iphone - How can I get SEL (@selector()) from object file (Mach-o)? how SEL stored in Mach-o? -


from objc sources can see sel defined typedef struct objc_selector *sel;

i have disassembly dylib idaq, , did finde call of _mshookmessageex function, linked libsubstrate.dylib

_mshookmessageex has following signature

void mshookmessageex(class class, sel selector, imp replacement, imp *result);

so can assume in source code there @selector(somemethod:) second parameter

in data section of object file can see cfstrings used in source code

enter image description here

but there not selector string here, can see @selector() not converted static cfstring

i interested find string representations of selector , class passed _mshookmessageex function.

how can sel (@selector()) object file (mach-o)? how sel stored in mach-o?

thank you!

update:

i did finde there strings in ida method representation before calling methods

enter image description here

i guess there selectors passed in functions. right?

selector names stored in __objc_methname section of __text segment:

:; otool -v -s __text __objc_methname /system/library/frameworks/appkit.framework/appkit | head /system/library/frameworks/appkit.framework/appkit: contents of (__text,__objc_methname) section 0x000000000097cbd8  count 0x000000000097cbde  countbyenumeratingwithstate:objects:count: 0x000000000097cc09  alloc 0x000000000097cc0f  initwithobjects:count: 0x000000000097cc26  release 0x000000000097cc2e  autorelease 0x000000000097cc3a  copy 0x000000000097cc3f  timeintervalsincenow

pointers selectors stored in __objc_selrefs section of __data segment:

:; otool -v -s __data __objc_selrefs /system/library/frameworks/appkit.framework/appkit | head /system/library/frameworks/appkit.framework/appkit: contents of (__data,__objc_selrefs) section 0x0000000000d77d80  __text:__objc_methname:initwithobjects:count: 0x0000000000d77d88  __text:__objc_methname:copy 0x0000000000d77d90  __text:__objc_methname:timeintervalsincenow 0x0000000000d77d98  __text:__objc_methname:sharedappleeventmanager 0x0000000000d77da0  __text:__objc_methname:_preparefordispatch 0x0000000000d77da8  __text:__objc_methname:_setlaunchtaskmaskbits: 0x0000000000d77db0  __text:__objc_methname:_disablesuddentermination 0x0000000000d77db8  __text:__objc_methname:_appleeventactivationinprogress

a sel in source code (currently) pointer c string name of selector. if write this:

sel s = @selector(initwithobjects:count:);

then s char const *, , points string initwithobjects:count:. until recently, print selector name doing this:

nslog(@"selector %s", (char *)s);

however, apple changed compiler (as of xcode 4.6 believe) disallow casting sel char *, may change selector implementation in future.

anyway, tricky part machine code loads pointer __objc_selrefs section using pc-relative addressing. pc “program counter”, address of currently-executing instruction. on x86 architectures it's called ip (instruction pointer) or eip (extended ip).

that's what's going on in relevant instructions of disassembly:

1444    ldr r1, =(off_2038 - 0x145c)         ... 1454    ldr r1, (pc,r1)

the pointer selector loaded word @ address 0x2038. constant 0x2038 doesn't appear in machine code. disassembler has helpfully computed you, analyzing data flow of program. constant stored in first ldr instruction 0xbdc, because 0xbdc + 0x145c = 0x2038.

you might wonder why it's using 0x145c when second ldr instruction @ address 0x1454. when arm processor computes address using pc-relative addressing, value of pc address of executing instruction plus 4 or plus 8 (depending on processor mode). this documented here (and other places).


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more