbolBind/ 0000000000000000 d *UND* SceneDelegate.m 0000000060a0b259 d *UND* /Users/RyukieW/Library/Developer/Xcode/DerivedData/SymbolBind-bhluvjpsukewfxgsouyiwqlmcntk/Build/Intermediates.noindex/SymbolBind.build/Debug-iphoneos/SymbolBind.build/Objects-normal/arm64/SceneDelegate.o 0000000100006254 d *UND* 0000000100006254 d *UND* -[SceneDelegate scene:willConnectToSession:options:] 000000000000009c d *UND* 000000000000009c d *UND* 00000001000062f0 d *UND* 00000001000062f0 d *UND* -[SceneDelegate sceneDidDisconnect:] 000000000000004c d *UND* 000000000000004c d *UND* 000000010000633c d *UND* 000000010000633c d *UND* -[SceneDelegate sceneDidBecomeActive:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006388 d *UND* 0000000100006388 d *UND* -[SceneDelegate sceneWillResignActive:] 000000000000004c d *UND* 000000000000004c d *UND* 00000001000063d4 d *UND* 00000001000063d4 d *UND* -[SceneDelegate sceneWillEnterForeground:] 000000000000004c d *UND* 000000000000004c d *UND* 0000000100006420 d *UND* 0000000100006420 d *UND* -[SceneDelegate sceneDidEnterBackground:] 000000000000004c d *UND* 000000000000004c d *UND* 000000010000646c d *UND* 000000010000646c d *UND* -[SceneDelegate window] 0000000000000024 d *UND* 0000000000000024 d *UND* 0000000100006490 d *UND* 0000000100006490 d *UND* -[SceneDelegate setWindow:] 000000000000003c d *UND* 000000000000003c d *UND* 00000001000064cc d *UND* 00000001000064cc d *UND* -[SceneDelegate .cxx_destruct] 000000000000003c d *UND* 000000000000003c d *UND* 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UISceneDelegate 0000000000000000 d *UND* __OBJC_LABEL_PROTOCOL_$_UIWindowSceneDelegate 000000010000cc50 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_NSObject 000000010000ce20 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_NSObject 000000010000ce40 d *UND* __OBJC_$_PROP_LIST_NSObject 000000010000ce88 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_NSObject 000000010000cf28 d *UND* __OBJC_$_PROTOCOL_REFS_UISceneDelegate 000000010000cf40 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UISceneDelegate 000000010000d068 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UISceneDelegate 000000010000d0c8 d *UND* __OBJC_$_PROTOCOL_REFS_UIWindowSceneDelegate 000000010000d0e0 d *UND* __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_UIWindowSceneDelegate 000000010000d160 d *UND* __OBJC_$_PROP_LIST_UIWindowSceneDelegate 000000010000d178 d *UND* __OBJC_$_PROTOCOL_METHOD_TYPES_UIWindowSceneDelegate 000000010000d1a0 d *UND* __OBJC_CLASS_PROTOCOLS_$_SceneDelegate 000000010000d1b8 d *UND* __OBJC_METACLASS_RO_$_SceneDelegate 000000010000d200 d *UND* __OBJC_$_INSTANCE_METHODS_SceneDelegate 000000010000d2e0 d *UND* __OBJC_$_INSTANCE_VARIABLES_SceneDelegate 000000010000d308 d *UND* __OBJC_$_PROP_LIST_SceneDelegate 000000010000d360 d *UND* __OBJC_CLASS_RO_$_SceneDelegate 0000000000000000 d *UND* _OBJC_IVAR_$_SceneDelegate._window 0000000000000000 d *UND* _OBJC_METACLASS_$_SceneDelegate 0000000000000000 d *UND* _OBJC_CLASS_$_SceneDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UISceneDelegate 0000000000000000 d *UND* __OBJC_PROTOCOL_$_UIWindowSceneDelegate 0000000000000000 d *UND* 000000010000d460 g O __DATA,__objc_data _OBJC_CLASS_$_AppDelegate 000000010000d4b0 g O __DATA,__objc_data _OBJC_CLASS_$_SceneDelegate 000000010000d3e8 g O __DATA,__objc_data _OBJC_CLASS_$_ViewController 000000010000d438 g O __DATA,__objc_data _OBJC_METACLASS_$_AppDelegate 000000010000d488 g O __DATA,__objc_data _OBJC_METACLASS_$_SceneDelegate 000000010000d410 g O __DATA,__objc_data _OBJC_METACLASS_$_ViewController 0000000100000000 g F __TEXT,__text __mh_execute_header 00000001000061b8 g F __TEXT,__text _main 0000000100005fac g F __TEXT,__text _testGlobalFunction 0000000000000000 *UND* _NSLog 0000000000000000 *UND* _NSStringFromClass 0000000000000000 *UND* _OBJC_CLASS_$_UIResponder 0000000000000000 *UND* _OBJC_CLASS_$_UISceneConfiguration 0000000000000000 *UND* _OBJC_CLASS_$_UIViewController 0000000000000000 *UND* _OBJC_METACLASS_$_NSObject 0000000000000000 *UND* _OBJC_METACLASS_$_UIResponder 0000000000000000 *UND* _OBJC_METACLASS_$_UIViewController 0000000000000000 *UND* _UIApplicationMain 0000000000000000 *UND* ___CFConstantStringClassReference 0000000000000000 *UND* __objc_empty_cache 0000000000000000 *UND* _objc_alloc 0000000000000000 *UND* _objc_autoreleasePoolPop 0000000000000000 *UND* _objc_autoreleasePoolPush 0000000000000000 *UND* _objc_autoreleaseReturnValue 0000000000000000 *UND* _objc_msgSend 0000000000000000 *UND* _objc_msgSendSuper2 0000000000000000 *UND* _objc_opt_class 0000000000000000 *UND* _objc_release 0000000000000000 *UND* _objc_retainAutoreleasedReturnValue 0000000000000000 *UND* _objc_storeStrong 0000000000000000 *UND* dyld_stub_binder ``` * `l` * 本地符号 * `g` * 全局符号 ## 三、恢复符号表的线索 虽然符号表中没有了符号,但是在MachO中的类的方法列表中还是有的! ### 3.1 类名 在`TEXT`段`__objc_classname`中: ![](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F32d128fd9f0eaf714cf0df653e0854d25e1b77ca.png?generation=1621265705601019\&alt=media) ### 3.2 方法名 在`TEXT`段`__objc_methname`中: ![](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F0025ba967f4fbd74f56003669aed6b1052a45cb8.png?generation=1621265706164879\&alt=media) ## 四、符号表恢复 ### 4.1 脚本 [GitHub: restore-symbol](https://github.com/tobefuturer/restore-symbol) * 将MachO文件放入目录中 * 执行脚本`./restore-symbol MachO文件名 -o MachO输出文件名` ``` =========== Start ============= 2021-05-16 15:11:40.712 restore-symbol[97858:6671327] Unknown load command: 0x00000032 Scan OC method in mach-o-file. Scan OC method finish. =========== Finish ============ ``` * 在用MachOView查看符号表,发现在后面已经恢复了! * 严谨的说是添加了符号 * 由于是基于Runtime的,动态派发的可以恢复。 * 对比发现文件大小也增大了 ![1](https://4193904735-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MI8JgbGh3U6X_oedqkm%2Fsync%2F45b106ce68c506fbf9e2c956658955b55789cd8b.png?generation=1621265705737640\&alt=media)