我写了个更加简单的例子,发现现在的 MSHookFunction 确实能够 Hook 到短函数了。
// App
// YTRootViewController.mm
#import "YTRootViewController.h"
extern "C" void ShortCFunction(const char * arg0) {
NSLog(@"==== CShortFunction: %s", arg0);
}
@implementation YTRootViewController
- (void)loadView {
[super loadView];
ShortCFunction("This is a short C function!");
}
@end// Tweak
// Tweak.xm
#import <substrate.h>
void (*old_ShortCFunction) (const char *);
void new_ShortCFunction(const char *arg0) {
old_ShortCFunction("This is a hijacked short C function!");
}
%ctor
{
@autoreleasepool {
MSImageRef image = MSGetImageByName("/Application/shortFunction.app/shortFunction");
void *_ShortCFunction = MSFindSymbol(image, "_ShortCFunction");
if (_ShortCFunction) {
NSLog(@"====== Find Short C Function!");
}
MSHookFunction((void*)_ShortCFunction, (void*)&new_ShortCFunction, (void **)&old_ShortCFunction);
}
}结果打印出来为:
Jul 1 15:26:22 ChenSH shortFunction[1373]: ====== Find Short C Function!
Jul 1 15:26:23 ChenSH shortFunction[1373]: ==== CShortFunction: This is a hijacked short C function!
我想这应该可以说明确实可以Hook到短函数了吧?