请教各位大神,在hook backboardd的时候,Filter 里面在 Executables下写 backboardd 和在 Bundles 下面写 com.apple.backboardd 有没有什么区别?
写的一个Tweak在只作用于com.apple.backboardd时工作正常(代码中,objc_getClass(“CAWindowServer”)能正常获取到)。
我现在想同时hook backboardd 和 springboard ,如果 Filter 都写在 Bundles 下面,如下:
重启springboard后就会进入安全模式。
如果将backboardd写到Executables下面,如下:
重启springboard正常,但是重启backboardd会进入安全模式,在代码中,objc_getClass(“CAWindowServer”)就获取不到了。有谁知道是什么原因吗?怎么解…
不胜感激!!!!
上面一种写法是对的,下面的话要加一个“Mode : Any”键值对,详情书上写了。
进入安全模式是你的代码问题,不是filter的问题
谢谢!!
可是Tweak单独作用于backboardd的时候一切都正常,我加的hook springboard的代码如下:
在MSInitialize { … }里面:
MSHookMessageEx((Class)objc_getClass("SpringBoard"), @selector(_lockButtonDown:fromSource:), (IMP)replaced__lockButtonDown, (IMP *)&original__lockButtonDown);
MSHookMessageEx((Class)objc_getClass("SpringBoard"), @selector(_lockButtonUp:fromSource:), (IMP)replaced__lockButtonUp, (IMP *)&original__lockButtonUp);
具体实现是:
/**
* hook SpringBoard --
*/
//锁屏键按下
static void(*original__lockButtonDown)(id,SEL,struct __IOHIDEvent *,int);
static void replaced__lockButtonDown(id self, SEL _cmd,struct __IOHIDEvent *arg1,int arg2) {
NSLog(@"replaced__lockButtonDown ... ... ... ");
original__lockButtonDown(self, _cmd,arg1,arg2);
}
//锁屏键抬起
static void(*original__lockButtonUp)(id, SEL,struct __IOHIDEvent *,int);
static void replaced__lockButtonUp(id self, SEL _cmd,struct __IOHIDEvent *arg1,int arg2) {
NSLog(@"replaced__lockButtonUp ... ... ... ");
original__lockButtonUp(self, _cmd,arg1,arg2);
}
没有其他任何操作了,请问狗神,还有可能是其他什么原因吗?
1 个赞
为什么不用Logos语法呢?你看看syslog里的报错信息
我把有关hook springboard的代码全部去掉了,就在Filter里面加了com.apple.springboard,编译安装Tweak后,重启backboardd的过程中,syslog里面输出了下面的有关这个Tweak的错误信息:
Dec 17 11:05:10 iPhone backboardd[1150]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 11:05:10 iPhone SpringBoard[1152]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 11:05:10 iPhone ReportCrash[1156]: 2 CNRecordTouch.dylib 0x007e9b1a 0x7e8000 + 6938
Dec 17 11:05:10 iPhone ReportCrash[1156]: 0x7e8000 - 0x7e9fff CNRecordTouch.dylib armv7s <c6e34011d244356db1b01cc9f827dadf> /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
麻烦您有时间指点一下!!!不胜感激!!!
你把syslog传上来看看
当Tweak仅仅作用于backboardd的时候,一切都是正常的,然后我把Filter里面添加了com.apple.springboard,重启backboardd后,就直接进入了安全模式,重启backboardd的过程中,输出的与此Tweak有关联的log如下:
Dec 17 12:50:30 iPhone backboardd[765]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 12:50:30 iPhone SpringBoard[767]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 12:50:31 iPhone ReportCrash[771]: 2 CNRecordTouch.dylib 0x007e5a80 0x7e4000 + 6784
Dec 17 12:50:31 iPhone ReportCrash[771]: 0x7e4000 - 0x7e5fff CNRecordTouch.dylib armv7s <06c8a707245d36dd839cd9946aea088b> /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
如果只是重启SpringBoard的话,能成功将/Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib载入SpringBoard。
我的系统是8.1.2,是不是在这上面不能同时hook backboard和SpringBoard啊?
另外,如果在这种情况下重启手机的话,会白苹果。昨天已经刷过一次机了。。。
你把完整的syslog发上来我看看,从这个上面看不出你SpringBoard崩溃的原因
狗神,这是奔溃期间的log:
Dec 17 13:48:25 iPhone backboardd[1045]: MS:Notice: Injecting: com.apple.backboardd [backboardd] (1141.16)
Dec 17 13:48:25 iPhone backboardd[1045]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 13:48:25 iPhone aggregated[51]: Connection interrupted!
Dec 17 13:48:25 iPhone SpringBoard[1043]: MS:Notice: Injecting: com.apple.springboard [SpringBoard] (1141.16)
Dec 17 13:48:25 iPhone SpringBoard[1043]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/Activator.dylib
Dec 17 13:48:25 iPhone backboardd[1045]: main display width 640 height 1136 scale 2 orientation 0
Dec 17 13:48:25 iPhone backboardd[1045]: PUIProgressWindow forcing to white because of MG
Dec 17 13:48:25 iPhone backboardd[1045]: PUIProgressWindow trying to load image source for /System/Library/PrivateFrameworks/ProgressUI.framework/apple-logo-black@2x~iphone.png
Dec 17 13:48:25 iPhone backboardd[1045]: void __IOHIDPlugInLoadBundles(): Loaded 3 HID plugins
Dec 17 13:48:25 iPhone backboardd[1045]: IOHIDService compatibility thread running at priority 63 and schedule 2.
Dec 17 13:48:25 iPhone SpringBoard[1043]: BTM: attaching to BTServer
Dec 17 13:48:25 iPhone mediaserverd[111]: 'FigPlayer - 109' (pid = 109) setting DiscoveryMode = DiscoveryMode_None, currentDiscoveryMode = DiscoveryMode_None
Dec 17 13:48:25 iPhone SpringBoard[1043]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 13:48:25 iPhone com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Service "com.apple.SpringBoard" tried to hijack endpoint "com.wugensan.cnrecordtouch" from owner: com.apple.backboardd
Dec 17 13:48:25: --- last message repeated 1 time ---
Dec 17 13:48:25 iPhone backboardd[1045]: MultitouchHID: detection mode: 255->0 (deferring until bootloaded)
Dec 17 13:48:25 iPhone ReportCrash[1049]: MS:Notice: Injecting: (null) [ReportCrash] (1141.16)
Dec 17 13:48:25 iPhone ReportCrash[1049]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/RocketBootstrap.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: task_set_exception_ports(B07, 400, F03, 0, 0) failed with error (4: (os/kern) invalid argument)
Dec 17 13:48:25 iPhone ReportCrash[1049]: ReportCrash acting against PID 1043
Dec 17 13:48:25 iPhone CLTM[48]: CLTM: No ALS Event
Dec 17 13:48:25 iPhone ReportCrash[1049]: Formulating crash report for process SpringBoard[1043]
Dec 17 13:48:25 iPhone com.apple.xpc.launchd[1] (com.apple.SpringBoard[1043]): Service exited due to signal: Segmentation fault: 11
Dec 17 13:48:25 iPhone ReportCrash[1049]: Not saving crash log because we have reached the limit for logs to store on disk. Sync or otherwise clear logs from /var/mobile/Library/Logs/CrashReporter to save new logs.
Dec 17 13:48:25 iPhone ReportCrash[1049]: Could not save crash report to disk!
Dec 17 13:48:25 iPhone com.apple.xpc.launchd[1] (com.apple.SpringBoard): Service only ran for 0 seconds. Pushing respawn out by 5 seconds.
Dec 17 13:48:25 iPhone ReportCrash[1049]: Incident Identifier: 06D674FF-C878-46B7-8392-28EBADFECC59
Dec 17 13:48:25 iPhone ReportCrash[1049]: CrashReporter Key: dcaf417a1be906ffdddba183c4131cf8a35d8c64
Dec 17 13:48:25 iPhone ReportCrash[1049]: Hardware Model: iPhone5,2
Dec 17 13:48:25 iPhone ReportCrash[1049]: Process: SpringBoard [1043]
Dec 17 13:48:25 iPhone ReportCrash[1049]: Path: /System/Library/CoreServices/SpringBoard.app/SpringBoard
Dec 17 13:48:25 iPhone ReportCrash[1049]: Identifier: SpringBoard
Dec 17 13:48:25 iPhone ReportCrash[1049]: Version: ???
Dec 17 13:48:25 iPhone ReportCrash[1049]: Code Type: ARM (Native)
Dec 17 13:48:25 iPhone ReportCrash[1049]: Parent Process: launchd [1]
Dec 17 13:48:25 iPhone ReportCrash[1049]: Date/Time: 2014-12-17 13:48:25.600 +0800
Dec 17 13:48:25 iPhone ReportCrash[1049]: Launch Time: 2014-12-17 13:48:25.164 +0800
Dec 17 13:48:25 iPhone ReportCrash[1049]: OS Version: iOS 8.1.2 (12B440)
Dec 17 13:48:25 iPhone ReportCrash[1049]: Report Version: 105
Dec 17 13:48:25 iPhone ReportCrash[1049]: Exception Type: EXC_CRASH (SIGSEGV)
Dec 17 13:48:25 iPhone ReportCrash[1049]: Exception Codes: 0x0000000000000000, 0x0000000000000000
Dec 17 13:48:25 iPhone ReportCrash[1049]: Triggered by Thread: 1
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 0 name: Dispatch queue: com.apple.main-thread
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 0:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0 CoreFoundation 0x2569cdd8 0x255e0000 + 773592
Dec 17 13:48:25 iPhone ReportCrash[1049]: 1 librocketbootstrap.dylib 0x007e2332 0x7e0000 + 9010
Dec 17 13:48:25 iPhone ReportCrash[1049]: 2 CNRecordTouch.dylib 0x007f1b1a 0x7f0000 + 6938
Dec 17 13:48:25 iPhone ReportCrash[1049]: 3 dyld 0x1fefaa1a 0x1feec000 + 59930
Dec 17 13:48:25 iPhone ReportCrash[1049]: 4 dyld 0x1fefab20 0x1feec000 + 60192
Dec 17 13:48:25 iPhone ReportCrash[1049]: 5 dyld 0x1fef7f9e 0x1feec000 + 49054
Dec 17 13:48:25 iPhone ReportCrash[1049]: 6 dyld 0x1fef7df2 0x1feec000 + 48626
Dec 17 13:48:25 iPhone ReportCrash[1049]: 7 dyld 0x1fef80c8 0x1feec000 + 49352
Dec 17 13:48:25 iPhone ReportCrash[1049]: 8 dyld 0x1fef082e 0x1feec000 + 18478
Dec 17 13:48:25 iPhone ReportCrash[1049]: 9 dyld 0x1fef5270 0x1feec000 + 37488
Dec 17 13:48:25 iPhone ReportCrash[1049]: 10 libdyld.dylib 0x3341c722 0x3341b000 + 5922
Dec 17 13:48:25 iPhone ReportCrash[1049]: 11 SubstrateLoader.dylib 0x006e0e0c 0x6e0000 + 3596
Dec 17 13:48:25 iPhone ReportCrash[1049]: 12 SubstrateLoader.dylib 0x006e1558 0x6e0000 + 5464
Dec 17 13:48:25 iPhone ReportCrash[1049]: 13 dyld 0x1fefaa1a 0x1feec000 + 59930
Dec 17 13:48:25 iPhone ReportCrash[1049]: 14 dyld 0x1fefab20 0x1feec000 + 60192
Dec 17 13:48:25 iPhone ReportCrash[1049]: 15 dyld 0x1fef7f9e 0x1feec000 + 49054
Dec 17 13:48:25 iPhone ReportCrash[1049]: 16 dyld 0x1fef7df2 0x1feec000 + 48626
Dec 17 13:48:25 iPhone ReportCrash[1049]: 17 dyld 0x1fef80c8 0x1feec000 + 49352
Dec 17 13:48:25 iPhone ReportCrash[1049]: 18 dyld 0x1fef082e 0x1feec000 + 18478
Dec 17 13:48:25 iPhone ReportCrash[1049]: 19 dyld 0x1fef5270 0x1feec000 + 37488
Dec 17 13:48:25 iPhone ReportCrash[1049]: 20 libdyld.dylib 0x3341c722 0x3341b000 + 5922
Dec 17 13:48:25 iPhone ReportCrash[1049]: 21 MobileSubstrate.dylib 0x0067be8c 0x67b000 + 3724
Dec 17 13:48:25 iPhone ReportCrash[1049]: 22 dyld 0x1fefaa1a 0x1feec000 + 59930
Dec 17 13:48:25 iPhone ReportCrash[1049]: 23 dyld 0x1fefab20 0x1feec000 + 60192
Dec 17 13:48:25 iPhone ReportCrash[1049]: 24 dyld 0x1fef7f9e 0x1feec000 + 49054
Dec 17 13:48:25 iPhone ReportCrash[1049]: 25 dyld 0x1fef7df2 0x1feec000 + 48626
Dec 17 13:48:25 iPhone ReportCrash[1049]: 26 dyld 0x1fef80c8 0x1feec000 + 49352
Dec 17 13:48:25 iPhone ReportCrash[1049]: 27 dyld 0x1feede24 0x1feec000 + 7716
Dec 17 13:48:25 iPhone ReportCrash[1049]: 28 dyld 0x1fef13f4 0x1feec000 + 21492
Dec 17 13:48:25 iPhone ReportCrash[1049]: 29 dyld 0x1feed222 0x1feec000 + 4642
Dec 17 13:48:25 iPhone ReportCrash[1049]: 30 dyld 0x1feed03c 0x1feec000 + 4156
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 1 name: Dispatch queue: com.apple.libdispatch-manager
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 1 Crashed:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0 libsystem_kernel.dylib 0x334cf2a0 0x334ce000 + 4768
Dec 17 13:48:25 iPhone ReportCrash[1049]: 1 libdispatch.dylib 0x334089fc 0x333fb000 + 55804
Dec 17 13:48:25 iPhone ReportCrash[1049]: 2 libdispatch.dylib 0x333fe20e 0x333fb000 + 12814
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 2:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0 libsystem_kernel.dylib 0x334e39cc 0x334ce000 + 88524
Dec 17 13:48:25 iPhone ReportCrash[1049]: 1 libsystem_pthread.dylib 0x3355dea8 0x3355d000 + 3752
Dec 17 13:48:25 iPhone ReportCrash[1049]: 2 libsystem_pthread.dylib 0x3355db80 0x3355d000 + 2944
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 3:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0 libsystem_kernel.dylib 0x334e39cc 0x334ce000 + 88524
Dec 17 13:48:25 iPhone ReportCrash[1049]: 1 libsystem_pthread.dylib 0x3355dea8 0x3355d000 + 3752
Dec 17 13:48:25 iPhone ReportCrash[1049]: 2 libsystem_pthread.dylib 0x3355db80 0x3355d000 + 2944
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 4:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0 libsystem_kernel.dylib 0x334e39cc 0x334ce000 + 88524
Dec 17 13:48:25 iPhone ReportCrash[1049]: 1 libsystem_pthread.dylib 0x3355dea8 0x3355d000 + 3752
Dec 17 13:48:25 iPhone ReportCrash[1049]: 2 libsystem_pthread.dylib 0x3355db80 0x3355d000 + 2944
Dec 17 13:48:25 iPhone ReportCrash[1049]: Thread 1 crashed with ARM Thread State (32-bit):
Dec 17 13:48:25 iPhone ReportCrash[1049]: r0: 0x00000004 r1: 0x00000000 r2: 0x00000001 r3: 0x0074c6f0
Dec 17 13:48:25 iPhone ReportCrash[1049]: r4: 0x00000001 r5: 0x00000000 r6: 0x00000000 r7: 0x0074c760
Dec 17 13:48:25 iPhone ReportCrash[1049]: r8: 0x35b8e150 r9: 0x00000000 r10: 0x00000000 r11: 0x35b8f040
Dec 17 13:48:25 iPhone ReportCrash[1049]: ip: 0x00000171 sp: 0x0074c6d0 lr: 0x33408a01 pc: 0x334cf2a0
Dec 17 13:48:25 iPhone ReportCrash[1049]: cpsr: 0x20000010
Dec 17 13:48:25 iPhone ReportCrash[1049]: Binary Images:
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x4a000 - 0x44dfff SpringBoard armv7s <7f2c243850f734b9a72ed66cb0571320> /System/Library/CoreServices/SpringBoard.app/SpringBoard
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x67b000 - 0x67bfff MobileSubstrate.dylib armv6 <cf227792bbf2307cb4e9231453aa433c> /Library/MobileSubstrate/MobileSubstrate.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x6e0000 - 0x6e1fff SubstrateLoader.dylib armv6 <e6f0c76469b63c05afa34188d067f088> /Library/Frameworks/CydiaSubstrate.framework/Libraries/SubstrateLoader.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x704000 - 0x712fff Activator.dylib armv7s <bde7f5fe4b7130e5a83fe48228b7ba4e> /Library/MobileSubstrate/DynamicLibraries/Activator.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x7e0000 - 0x7e2fff librocketbootstrap.dylib armv7s <b0e02a64d3fb3798b9f1503b8633ef1f> /usr/lib/librocketbootstrap.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x7e6000 - 0x7e9fff libsubstrate.dylib armv7 <4ff1188b003a3544803dbbf25513e373> /usr/lib/libsubstrate.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x7f0000 - 0x7f1fff CNRecordTouch.dylib armv7s <c6e34011d244356db1b01cc9f827dadf> /Library/MobileSubstrate/DynamicLibraries/CNRecordTouch.dylib
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x2142000 - 0x2188fff ActivatorSpringBoard armv6 <4a941a278fa73e1c93b15c5f9b5d88b1> /Library/Activator/ActivatorSpringBoard.bundle/ActivatorSpringBoard
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x1feec000 - 0x1ff0ffff dyld armv7s <8ffd813a380c333bbd4a25e1dbe05715> /usr/lib/dyld
Dec 17 13:48:25 iPhone ReportCrash[1049]: 0x2417c000 - 0x242e8fff AVFoundation armv7s <23a20af23f733b39b5c87059c080f9f7> /System/Library/Frameworks/AVFoundation.framework/AVFoundation
第23行是崩溃的原因,看起来是空指针造成的,你的完整代码是怎么写的?
是代码的问题,重新用logos语法写的代码就没有问题了。