iphone - Can mobilesubstrate hook this? -


i want hook function called png_handle_ihdr declared locally in imageio framework. used mobilesafari filter. while calling original function, mobilesafari crashes. upon inspection of nslog, this:

jun  5 17:21:08 unknown mobilesafari[553] <warning>: dlopen imageio success! jun  5 17:21:08 unknown mobilesafari[553] <warning>: zeroing of nlist success! jun  5 17:21:08 unknown mobilesafari[553] <warning>: method name assigned! jun  5 17:21:08 unknown mobilesafari[553] <warning>: nlist success! nlsetting.. jun  5 17:21:08 unknown mobilesafari[553] <warning>: nlset success! hooking.. jun  5 17:21:09 unknown mobilesafari[553] <warning>: png ihdr handle hooking! jun  5 17:21:09 unknown uikitapplication:com.apple.mobilesafari[0x819][553] <notice>: libpng error: invalid ihdr chunk jun  5 17:21:09 unknown reportcrash[554] <notice>: formulating crash report process mobilesafari[553] jun  5 17:21:09 unknown com.apple.launchd[1] <warning>: (uikitapplication:com.apple.mobilesafari[0x819]) job appears have crashed: abort trap: 6 jun  5 17:21:09 unknown springboard[530] <warning>: application 'safari' exited abnormally signal 6: abort trap: 6

i gathered got function prototype of png_handle_ihdr wrong. following code in tweak:

#import <corefoundation/corefoundation.h> #include <substrate.h>  #define imageio "/system/library/frameworks/imageio.framework/imageio"  void (*png_handle_ihdr)();  mshook(void, png_handle_ihdr){     nslog(@"png ihdr handle hooking!\n");     _png_handle_ihdr(); //crashed here!!     nslog(@"png ihdr handle hooking finished!\n");  }  template <typename type_> static void nlset(type_ &function, struct nlist *nl, size_t index) {     struct nlist &name(nl[index]);     uintptr_t value(name.n_value);     if ((name.n_desc & n_arm_thumb_def) != 0)         value |= 0x00000001;     function = reinterpret_cast<type_>(value); }  msinitialize {          if (dlopen(imageio, rtld_lazy | rtld_noload)!=null)         {                        nslog(@"dlopen imageio success!\n");                 struct nlist nl[2];                 bzero(&nl, sizeof(nl));                 nslog(@"zeroing of nlist success!\n");                 nl[0].n_un.n_name = (char*) "_png_handle_ihdr";                  nslog(@"method name assigned!\n");                 nlist(imageio,nl);                 nslog(@"nlist success! nlsetting..\n");                 nlset(png_handle_ihdr, nl, 0);                   nslog(@"nlset success! hooking..\n");                 mshookfunction(png_handle_ihdr,mshake(png_handle_ihdr));         }         }

my makefile such:

include theos/makefiles/common.mk  tweak_name = privatefunctiontest privatefunctiontest_files = tweak.xm  include $(theos_make_path)/tweak.mk privatefunctiontest_frameworks = uikit imageio coregraphics foundation corefoundation

edit: question is, knowing original function arguments necessary successful hook? if yes, getting function prototype disassembly way? there no definition of in of sdk headers. thanks.

ok, decompiled function , function prototype guessed decompiler. long parameters , return type broadly matched e.g. bool : int, unsigned int : int, still works without killing execution. works:

int *png_handle_ihdr(int a1, int a2, int a3);  mshook(int, png_handle_ihdr, int a1, int a2, int a3){      nslog(@"png_handle_ihdr(%d,%d,%d)", a1,a2,a3);     int val = _png_handle_ihdr(a1,a2,a3);     nslog(@"png ihdr handle hooking finished, returning %d result!", val);     return val;  }

Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more