Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom hooks causing traced app to crash #34

Closed
KiranPanesar opened this issue Apr 15, 2015 · 7 comments
Closed

Custom hooks causing traced app to crash #34

KiranPanesar opened this issue Apr 15, 2015 · 7 comments

Comments

@KiranPanesar
Copy link

I've created a custom hook to trace NSString's +stringWithFormat method. Seeing as there is no README or wiki post on how to do this, I followed the UIPasteboard hook. Here are the steps I have taken:

  1. Create an NSStringHooks.xm in the /hooks directory. That file looks like this.
  2. Added a method to PlistObjectConverter to convert NSString data. Those files look like this. Line 527 is the beginning of the implementation of +convertNSString:.
  3. Added the NSStringHooks to Tweak.xmi. That file looks like this. Line 159 is where I am initialising the NSStringHooks group.

When I run make package in the /src directory, a deb file is successfully created. I can SFTP that to my device and successfully run dpkg -i introspy.deb to install the custom build onto my device. But when I open an app for which I have enabled tracing, it crashes on launch.

Troubleshooting

  • I have removed the NSStringHooks tweak altogether, built it using make package and then installed it. That works fine. No crashes when launching a traced app.
  • I have added NSStringHooks back in (using the above steps), except I removed all tracing logic from NSStringHooks.xm. So all it was doing was intercepting the call and then passing it straight to the original method. This still causes a crash on the device.

I feel like I am missing a step, because I can't get my custom trace's toggle to show up under the Introspy Settings. The Introspy2.plist files seem to be generated by the make routine, so any changes I make there to add a toggle are overwritten.

Can any contributors see what I am missing in my setup of a custom hook?

Once I've got all this figured out, I'll create a concise list of steps and add it to the README/Wiki.
@radj
Copy link

radj commented Apr 15, 2015

I'm not 100% sure but I'm guessing your hook to +stringWithFormat is doing an infinite recursion. Somewhere in your hook is making a call to +stringWithFormat so it hooks again and again. But it's just a theory.

Another theory is it may not be hooking the right class name. I experienced a crash when I was hooking NSURLSession. See #32

Can you share any crash/exception logs?

Additionally, you don't need convertNSString: as the PlistObjectConverter's methods are simply to convert non-stringable objects into helpful strings/dictionaries. Simply call -[addArgFromPlistObject:@"thestring" withKey:@"paramName"]

@radj
Copy link

radj commented Apr 15, 2015

Also, +stringWithFormat is a complex method that accepts variadic parameters. Try hooking a simpler method with definite number of parameters like - lengthOfBytesUsingEncoding: or - getCharacters:range:.

I am not sure how to hook variadic functions. This may not be an Introspy problem but a theos limitation like #32.

@KiranPanesar
Copy link
Author

@radj Thanks for the tip! A couple of things:

  1. You were right! I tried hooking into the -length method on __NSCFString and it worked. When It try and hook into -length on NSString it crashes. When I use the runtime to print out the class methods of NSString, -length is not there (but it is for __NSCFString).
  2. However, __NSCFString doesn't have the +stringWithFormat method. NSString is the one who defines and implements this (confirmed by inspecting that class at runtime).
    3) I tried hooking +stringWithString: on NSString, which is also defined and implemented in NSString and it worked perfectly! I can see it printed out to the console.

Now I just need to figure out how I can do variadic parameters.

@KiranPanesar
Copy link
Author

I created a demo iOS app. Pretty much the only thing it does is call [NSString stringWithFormat:@"asd"];. Ran it through Xcode, put down Exception Breakpoints and grabbed the backtrace using LLDB. Here's the trace of the crashing thread.

@KiranPanesar
Copy link
Author

Closing this and opening a more relevant issue (#35)

@mfarhand-sa
Copy link

I want to find an important key in an app , so the only way , that I know is make a hook on nsstringwithformat method , but it's not working!

so do you have any idea to find that key ?
the application make a MD5 from mixed key (A-B-C) so I need to find the value of A-B -C
thank you

@mfarhand-sa
Copy link

@KiranPanesar how can I make a hook on nsstringwithformat ?
any idea ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@radj @KiranPanesar @mfarhand-sa