做示例2symbol中查到了对应函数名的地址,调用MSHookFunction之后,打印的内容还是之前的内容。
Tweak:
#import <substrate.h>
void (*old__ZN8CPPClass11CPPFunctionEPKc)(void *, const char *);
void new__ZN8CPPClass11CPPFunctionEPKc(void * hiddenThis, const char * arg0) {
if (strcmp(arg0, "This is a short C function!") == 0) {
old__ZN8CPPClass11CPPFunctionEPKc(hiddenThis, "This is a hijacked short C function from new__ZN8CPPClass11CPPFunctionEPKc");
} else {
old__ZN8CPPClass11CPPFunctionEPKc(hiddenThis, "This is a hijacked C++ function!");
}
}
void (*old_CFunction) (const char *);
void new_CFunction(const char * arg0) {
old_CFunction("This is a hijacked C function!");
}
void (*old_ShortCFunction)(const char *);
void new_ShortCFunction(const char *arg0) {
old_CFunction("This is a hijacked short C function from new_ShortCFunction!");
}
%ctor
{
@autoreleasepool
{
MSImageRef image = MSGetImageByName("/Applications/iOSRETargetApp.app/iOSRETargetApp");
void *__ZN8CPPClass11CPPFunctionEPKc = MSFindSymbol(image, "__ZN8CPPClass11CPPFunctionEPKc");
if (__ZN8CPPClass11CPPFunctionEPKc) {
NSLog(@"iOSRE: Found CPPFuction!");
}
MSHookFunction((void *)__ZN8CPPClass11CPPFunctionEPKc, (void *)&new__ZN8CPPClass11CPPFunctionEPKc, (void **)&old__ZN8CPPClass11CPPFunctionEPKc);
void *_CFunction = MSFindSymbol(image, "_CFunction");
if (_CFunction) {
NSLog(@"iOSRE: Found CFunction!");
}
MSHookFunction((void *)_CFunction, (void *)&new_CFunction, (void **)&old_CFunction);
void *_ShortCFunction = MSFindSymbol(image, "_ShortCFunction");
if (_ShortCFunction) {
NSLog(@"iOSRE: Found ShortCFunction!");
}
MSHookFunction((void *)_ShortCFunction, (void *)&new_ShortCFunction, (void **)&old_ShortCFunction);
}
}
RootViewController:
#import "RootViewController.h"
class CPPClass
{
public:
void CPPFunction(const char *);
};
void CPPClass::CPPFunction(const char *arg0)
{
NSLog(@"iOSRE: CPPFuction: %s", arg0);
}
extern "C" void CFunction(const char *arg0)
{
NSLog(@"iOSRE: CFunction: %s", arg0);
}
extern "C" void ShortCFunction(const char *arg0)
{
CPPClass cppClass;
cppClass.CPPFunction(arg0);
}
@implementation RootViewController
- (void)loadView
{
NSLog(@"- loadView -");
self.view = [[[UIView alloc] initWithFrame:[[UIScreen mainScreen] applicationFrame]] autorelease];
self.view.backgroundColor = [UIColor redColor];
}
- (void)viewDidLoad
{
[super viewDidLoad];
NSLog(@"- viewDidLoad -");
CPPClass cppClass;
cppClass.CPPFunction("This is a C++ function!");
CFunction("This is a C function!");
ShortCFunction("This is a short c function!");
}
@end
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/MAServiceEx.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/RHRevealLoader.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/TEMain.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: ==================================================
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: VERSION: 9.300000
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: ==================================================
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Error>: MS:Error: binary not signed (use ldid -S)
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Error>: MS:Error: failure to check iOSREGreetings.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/iOSREHookerTweak.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: Found CPPFuction!
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: Found CFunction!
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: Found ShortCFunction!
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Error>: MS:Error: binary does not support this cpu type
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Error>: MS:Error: failure to check xCon.dylib
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: - main -
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: - applicationDidFinishLaunching -
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: - loadView -
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: - viewDidLoad -
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: CPPFuction: This is a C++ function!
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: CFunction: This is a C function!
Sep 10 13:53:49 sunguozhideiPhone-6s iOSRETargetApp[3570] <Warning>: iOSRE: CPPFuction: This is a short c function!
MS:Error: binary does not support this cpu type
打印的结果,这个指的是不支持当前cpu类型么?
是
1 个赞
把设备上的 iOSREGreetings.dylib复制到Mac上ldid -S一下再放回去
这个文件在哪个路径下了?