Hello, I was trying to use MobileHooker according the example in the book:
MSImageRef image = MSGetImageByName("/Applications/iOSRETargetApp.app/iOSRETargetApp");
NSLog(@"iOSRE Image addr: %@", image);
...
void *__ZN8CPPClass11CPPFunctionEPKc = MSFindSymbol(image, "__ZN8CPPClass11CPPFunctionEPKc");
My problem is that the call from MSGetImageByName always returns NULL. The permissions should be correct and I can see the symbols in IDA or with nm.
root# ls -l /Applications/iOSRETargetApp.app/iOSRETargetApp
-rwxr-xr-x 1 mobile staff 134368 Dec 20 10:33 /Applications/iOSRETargetApp.app/iOSRETargetApp
$ nm iOSRETargetApp | grep __ZN8CPPClass11CPPFunctionEPKc
0000a678 T __ZN8CPPClass11CPPFunctionEPKc
000000010000652c T __ZN8CPPClass11CPPFunctionEPKc
After I kill the SpringBoard, it writes to syslog:
SpringBoard[3280]: iOSRE Image addr: (null)
Anyone with the same problem or possible solution? I use iOS 8.2.