偿试练习hook,显示屏的宽高,查找了一下读取宽高的代码如下:
CGRect screenBounds = [[UIScreen mainScreen] bounds];
CGFloat screenScale = [UIScreen mainScreen].scale;
CGSize screenSize = CGSizeMake(screenBounds.size.width * screenScale, screenBounds.size.height * screenScale);
于是找到UIScreen.h文件如下:
@interface UIScreen : NSObject <UICoordinateSpace, UIFocusContainer, UITraitEnvironment, _UIFocusEnvironmentInternal, _UIFocusEnvironmentPrivate, _UIFocusRegionContainer, _UITraitEnvironmentInternal> {
UIWindow<UIFocusEnvironment> * __focusedWindow;
NSArray * _availableDisplayModes;
struct CGRect {
struct CGPoint {
float x;
float y;
} origin;
struct CGSize {
float width;
float height;
} size;
} _bounds;
+ (void)_FBSDisplayDidPossiblyConnect:(id)arg1;
+ (void)_FBSDisplayDidPossiblyConnect:(id)arg1 withScene:(id)arg2;
+ (void)_FBSDisplayDidPossiblyConnect:(id)arg1 withScene:(id)arg2 andPost:(BOOL)arg3;
+ (void)_FBSDisplayDidPossiblyDisconnect:(id)arg1;
+ (void)_FBSDisplayDidPossiblyDisconnect:(id)arg1 forSceneDestruction:(id)arg2;
+ (id)__availableScenes;
+ (id)__connectedFBSDisplays;
+ (id)__createPlugInScreenForFBSDisplay:(id)arg1;
+ (id)__sceneTrackingQueue;
+ (void)_beginDisableScreenUpdatesForSnapshot;
+ (void)_beginDisableScreenUpdatesForSnapshotUsingSnapshotCover:(BOOL)arg1;
+ (id)_carScreen;
+ (void)_endDisableScreenUpdates;
+ (void)_enumerateScreensWithBlock:(id /* block */)arg1;
+ (void)_prepareCarScreensForResume;
+ (void)_prepareScreensForAppResume;
+ (id)_screenForScene:(id)arg1;
+ (id)_screenWithDisplayID:(id)arg1;
+ (id)_screenWithDisplayName:(id)arg1;
+ (id)_screenWithIntegerDisplayID:(unsigned int)arg1;
+ (BOOL)_shouldDisableJail;
+ (id)_workspaceCapableScreens;
+ (struct CGPoint { float x1; float x2; })convertPoint:(struct CGPoint { float x1; float x2; })arg1 fromView:(id)arg2;
+ (struct CGPoint { float x1; float x2; })convertPoint:(struct CGPoint { float x1; float x2; })arg1 toView:(id)arg2;
+ (struct CGRect { struct CGPoint { float x_1_1_1; float x_1_1_2; } x1; struct CGSize { float x_2_1_1; float x_2_1_2; } x2; })convertRect:(struct CGRect { struct CGPoint { float x_1_1_1; float x_1_1_2; } x1; struct CGSize { float x_2_1_1; float x_2_1_2; } x2; })arg1 fromView:(id)arg2;
+ (struct CGRect { struct CGPoint { float x_1_1_1; float x_1_1_2; } x1; struct CGSize { float x_2_1_1; float x_2_1_2; } x2; })convertRect:(struct CGRect { struct CGPoint { float x_1_1_1; float x_1_1_2; } x1; struct CGSize { float x_2_1_1; float x_2_1_2; } x2; })arg1 toView:(id)arg2;
+ (void)initialize;
+ (id)mainScreen;
+ (id)screens;
%hook UIScreen
+(id)mainScreen
{
CGRect * cc = MSHookIvar<CGRect *>(self, "_bounds");
NSLog(@"=========================debug:[%f]",(cc->size).width);
return %orig;
}
%end
编译安装,然后发现,被HOOK的包闪退:
May 2 08:47:18 iPhone diagnosticd[300] <Error>: error evaluating process info - pid: 13338, puniqueid: 13338
May 2 08:47:18 iPhone com.apple.xpc.launchd[1] (UIKitApplication:com.nan.Particle[0x8a2e][13338]) <Notice>: Service exited due to signal: Segmentation fault: 11
May 2 08:47:18 iPhone ReportCrash[13335] <Notice>: Formulating report for corpse[13338] Particle
May 2 08:47:18 iPhone ReportCrash[13335] <Warning>: report not saved because the limit of 25 for 109_Particle logs has been reached.
May 2 08:47:18 iPhone ReportCrash[13335] <Error>: Notice: This report is abbreviated for syslog inclusion because it could not be saved to disk.
Symbolication may be possible by manually cleaning up and including the Binary Image section of a full report from this same device -- good luck!
May 2 08:47:18 iPhone ReportCrash[13335] <Error>: Process: Particle [13338]
Path: /private/var/mobile/Containers/Bundle/Application/F187E36A-D147-413C-9100-FB6D4E40C8A9/Particle.app/Particle
OS Version: iOS 9.2.1 (13D15)
May 2 08:47:18 iPhone ReportCrash[13335] <Error>: Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Triggered by Thread: 0
May 2 08:47:18 iPhone ReportCrash[13335] <Error>: Thread 0 name: Dispatch queue: com.apple.main-thread