-
Notifications
You must be signed in to change notification settings - Fork 92
Scanner objc msg xref
高级页面仔 edited this page Aug 2, 2020
·
2 revisions
- Add analyzer for sub_XXX, such as wrappers and block invokers. But there are still many problems to be solved:
- When we simulate a block invoker call, we cannot get the capture list from stack since we are not the real caller.
- sub_XXX may not have a function signature, so we cannot infer many calls from args.
Scan for All objc_msgSend XREFs.
iblessing -m scan -i objc-msg-xref -f <path-to-binary>
iblessing -m scan -i objc-msg-xref -f WeChat -d 'antiWrapper=1'
The anti-wrapper mode will detect objc_msgSend wrappers and make transforms, such as:
; __int64 __usercall objc_msgSend_X0_X22_X20@<X0>(void *obj@<X0>, const char *sel@<X22>, id anyObj@<X20>, ...)
objc_msgSend_X0_X22_X20:
MOV X1, X22
MOV X2, X20
B objc_msgSend