r7 = sp + 0xc;
sp = sp - 0x1c;
r10 = [arg2 retain];
r8 = [arg3 retain];
if (r10 != 0x0) {
r6 = [[r10 pEffectObject] retain];
r0 = [r6 mStrKey];
r5 = [r0 retain];
r4 = [r5 hasPrefix:@"1a28ef99a66d4c74bc96976c15ec5ca5"];
[r5 release];
[r6 release];
r2 = 0xbebc200;
r0 = 0x0;
if ((r4 & 0xff) == 0x0) {
r2 = 0xe100;
}
r4 = dispatch_time(r0, 0x0);
asm{ strd r0, r6, [sp, #0x30 + var_2C] };
asm{ strd r1, r2, [sp, #0x30 + var_24] };
var_1C = [r10 retain];
r0 = [r8 retain];
var_18 = r0;
dispatch_after(r4, 0x0, __dispatch_main_q);
[var_18 release];
[var_1C release];
}
[r8 release];
[r10 release];
return;
}
这段汇编中的:
r2 = 0xbebc200;
r0 = 0x0;
if ((r4 & 0xff) == 0x0) {
r2 = 0xe100;
}
r4 = dispatch_time(r0, 0x0);
asm{ strd r0, r6, [sp, #0x30 + var_2C] };
asm{ strd r1, r2, [sp, #0x30 + var_24] };
var_1C = [r10 retain];
r0 = [r8 retain];
var_18 = r0;
dispatch_after(r4, 0x0, __dispatch_main_q);
r2 因该是dispatch_after 的block 参数,但是 r2 的地址是0xbebc200 没有这块地址怎么整? 下面是反汇编的源码
================ B E G I N N I N G O F P R O C E D U R E ================
00a3fec2 push {r4, r5, r6, r7, lr} ; Objective C Implementation defined at 0x1b93a38 (instance)
00a3fec4 add r7, sp, #0xc
00a3fec6 push.w {r8, sl}
00a3feca sub sp, #0x1c
00a3fecc mov r0, r2 ; argument #1 for method imp___picsymbolstub4__objc_retain
00a3fece mov r5, r3
00a3fed0 blx imp___picsymbolstub4__objc_retain
00a3fed4 mov sl, r0
00a3fed6 mov r0, r5
00a3fed8 blx imp___picsymbolstub4__objc_retain
00a3fedc mov r8, r0
00a3fede cmp.w sl, #0x0
00a3fee2 beq 0xa3ffca
00a3fee4 movw r0, #0x3e50 ; @selector(pEffectObject), :lower16:(0x1c53d40 - 0xa3fef0)
00a3fee8 movt r0, #0x121 ; @selector(pEffectObject), :upper16:(0x1c53d40 - 0xa3fef0)
00a3feec add r0, pc ; @selector(pEffectObject)
00a3feee ldr r1, [r0] ; "pEffectObject",@selector(pEffectObject), argument #2 for method imp___picsymbolstub4__objc_msgSend
00a3fef0 mov r0, sl
00a3fef2 blx imp___picsymbolstub4__objc_msgSend
00a3fef6 mov r7, r7
00a3fef8 blx imp___picsymbolstub4__objc_retainAutoreleasedReturnValue
00a3fefc mov r6, r0
00a3fefe movw r0, #0x9722 ; @selector(mStrKey), :lower16:(0x1c4962c - 0xa3ff0a)
00a3ff02 movt r0, #0x120 ; @selector(mStrKey), :upper16:(0x1c4962c - 0xa3ff0a)
00a3ff06 add r0, pc ; @selector(mStrKey)
00a3ff08 ldr r1, [r0] ; "mStrKey",@selector(mStrKey), argument #2 for method imp___picsymbolstub4__objc_msgSend
00a3ff0a mov r0, r6
00a3ff0c blx imp___picsymbolstub4__objc_msgSend
00a3ff10 mov r7, r7
00a3ff12 blx imp___picsymbolstub4__objc_retainAutoreleasedReturnValue
00a3ff16 mov r5, r0
00a3ff18 movw r0, #0x24a8 ; @selector(hasPrefix:), :lower16:(0x1c423d0 - 0xa3ff28)
00a3ff1c movt r0, #0x120 ; @selector(hasPrefix:), :upper16:(0x1c423d0 - 0xa3ff28)
00a3ff20 movw r2, #0x3826 ; @"1a28ef99a66d4c74bc96976c15ec5ca5", :lower16:(cfstring_1a28ef99a66d4c74bc96976c15ec5ca5 - 0xa3ff2e)
00a3ff24 add r0, pc ; @selector(hasPrefix:)
00a3ff26 movt r2, #0x104 ; @"1a28ef99a66d4c74bc96976c15ec5ca5", :upper16:(cfstring_1a28ef99a66d4c74bc96976c15ec5ca5 - 0xa3ff2e)
00a3ff2a add r2, pc ; @"1a28ef99a66d4c74bc96976c15ec5ca5"
00a3ff2c ldr r1, [r0] ; "hasPrefix:",@selector(hasPrefix:), argument #2 for method imp___picsymbolstub4__objc_msgSend
00a3ff2e mov r0, r5
00a3ff30 blx imp___picsymbolstub4__objc_msgSend
00a3ff34 mov r4, r0 ; XREF=-[PYLeftAndRightLabel layoutSubviews]+474
00a3ff36 mov r0, r5
00a3ff38 blx imp___picsymbolstub4__objc_release
00a3ff3c mov r0, r6
00a3ff3e blx imp___picsymbolstub4__objc_release
00a3ff42 movw r2, #0xc200
00a3ff46 tst.w r4, #0xff
00a3ff4a movt r2, #0xbeb
00a3ff4e mov.w r0, #0x0 ; argument #1 for method imp___picsymbolstub4__dispatch_time
00a3ff52 itt eq
00a3ff54 movweq r2, #0xe100
00a3ff58 movteq r2, #0x5f5
00a3ff5c movs r1, #0x0 ; argument #2 for method imp___picsymbolstub4__dispatch_time
00a3ff5e movs r3, #0x0
00a3ff60 movs r6, #0x0
00a3ff62 blx imp___picsymbolstub4__dispatch_time
00a3ff66 mov r4, r0
00a3ff68 movw r0, #0x92 ; :lower16:(imp___nl_symbol_ptr___NSConcreteStackBlock - 0xa3ff7a)
00a3ff6c movt r0, #0xfe ; :upper16:(imp___nl_symbol_ptr___NSConcreteStackBlock - 0xa3ff7a)
00a3ff70 mov r5, r1
00a3ff72 movw r1, #0x47 ; :lower16:(0xa3ffdf - 0xa3ff98)
00a3ff76 add r0, pc ; imp___nl_symbol_ptr___NSConcreteStackBlock
00a3ff78 movt r1, #0x0 ; :upper16:(0xa3ffdf - 0xa3ff98)
00a3ff7c movw r2, #0x6360 ; :lower16:(0x1a562f0 - 0xa3ff90)
00a3ff80 movt r2, #0x101 ; :upper16:(0x1a562f0 - 0xa3ff90)
00a3ff84 ldr r0, [r0] ; imp___nl_symbol_ptr___NSConcreteStackBlock,__NSConcreteStackBlock
00a3ff86 str r0, [sp, #0x30 + var_30]
00a3ff88 mov.w r0, #0xc2000000
00a3ff8c add r2, pc ; 0x1a562f0
00a3ff8e strd r0, r6, [sp, #0x30 + var_2C]
00a3ff92 mov r0, sl ; argument #1 for method imp___picsymbolstub4__objc_retain
00a3ff94 add r1, pc
00a3ff96 strd r1, r2, [sp, #0x30 + var_24]
00a3ff9a blx imp___picsymbolstub4__objc_retain
00a3ff9e str r0, [sp, #0x30 + var_1C]
00a3ffa0 mov r0, r8
00a3ffa2 blx imp___picsymbolstub4__objc_retain
00a3ffa6 movw r1, #0x62 ; :lower16:(imp___nl_symbol_ptr___dispatch_main_q - 0xa3ffb6)
00a3ffaa mov r3, sp
00a3ffac movt r1, #0xfe ; :upper16:(imp___nl_symbol_ptr___dispatch_main_q - 0xa3ffb6)
00a3ffb0 str r0, [sp, #0x30 + var_18]
00a3ffb2 add r1, pc ; imp___nl_symbol_ptr___dispatch_main_q
00a3ffb4 mov r0, r4 ; argument #1 for method imp___picsymbolstub4__dispatch_after
00a3ffb6 ldr r2, [r1] ; imp___nl_symbol_ptr___dispatch_main_q,__dispatch_main_q, argument #3 for method imp___picsymbolstub4__dispatch_after
00a3ffb8 mov r1, r5
00a3ffba blx imp___picsymbolstub4__dispatch_after
00a3ffbe ldr r0, [sp, #0x30 + var_18]
00a3ffc0 blx imp___picsymbolstub4__objc_release
00a3ffc4 ldr r0, [sp, #0x30 + var_1C]
00a3ffc6 blx imp___picsymbolstub4__objc_release
00a3ffca mov r0, r8 ; XREF=-[pg_sdk_ui_c360_controller editSDKMakeWithSender:withPath:]+32
00a3ffcc blx imp___picsymbolstub4__objc_release
00a3ffd0 mov r0, sl
00a3ffd2 blx imp___picsymbolstub4__objc_release
00a3ffd6 add sp, #0x1c
00a3ffd8 pop.w {r8, sl}
00a3ffdc pop {r4, r5, r6, r7, pc}
; endp