前言
我之前一直使用本文的方法定位按钮的action事件,但如果你想提高定位效率,可以直接使用python脚本进行定位;
推荐两个开源框架
两个开源库:
[DerekSelander](https://github.com/DerekSelander)/**LLDB**、Chisel
Chisel is a collection of LLDB commands to assist debugging iOS apps.
brew update brew install chiselAdd the following line to ~/.lldbinit to load chisel when Xcode launches: command script import /usr/local/opt/chisel/libexec/fblldb.pyA collection of LLDB aliases/regexes and Python scripts to aid in your debugging sessions
➜ lldb git clone git@github.com:DerekSelander/LLDB.git Add the following command to your ~/.lldbinit file: command script import /path/to/lldb_commands/dslldb.py
使用python脚本之后,就不用通过po 按钮的方法3次进行定位,而只需pactions 一次就行了
I、在逆向分析中的应用
1.1 步骤1: 利用cy 找到对应的按钮地址
[UIWindow keyWindow].recursiveDescription().toString()展开views结构[UIWindow keyWindow].recursiveDescription().toString()
\u4e8c\u7ef4\u7801\u6536\u6b3e 进行搜索找到对应按钮
| | | | | | | | | | | <WCPayOfflinePayBottomButton: 0x170bab80; baseClass =
1.2 步骤2:寻找 点击按钮对应的执行方法
UIButton 是继承 UIControl 的,而 UIControl 的话可以通过allTargets 与 allControlEvents查看所有的对象与事件,再使用actionsForTarget:forControlEvent:从而找到触发的方法
- (nullable NSArray<NSString *> *)actionsForTarget:(nullable id)target forControlEvent:(UIControlEvents)controlEvent; // single event. returns NSArray of NSString selector names. returns nil if none
- allTargets
cy# [#0x17a9cad0 allTargets]
[NSSet setWithArray:@[#"<WeixinContactInfoAssist: 0x174eb8b0>"]]]
- allControlEvents
cy# [#0x17a9cad0 allControlEvents]
64
- actionsForTarget: forControlEvent
cy# [#0x17a9cad0 actionsForTarget:#0x174eb8b0 forControlEvent:64]
@["onVerifyContactOk"]
- 最终确定:
WeixinContactInfoAssist WeixinContactInfoAssist:
- (void)onVerifyContactOk;
-
1.3 小结
- 获取allTargets
cy# [[#0x170bab80 allTargets] allObjects][0] #"<WCPayOfflinePayViewController: 0x1642b200>"- 获取 actions
cy# [#0x170bab80 actionsForTarget:[[#0x170bab80 allTargets] allObjects][0] forControlEvent:[#0x170bab80 allControlEvents]] @["receiveMoneyBtnPress:"]
- cy# [#0x189ce7e0 setHidden:0]
验证是否找对了view
1.3.1 进行验证方法
- objc_msgSend
objc_msgSend(vc, @selector(initView));- []
cy# [[[#0x170bab80 allTargets] allObjects][0] receiveMoneyBtnPress:nil]- valueForKey
cy# [[#0x183d6e00 valueForKey:@"m_delegate"] WCPayFacingReceiveChangeToFixedAmount]
1.4 相关code
1.4.1 ContactInfoViewController
- cy# [#0x16b60600 _ivarDescription].toString()
CBaseContactInfoAssist *m_oContactInfoAssist;
CContact *m_contact;
\tm_uiVerify (unsigned long): <01000000>
\tm_contact (CContact*): <CPushContact: 0x177450d0>
\tm_oContactInfoAssist (CBaseContactInfoAssist*): <WeixinContactInfoAssist: 0x174eb8b0>
- 书写
tweak``` %hook ContactInfoViewController- (void)viewWillAppear:(BOOL)arg1 { %orig;
Ivar mDelegateVar = class_getInstanceVariable(objc_getClass("ContactInfoViewController"), "m_oContactInfoAssist");
WeixinContactInfoAssist * mDelegate = object_getIvar(self, mDelegateVar);
[mDelegate onAction];
Ivar mDelegateVar1 = class_getInstanceVariable(objc_getClass("ContactInfoViewController"), "m_contact");
}
# II、基础知识、概念
##### 2.1 UIControl
NS_CLASS_AVAILABLE_IOS(2_0) @interface UIControl : UIView
// send the action. the first method is called for the event and is a point at which you can observe or override behavior. it is called repeately by the second.
- (void)sendAction:(SEL)action to:(nullable id)target forEvent:(nullable UIEvent *)event;
- (void)sendActionsForControlEvents:(UIControlEvents)controlEvents; // send all actions associated with events ```
2.2 UIButton
NS_CLASS_AVAILABLE_IOS(2_0) @interface UIButton : UIControl <NSCoding>
2.3 iOS 代码触发button点击事件
cy# [#0x18c0ad10 sendActionsForControlEvents:UIControlEventTouchUpInside]
[btn sendActionsForControlEvents:UIControlEventTouchUpInside];
