Hook for memory related APIs does not work

Question

LeiX OP

Created Oct ’24

Replies 1

Boosts 0

Participants 2

We hook the memory related APIs with ourselves' functions, like below:

if ((malloc_get_all_zones(0, nullptr, reinterpret_cast<vm_address_t**>(&allZones), &numZones) == KERN_SUCCESS) && (numZones > 0) && (numZones > 0)) { if (allZones[0] == nullptr ) { return false; } trackZone = allZones[0] trackZone->malloc = &my_malloc; trackZone->calloc = &my_calloc; trackZone->valloc = &my_valloc; trackZone->memalign = &my_memalign; trackZone->free = &my_free; trackZone->free_definite_size = &my_free_definite_size; trackZone->try_free_default = &my_try_free_default; trackZone->realloc = &scf_realloc; }

our functions are called when allocate memory with XCode15+MacOS14.6, but when we upgrade the compiling env to XCode16+MacOS15, it won't work any more.

Boost

Answer 1

DTS Engineer OP

Apple

4w

I haven't tracked down the exact source of the change, but this sounds like the result of security hardening inside libmalloc. More broadly, modifying malloc zones you didn't create is not something I'd expect to work, as it's exactly the kind of thing that malware does, not to mention the other kinds of bugs it creates.

If you're doing this for development purposes, then dynamic linker interposing is a much better option (see "An Apple Library Primer" for more details on that process). If you're trying to do this in a shipping app, then my recommendation would basically be to stop doing that.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

0