是。手动修改吧
有修改的教程吗,或者大概步骤吗,没做过这个,不明白,请教一下哦。
1 个赞
+[SKUIClientContext defaultContext]:
0x000000018c75a63c stp x28, x27, [sp, #-0x60]! ; Objective C Implementation defined at 0x19c758ee8 (class)
0x000000018c75a640 stp x26, x25, [sp, #0x10]
0x000000018c75a644 stp x24, x23, [sp, #0x20]
0x000000018c75a648 stp x22, x21, [sp, #0x30]
0x000000018c75a64c stp x20, x19, [sp, #0x40]
0x000000018c75a650 stp x29, x30, [sp, #0x50]
0x000000018c75a654 add x29, sp, #0x50
0x000000018c75a658 mov x21, x0
0x000000018c75a65c adrp x8, #0x19ebbd000
0x000000018c75a660 ldr x0, [x8, #0xca8] ; 0x19ebbdca8
0x000000018c75a664 adrp x8, #0x19ebb0000 ; @selector(setImage:forArtworkRequest:context:)
0x000000018c75a668 ldr x1, [x8, #0x688] ; 0x19ebb0688
0x000000018c75a66c bl 0x187fde2bc
0x000000018c75a670 mov x29, x29
0x000000018c75a674 bl 0x187fde2d4
0x000000018c75a678 mov x20, x0
0x000000018c75a67c adrp x8, #0x19ebb0000 ; @selector(setImage:forArtworkRequest:context:)
0x000000018c75a680 ldr x1, [x8, #0x690] ; "activeAccount",@selector(activeAccount)
0x000000018c75a684 bl 0x187fde2bc
0x000000018c75a688 mov x29, x29
0x000000018c75a68c bl 0x187fde2d4
0x000000018c75a690 mov x19, x0
0x000000018c75a694 mov x0, x20
0x000000018c75a698 bl 0x187fde2c4
0x000000018c75a69c mov x0, x19
0x000000018c75a6a0 bl 0x187fe1448
0x000000018c75a6a4 mov x29, x29
0x000000018c75a6a8 bl 0x187fde2d4
0x000000018c75a6ac mov x20, x0
0x000000018c75a6b0 cbz x20, 0x18c75a844
0x000000018c75a6b4 adrp x8, #0x19ebba000 ; @selector(_newLinkButtonWithTitle:)
0x000000018c75a6b8 ldr x1, [x8, #0x830] ; "_cachePathForStoreFrontIdentifier:",@selector(_cachePathForStoreFrontIdentifier:)
0x000000018c75a6bc mov x0, x21
0x000000018c75a6c0 mov x2, x20
0x000000018c75a6c4 bl 0x187fde2bc
0x000000018c75a6c8 mov x29, x29
0x000000018c75a6cc bl 0x187fde2d4
0x000000018c75a6d0 mov x22, x0
0x000000018c75a6d4 cbz x22, 0x18c75a700
0x000000018c75a6d8 adrp x8, #0x19ebbd000
0x000000018c75a6dc ldr x0, [x8, #0xa28] ; 0x19ebbda28
0x000000018c75a6e0 adrp x8, #0x19ebbc000 ; @selector(_editorialContainerView)
0x000000018c75a6e4 ldr x1, [x8, #0xe30] ; 0x19ebbce30
0x000000018c75a6e8 mov x2, x22
0x000000018c75a6ec bl 0x187fde2bc
0x000000018c75a6f0 mov x29, x29
0x000000018c75a6f4 bl 0x187fde2d4
0x000000018c75a6f8 mov x25, x0
0x000000018c75a6fc cbnz x25, 0x18c75a878
0x000000018c75a700 adrp x8, #0x19ebbd000 ; XREF=+[SKUIClientContext defaultContext]+152
0x000000018c75a704 ldr x0, [x8, #0xa20] ; 0x19ebbda20
0x000000018c75a708 adrp x8, #0x19ebaf000
0x000000018c75a70c ldr x1, [x8, #0x478] ; 0x19ebaf478
0x000000018c75a710 bl 0x187fde2bc
0x000000018c75a714 mov x29, x29
0x000000018c75a718 bl 0x187fde2d4
0x000000018c75a71c mov x24, x0
0x000000018c75a720 adrp x8, #0x19ebbc000 ; @selector(_editorialContainerView)
0x000000018c75a724 ldr x1, [x8, #0xe38] ; 0x19ebbce38
0x000000018c75a728 adrp x2, #0x19c669000
0x000000018c75a72c add x2, x2, #0xe50 ; @"SKUIStoreConfigurations"
0x000000018c75a730 adrp x3, #0x19c665000
0x000000018c75a734 add x3, x3, #0xd10 ; @"plist"
0x000000018c75a738 bl 0x187fde2bc
0x000000018c75a73c mov x29, x29
0x000000018c75a740 bl 0x187fde2d4
0x000000018c75a744 mov x23, x0
0x000000018c75a748 mov x0, x24
0x000000018c75a74c bl 0x187fde2c4
0x000000018c75a750 cbz x23, 0x18c75a84c
0x000000018c75a754 adrp x28, #0x19ebbd000
0x000000018c75a758 ldr x0, [x28, #0xa28] ; 0x19ebbda28
0x000000018c75a75c adrp x8, #0x19ebaf000
0x000000018c75a760 ldr x1, [x8, #0x18] ; 0x19ebaf018
0x000000018c75a764 bl 0x187fde2bc
0x000000018c75a768 adrp x8, #0x19ebb2000 ; @selector(newTextView)
0x000000018c75a76c ldr x1, [x8, #0x218] ; 0x19ebb2218
0x000000018c75a770 mov x2, x23
0x000000018c75a774 bl 0x187fde2bc
0x000000018c75a778 mov x24, x0
0x000000018c75a77c adrp x8, #0x19ebaf000
0x000000018c75a780 ldr x25, [x8, #0x3c0] ; 0x19ebaf3c0
0x000000018c75a784 mov x1, x25
0x000000018c75a788 mov x2, x20
0x000000018c75a78c bl 0x187fde2bc
0x000000018c75a790 mov x29, x29
0x000000018c75a794 bl 0x187fde2d4
0x000000018c75a798 mov x26, x0
0x000000018c75a79c cbnz x26, 0x18c75a80c
0x000000018c75a7a0 adrp x8, #0x19ebb0000 ; @selector(setImage:forArtworkRequest:context:)
0x000000018c75a7a4 ldr x1, [x8, #0x248] ; 0x19ebb0248
0x000000018c75a7a8 adrp x2, #0x19c65b000
0x000000018c75a7ac add x2, x2, #0xd30 ; @","
0x000000018c75a7b0 mov x0, x20
0x000000018c75a7b4 bl 0x187fde2bc
0x000000018c75a7b8 mov x8, x0
0x000000018c75a7bc orr x9, xzr, #0x7fffffffffffffff
0x000000018c75a7c0 cmp x8, x9
0x000000018c75a7c4 b.eq 0x18c75a80c
0x000000018c75a7c8 adrp x9, #0x19ebb0000 ; @selector(setImage:forArtworkRequest:context:)
0x000000018c75a7cc ldr x1, [x9, #0x8f8] ; 0x19ebb08f8
0x000000018c75a7d0 mov x0, x20
0x000000018c75a7d4 mov x2, x8
0x000000018c75a7d8 bl 0x187fde2bc
0x000000018c75a7dc mov x29, x29
0x000000018c75a7e0 bl 0x187fde2d4
0x000000018c75a7e4 mov x27, x0
0x000000018c75a7e8 mov x0, x24
0x000000018c75a7ec mov x1, x25
0x000000018c75a7f0 mov x2, x27
0x000000018c75a7f4 bl 0x187fde2bc
0x000000018c75a7f8 mov x29, x29
0x000000018c75a7fc bl 0x187fde2d4
0x000000018c75a800 mov x26, x0
0x000000018c75a804 mov x0, x27
0x000000018c75a808 bl 0x187fde2c4
0x000000018c75a80c ldr x0, [x28, #0xa28] ; XREF=+[SKUIClientContext defaultContext]+352, +[SKUIClientContext defaultContext]+392
0x000000018c75a810 adrp x8, #0x19ebaf000
0x000000018c75a814 ldr x1, [x8, #0x30] ; 0x19ebaf030
0x000000018c75a818 bl 0x187fde2bc
0x000000018c75a81c mov x2, x0
0x000000018c75a820 adrp x8, #0x19ebaf000
0x000000018c75a824 ldr x1, [x8, #0x358] ; 0x19ebaf358
0x000000018c75a828 mov x0, x26
0x000000018c75a82c bl 0x187fde2bc
0x000000018c75a830 cbz w0, 0x18c75a858
0x000000018c75a834 mov x0, x26
0x000000018c75a838 bl 0x187fde2c8
0x000000018c75a83c mov x25, x0
0x000000018c75a840 b 0x18c75a85c
0x000000018c75a844 movz x21, #0x0 ; XREF=+[SKUIClientContext defaultContext]+116
0x000000018c75a848 b 0x18c75a8e4
0x000000018c75a84c mov x0, x23 ; XREF=+[SKUIClientContext defaultContext]+276
0x000000018c75a850 bl 0x187fde2c4
0x000000018c75a854 b 0x18c75a8cc
0x000000018c75a858 movz x25, #0x0 ; XREF=+[SKUIClientContext defaultContext]+500
0x000000018c75a85c mov x0, x26 ; XREF=+[SKUIClientContext defaultContext]+516
0x000000018c75a860 bl 0x187fde2c4
0x000000018c75a864 mov x0, x24
0x000000018c75a868 bl 0x187fde2c4
0x000000018c75a86c mov x0, x23
0x000000018c75a870 bl 0x187fde2c4
0x000000018c75a874 cbz x25, 0x18c75a8cc
0x000000018c75a878 adrp x8, #0x19ebaf000 ; XREF=+[SKUIClientContext defaultContext]+192
0x000000018c75a87c ldr x1, [x8, #0x18] ; 0x19ebaf018
0x000000018c75a880 mov x0, x21
0x000000018c75a884 bl 0x187fde2bc
0x000000018c75a888 adrp x8, #0x19ebaf000
0x000000018c75a88c ldr x1, [x8, #0x4f0] ; "initWithConfigurationDictionary:",@selector(initWithConfigurationDictionary:)
0x000000018c75a890 mov x2, x25
0x000000018c75a894 bl 0x187fde2bc
0x000000018c75a898 mov x21, x0
0x000000018c75a89c cbz x21, 0x18c75a8d4
0x000000018c75a8a0 adrp x8, #0x19ebaf000
0x000000018c75a8a4 ldr x1, [x8, #0x188] ; 0x19ebaf188
0x000000018c75a8a8 mov x0, x20
0x000000018c75a8ac bl 0x187fde2bc
0x000000018c75a8b0 adrp x8, #0x19ebc5000
0x000000018c75a8b4 ldrsw x9, [x8, #0x494] ; _OBJC_IVAR_$_SKUIClientContext._storeFrontIdentifier
0x000000018c75a8b8 ldr x8, [x21, x9]
0x000000018c75a8bc str x0, [x21, x9]
0x000000018c75a8c0 mov x0, x8
0x000000018c75a8c4 bl 0x187fde2c4
0x000000018c75a8c8 b 0x18c75a8d4
0x000000018c75a8cc movz x25, #0x0 ; XREF=+[SKUIClientContext defaultContext]+536, +[SKUIClientContext defaultContext]+568
0x000000018c75a8d0 movz x21, #0x0
0x000000018c75a8d4 mov x0, x22 ; XREF=+[SKUIClientContext defaultContext]+608, +[SKUIClientContext defaultContext]+652
0x000000018c75a8d8 bl 0x187fde2c4
0x000000018c75a8dc mov x0, x25
0x000000018c75a8e0 bl 0x187fde2c4
0x000000018c75a8e4 mov x0, x20 ; XREF=+[SKUIClientContext defaultContext]+524
0x000000018c75a8e8 bl 0x187fde2c4
0x000000018c75a8ec mov x0, x19
0x000000018c75a8f0 bl 0x187fde2c4
0x000000018c75a8f4 mov x0, x21
0x000000018c75a8f8 ldp x29, x30, [sp, #0x50]
0x000000018c75a8fc ldp x20, x19, [sp, #0x40]
0x000000018c75a900 ldp x22, x21, [sp, #0x30]
0x000000018c75a904 ldp x24, x23, [sp, #0x20]
0x000000018c75a908 ldp x26, x25, [sp, #0x10]
0x000000018c75a90c ldp x28, x27, [sp], #0x60
0x000000018c75a910 b 0x187fde290
; endp
你在BL上下断,然后尝试p (char *)$x1;估计就像@Ourboros 说的那样,很多msgSend没有被识别出来
大概明白了,谢谢,所以说还是现成的工具有问题,还是得依靠动态实时的调试,那是最真实的代码,静态明显有问题。自己修改符号,那么多,那也太累了。我宁可选择动态调试,哈哈。
只是个偏移问题我估计。LC SYMTAB没有指向正确的符号表地址
大概怎么弄呢?有大致步骤吗,如果要自己动手的话
熟悉MachO结构的话就懂了。
不过这也不过是我猜测的错误起因
EDIT:
LC SYMTAB是个包含各个数据【比如符号的字符串表偏移和大小,etc】的结构体。实质是MachO头的一个LC
今天在一个网友的推荐下试了jtool这个工具,32bit解压后,基本上没有错误,效果好很多。64bit中BL后面的还是识别不出来,是红色的地址,但其他符号识别基本都是对的。不晓得是什么问题,看来暂时整个32bit的机器也是有必要的。
我也遇到这问题了,现在还有其它更好的解决方法吗?
你是怎么改的符号呢,可以详细点吗
我就改了几个没识别出来的objc_msgSend跳板, 主要是需要整个dyld cache拖进IDA