需求:过某手8.0.0反调试
**日志:Segmentation fault: 11
操作步骤: 1.debugserver可以附加其他进程,但是附加某手时出现错误
** 环境:某手ios 8.0.0
其他说明:1.使用monkeyapp载入是直接报错monkeydev Thread 1: EXC_BAD_ACCESS
2.使用tweak可以正常Hook函数
我记得某手是壳 + dylibs 的架构,反调试代码和主二进制在 Frameworks 里面
借楼问个问题:“我在使用 xia0LLDB 的 debugme 时,在 get_all_image_of_app 的 ret = exe_script(debugger, command_script) 发生错误:
Error [IRForTarget]: Couldn't resolve the class for an Objective-C static method call
有什么解决思路吗?
我把
command_script = r'''
@import Foundation;
NSLog(@"333333");
NSString *appDir = @"/var/containers/Bundle/Application/8DC1AA09-CAA3-40EE-B32B-EEDB97D76436/xxxxxx.app";
NSMutableString* retStr = [NSMutableString string];
uint32_t count = (uint32_t)_dyld_image_count();
for(uint32_t i = 0; i < count; i++){
char* curModuleName_cstr = (char*)_dyld_get_image_name(i);
long slide = (long)_dyld_get_image_vmaddr_slide(i);
uintptr_t baseAddr = (uintptr_t)_dyld_get_image_header(i);
NSString* curModuleName = @(curModuleName_cstr);
if([curModuleName containsString:appDir]) {
[retStr appendString:(id)[@(i) stringValue]];
[retStr appendString:@","];
[retStr appendString:@(curModuleName_cstr)];
[retStr appendString:@"#"];
}
}
retStr
'''
改成
command_script = r'''
@import Foundation;
NSLog(@"333333");
'''
也会报相同的错误。
代码是 Git 上最新的,系统是 iOS13 的 checkra1n 越狱(使用 iOS 12.4 系统一样会有问题),Xcode 版本是 12.0.1”
大神你成功了吗?