Hello, I was trying to use MobileHooker according the example in the book:
MSImageRef image = MSGetImageByName("/Applications/iOSRETargetApp.app/iOSRETargetApp"); NSLog(@"iOSRE Image addr: %@", image); ... void *__ZN8CPPClass11CPPFunctionEPKc = MSFindSymbol(image, "__ZN8CPPClass11CPPFunctionEPKc");
My problem is that the call from MSGetImageByName always returns NULL. The permissions should be correct and I can see the symbols in IDA or with nm.
root# ls -l /Applications/iOSRETargetApp.app/iOSRETargetApp -rwxr-xr-x 1 mobile staff 134368 Dec 20 10:33 /Applications/iOSRETargetApp.app/iOSRETargetApp $ nm iOSRETargetApp | grep __ZN8CPPClass11CPPFunctionEPKc 0000a678 T __ZN8CPPClass11CPPFunctionEPKc 000000010000652c T __ZN8CPPClass11CPPFunctionEPKc
After I kill the SpringBoard, it writes to syslog:
SpringBoard: iOSRE Image addr: (null)
Anyone with the same problem or possible solution? I use iOS 8.2.