使用Hopper查看需要hook的函示为下面
/* @class _TtC13hookdemoswift14ViewController */
-(void)btnClick:(void *)arg2 {
[self retain];
Swift._bridgeAnyObjectToAny();
r0 = sub_100007a04(0x1000118a8);
r0 = swift_allocObject(r0, 0x40, 0x7);
r8 = *type metadata for Swift.String;
*(int128_t *)(r0 + 0x10) = *0x100009ea0;
*(r0 + 0x38) = r8;
*(int128_t *)(r0 + 0x20) = 0x6f57206f6c6c6548;
*(int128_t *)(r0 + 0x28) = 0xeb00000000646c72;
Swift.print();
swift_release(r19);
sub_100007a40(&stack[-64]);
[r20 release];
return;
}
透过monkey的logos tweak去hook,.xm档案的程式码如下
// See http://iphonedevwiki.net/index.php/Logos
#if TARGET_OS_SIMULATOR
#error Do not support the simulator, please use the real iPhone Device.
#endif
#import <UIKit/UIKit.h>
#import <Foundation/Foundation.h>
//@interface _TtC9DEMOswift14ViewController:UIViewController
//@end
%hook hookdemoswift.ViewController
-(void)btnClick:(void *)arg2 {
%orig;
%log;
// 在hook方法中添加您的自定义逻辑
NSLog(@"Hooked buttonforhook:");
// 调用原始方法
return;
}
%end
.xm的程式透过monkeydev app测试是可以正常hook的
被hook的手机为ios14.6版本,
会发生
Thread 1: EXC_BAD_ACCESS (code=2, address=0x104b2be94)的错误,如何解决,但是ios13版本得iphone不会发生
詳細錯誤
#0 0x000000010079fe38 in _logosLocalInit() at /Users/user/Desktop/testhook2/testhook2/testhook2.xm:27
#1 0x0000000100933880 in ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) ()
#37 0x0000000100919038 in _dyld_start ()
