发表新帖
发表新帖

MobileSubstrate: MSHookFunction example

后端 未结
关注
1 1664
渐次进展
渐次进展 2021-02-10 18:42

I am trying to write a MobileSubstrate plugin which hooks into a C-method. I tried to edit the famous \"ExampleHook\", by just writing a demo MSHook and hook it in the Initializ

相关标签:
1条回答
  • 忘掉有多难
    2021-02-10 18:46

    I realize you have found this, but I am posting this answer to help whoever else may be needing this.

    A simple example can be found at the MobileSubstrate article on the iPhone Dev Wiki, and an actual example of this in a project is at this bit of User Agent Faker.

    But what is an answer without an actual explanation? Therefore, here we go!

    void MSHookFunction(void* function, void* replacement, void** p_original); is the function definition for MSHookFunction, the magic function which causes your function X() to be interposed by Y(), for instance.

    That is, when a program commonly would call X(), the call will be redirected to Y() instead. This is pretty much a basic explanation of function interposing.

    Now, what are the parameters, and their usefulness?

    • function is a function pointer to the function you want to interpose. That would be a function pointer to X(), in our quick explanation.
    • replacement is a function pointer to the function you want function to be interposed with. In our quick explanation, that would be a function pointer to Y().

    • p_original is a pointer to a function pointer, which from now on will point to what function used to be.

      The reason this is there is simple: If you intend to modify behavior, but not suppress it, you'll still need to call what X() used to be. But a common call to X() wouldn't work as intended, as it would end calling Y() instead of the default function.

      Therefore, you have a function pointer to call X() as if it wasn't interposed.

    Now, explaining the devwiki example:

    static void (*original_CFShow)(CFTypeRef obj);  // a function pointer to store the original CFShow().
void replaced_CFShow(CFTypeRef obj) {           // our replacement of CFShow().
  printf("Calling original CFShow(%p)...", obj);
  original_CFShow(obj);                         // calls the original CFShow.
  printf(" done.\n");
}
...
// hook CFShow to our own implementation.
MSHookFunction(CFShow, replaced_CFShow, &original_CFShow);
// From now on any call to CFShow will pass through replaced_CFShow first.
...
CFShow(CFSTR("test"));

    Here, we:

    1. Pass a pointer to CFShow, the function we want to change default behavior from as the function parameter.
    2. Pass a pointer to the function we just created, replaced_CFShow as the replacement parameter. That is, whenever CFShow would be called by default, replaced_CFShow will be called instead.
    3. We pass a pointer to the original_CFShow function pointer as the p_original parameter. Since we still want the things CFShow still does by itself to be done inside our replacement function, we call it.
    0 讨论(0)
 看不清?
提交回复
热议问题