The Objective-C framework makes it easy to manipulate code by replacing or adding methods, and this is the path many attackers will first take to breach your application’s security. Fortunately, because Objective-C is so reflective in this way, it can also be used to your advantage. By using the same runtime library functions that an attacker uses to hijack your code, applications can also perform integrity checks to get an idea of just what code is going to execute before it’s ever called. If it can be determined that the method for a particular class has been infected, the application can immediately perform tamper response.
Any time malicious code is injected into your application, it must
be loaded into address space. By validating the address space for
critical methods your application uses, you can up the ante for an
attacker by forcing him to find ways to inject his code into the
existing address space that the valid code lives in, which is much more
difficult. The dynamic linker library includes a function named
dladdr, which returns information about the
address space a particular function belongs to. By providing it with the
function pointer of a class’s method implementation, its origins can be
verified to have come from your program, Apple’s frameworks, or an
unknown (malicious) source.
dladdr function provides information about the image filename and symbol name when given a pointer. To test this function, compile ...