移动基板可以钩住这个吗?
Can mobilesubstrate hook this?
本文关键字:移动 更新时间:2023-10-16
我想挂接一个名为png_handle_IHDR的函数,该函数在 ImageIO 框架中本地声明。我使用MobileSafari作为过滤器。但是在调用原始函数时,移动野生动物园崩溃了。在检查NSLog时,我得到这个:
Jun 5 17:21:08 unknown MobileSafari[553] <Warning>: dlopen ImageIO success!
Jun 5 17:21:08 unknown MobileSafari[553] <Warning>: Zeroing of nlist success!
Jun 5 17:21:08 unknown MobileSafari[553] <Warning>: method name successfully assigned!
Jun 5 17:21:08 unknown MobileSafari[553] <Warning>: nlist SUCCESS! nlsetting..
Jun 5 17:21:08 unknown MobileSafari[553] <Warning>: nlset success! Hooking..
Jun 5 17:21:09 unknown MobileSafari[553] <Warning>: Png IHDR handle hooking!
Jun 5 17:21:09 unknown UIKitApplication:com.apple.mobilesafari[0x819][553] <Notice>: libpng error: Invalid IHDR chunk
Jun 5 17:21:09 unknown ReportCrash[554] <Notice>: Formulating crash report for process MobileSafari[553]
Jun 5 17:21:09 unknown com.apple.launchd[1] <Warning>: (UIKitApplication:com.apple.mobilesafari[0x819]) Job appears to have crashed: Abort trap: 6
Jun 5 17:21:09 unknown SpringBoard[530] <Warning>: Application 'Safari' exited abnormally with signal 6: Abort trap: 6
立即发现,我很可能弄错了png_handle_IHDR的功能原型。以下是我在调整中的代码:
#import <CoreFoundation/CoreFoundation.h>
#include <substrate.h>
#define ImageIO "/System/Library/Frameworks/ImageIO.framework/ImageIO"
void (*png_handle_IHDR)();
MSHook(void, png_handle_IHDR){
NSLog(@"Png IHDR handle hooking!n");
_png_handle_IHDR(); //crashed here!!
NSLog(@"Png IHDR handle hooking finished!n");
}
template <typename Type_>
static void nlset(Type_ &function, struct nlist *nl, size_t index) {
struct nlist &name(nl[index]);
uintptr_t value(name.n_value);
if ((name.n_desc & N_ARM_THUMB_DEF) != 0)
value |= 0x00000001;
function = reinterpret_cast<Type_>(value);
}
MSInitialize {
if (dlopen(ImageIO, RTLD_LAZY | RTLD_NOLOAD)!=NULL)
{
NSLog(@"dlopen ImageIO success!n");
struct nlist nl[2];
bzero(&nl, sizeof(nl));
NSLog(@"Zeroing of nlist success!n");
nl[0].n_un.n_name = (char*) "_png_handle_IHDR";
NSLog(@"method name successfully assigned!n");
nlist(ImageIO,nl);
NSLog(@"nlist SUCCESS! nlsetting..n");
nlset(png_handle_IHDR, nl, 0);
NSLog(@"nlset success! Hooking..n");
MSHookFunction(png_handle_IHDR,MSHake(png_handle_IHDR));
}
}
我的制作文件是这样的:
include theos/makefiles/common.mk
TWEAK_NAME = privateFunctionTest
privateFunctionTest_FILES = Tweak.xm
include $(THEOS_MAKE_PATH)/tweak.mk
privateFunctionTest_FRAMEWORKS = UIKit ImageIO CoreGraphics Foundation CoreFoundation
编辑:问题是,知道原始函数参数对于成功的钩子是必要的吗?如果是,从反汇编中获取功能原型是唯一的方法吗?在任何 SDK 标头中都没有对此进行定义。谢谢。
好的,我反编译了函数,并让反编译器猜到了函数原型。只要参数和返回类型广泛匹配,例如 bool : int,unsigned int : int,它仍然有效,而不会杀死处决。所以这有效:
int *png_handle_IHDR(int a1, int a2, int a3);
MSHook(int, png_handle_IHDR, int a1, int a2, int a3){
NSLog(@"png_handle_IHDR(%d,%d,%d)", a1,a2,a3);
int val = _png_handle_IHDR(a1,a2,a3);
NSLog(@"Png IHDR handle hooking finished, returning %d as result!", val);
return val;
}
相关文章:
- 将对象移动到std::shared_ptr
- 何时在引用或唯一指针上使用移动语义
- 如何从具有移动语义的类对象中生成共享指针
- 将shared_ptr移动到<StructA>shared_ptr<变体<结构A、结构 B>>
- C / C++ 移位/偏移/向左或向右移动位图?
- MSVC将仅移动结构参数解释为指针
- 自定义先决条件对移动分配运算符有效吗
- 返回值优化:显式移动还是隐式
- 当有分配器意识的容器被复制/移动时,反弹分配器是否被复制/移走
- 为什么复制而不是移动数据元素?
- 可以使用移动语义更改或改进此C++代码吗?
- 使lambda不可复制/不可移动
- c++在使用指针时移动语义
- 将QGraphicsItem的移动区域限制在多边形区域内
- SendInput()鼠标移动计算
- 按值 C++ 返回时进行双倍移动
- 移动二维数组中的字符
- 为什么不调用移动构造函数?(默认情况下只有构造器,没有别的)
- 安全到标准:移动会员?
- OpenVR:向视图方向移动
