hirat
(NoOne)
1
大家好,之前我们获取iOS进程是通过调用sysctl接口,最近发现这个接口在iOS9上返回结果为空,应该是苹果把这个接口给封了。
然后我就搜索了一下iOS的私有API,发现FrontBoard.framework中的FBProcessManager类应该可以实现类似的功能,可是在调用的时候会报错。
不知道有没有人之前遇到过类似的问题,都是怎么解决的?
以下是错误信息:
Error getting job dictionaries. Error: Unknown error: 154
*** Assertion failure in -[FBApplicationLibrary init], /BuildRoot/Library/Caches/com.apple.xbs/Sources/FrontBoard/FrontBoard-251.1/FrontBoard/FBApplicationLibrary.m:88
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'FBApplicationLibrary cannot be initialized before calling FBSystemAppMain()'
*** First throw call stack:
(0x183e8738c 0x19852bf2c 0x183e8725c 0x184dab060 0x18d9ba810 0x18d9ba6a4 0x1000c5078 0x1000c5f98 0x18d9ba678 0x18d9ff5ac 0x18d9ff380 0x1000c5078 0x1000c5f98 0x18d9ff358 0x184d13dfc 0x10009049c 0x1000903c0 0x1000902a8 0x1000c5078 0x1000c5f98 0x100090234 0x100090ecc 0x1894f5ea8 0x1894f54d8 0x1894f5264 0x1894f5020 0x189748fa8 0x1894fb2a4 0x18940dd18 0x1894327f8 0x18940da38 0x18940cfac 0x18940ce14 0x18941a258 0x1894193d0 0x189416754 0x18948b6a4 0x1896afa14 0x1896b35d4 0x1896b0c54 0x18da52ccc 0x18da53040 0x183e3ed10 0x183e3e7a4 0x183e3c478 0x183d690d0 0x18947f838 0x18947a5f0 0x1000917b8 0x198d6a8b8)
libc abi.dylib: terminating with uncaught exception of type NSException
1 个赞
这一句是具体的报错信息,你google一下相关关键词看看
你的代码是怎么写的?
我在SpringBoard内部试了一下,调用[[FBProcessManager sharedInstance] allProcesses]确实可以拿到所有的进程信息:
cy# [[FBProcessManager sharedInstance] allProcesses]
@[#"<FBApplicationProcess: 0x17e8fd80; Preferences; pid: 599>",#"<FBProcess: 0x166811a0; networkd; pid: 198>",#"<FBApplicationProcess: 0x17b73790; MojiWeather; pid: 531>",#"<FBProcess: 0x17e42070; mediaserverd; pid: 111>",#"<FBExtensionProcess: 0x16539500; com.sogou.sogou; pid: 567>",#"<FBProcess: 0x178bd7d0; searchd; pid: 367>",#"<FBApplicationProcess: 0x1650f230; MobileSMS; pid: 606>",#"<FBProcess: 0x17c5c780; locationd; pid: 106>",#"<FBProcess: 0x179be5e0; aggregated; pid: 54>",#"<FBApplicationProcess: 0x16635140; SpringBoard; pid: 49>",#"<FBApplicationProcess: 0x165210b0; MobileMail; pid: 552>",#"<FBProcess: 0x17907860; calaccessd; pid: 306>",#"<FBProcess: 0x17c010b0; imagent; pid: 102>",#"<FBApplicationProcess: 0x17e8afa0; MessagesNotific; pid: 609>",#"<FBProcess: 0x1793ea10; mediaremoted; pid: 109>",#"<FBProcess: 0x1782e1e0; CommCenter; pid: 30>"]
看起来没问题,我是在iOS 8上测试的,不确定iOS 9是不是变了
借楼问下大神,我是刚看应用逆向工程这本书,提到了用dumpdecrypted砸壳,用class dump获取.h文件。但是书中讲class dump获取.h文件时已经把app拷贝到了mac上了,但是砸壳后app还在ios里面。我尝试着把砸壳后的app copy到mac里,之后获取.h文件 可是class dump后还是空。。我的ios8.3系统沙盒路径有所变化,莫非是因为我砸壳砸歪了失败了?
hirat
(NoOne)
10
我不是做越狱开发,只是调用一下私有API,看来还是行不通,我再看看有没有别的方法
join
(join)
11
大神,我也需要解决这个问题,请问你解决了么?是怎么解决的啊?能给个demo看一下或者给个思路么?
iCyber
(iCyber)
15
sysctl 可以获取到进程啊!!! iOS9Beta3 亲测可以! (刚刚看Beta4 7.21发布了, 没来得及试)
iCyber
(iCyber)
17
int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL, 0};
u_int miblen = 4;
size_t size = 0;
int st = 0;
struct kinfo_proc * process = NULL;
struct kinfo_proc * newprocess = NULL;
sysctl(mib, miblen, NULL, &size, NULL, 0);
do {
size += size / 10;
newprocess = realloc(process, size);
if (!newprocess) {
if (process) {
free(process);
}
return;
}
process = newprocess;
st = sysctl(mib, miblen, process, &size, NULL, 0);
}
while (st == -1 && errno == ENOMEM);
if (st == 0) {
if (size % sizeof(struct kinfo_proc) == 0) {
unsigned long nprocess = size / sizeof(struct kinfo_proc);
if (nprocess) {
for (long i = nprocess - 1; i >= 0; i --) {
NSString * procExecName = [NSString stringWithCString:process[i].kp_proc.p_comm encoding:NSUTF8StringEncoding];
NSLog(@"====> ", procExecName);
}
}
}
}
free(process);
rEcover
(rEcover)
18
你这个语句,[FBProcessManager sharedInstance] 编译报错,是怎么处理?
rEcover
(rEcover)
20
./System/Library/AccessibilityBundles/FrontBoard.axbundle/FrontBoard
是不是这个路径?
hirat
(NoOne)
21
/System/Library/PrivateFrameworks/FrontBoard.framework/FrontBoard