Custom hooks causing traced app to crash
KiranPanesar opened this issue · 7 comments
I've created a custom hook to trace NSString
's +stringWithFormat
method. Seeing as there is no README or wiki post on how to do this, I followed the UIPasteboard hook. Here are the steps I have taken:
- Create an
NSStringHooks.xm
in the/hooks
directory. That file looks like this. - Added a method to
PlistObjectConverter
to convert NSString data. Those files look like this. Line 527 is the beginning of the implementation of+convertNSString:
. - Added the
NSStringHooks
toTweak.xmi
. That file looks like this. Line 159 is where I am initialising theNSStringHooks
group.
When I run make package
in the /src directory, a deb
file is successfully created. I can SFTP that to my device and successfully run dpkg -i introspy.deb
to install the custom build onto my device. But when I open an app for which I have enabled tracing, it crashes on launch.
Troubleshooting
- I have removed the
NSStringHooks
tweak altogether, built it usingmake package
and then installed it. That works fine. No crashes when launching a traced app. - I have added
NSStringHooks
back in (using the above steps), except I removed all tracing logic from NSStringHooks.xm. So all it was doing was intercepting the call and then passing it straight to the original method. This still causes a crash on the device.
I feel like I am missing a step, because I can't get my custom trace's toggle to show up under the Introspy Settings. The Introspy2.plist
files seem to be generated by the make
routine, so any changes I make there to add a toggle are overwritten.
Can any contributors see what I am missing in my setup of a custom hook?
Once I've got all this figured out, I'll create a concise list of steps and add it to the README/Wiki.
I'm not 100% sure but I'm guessing your hook to +stringWithFormat
is doing an infinite recursion. Somewhere in your hook is making a call to +stringWithFormat
so it hooks again and again. But it's just a theory.
Another theory is it may not be hooking the right class name. I experienced a crash when I was hooking NSURLSession
. See #32
Can you share any crash/exception logs?
Additionally, you don't need convertNSString:
as the PlistObjectConverter
's methods are simply to convert non-stringable objects into helpful strings/dictionaries. Simply call -[addArgFromPlistObject:@"thestring" withKey:@"paramName"]
Also, +stringWithFormat
is a complex method that accepts variadic parameters. Try hooking a simpler method with definite number of parameters like - lengthOfBytesUsingEncoding:
or - getCharacters:range:
.
I am not sure how to hook variadic functions. This may not be an Introspy problem but a theos limitation like #32.
@radj Thanks for the tip! A couple of things:
- You were right! I tried hooking into the
-length
method on__NSCFString
and it worked. When It try and hook into-length
onNSString
it crashes. When I use the runtime to print out the class methods of NSString,-length
is not there (but it is for__NSCFString
). - However,
__NSCFString
doesn't have the+stringWithFormat
method. NSString is the one who defines and implements this (confirmed by inspecting that class at runtime).
3) I tried hooking+stringWithString:
onNSString
, which is also defined and implemented inNSString
and it worked perfectly! I can see it printed out to the console.
Now I just need to figure out how I can do variadic parameters.
I created a demo iOS app. Pretty much the only thing it does is call [NSString stringWithFormat:@"asd"];
. Ran it through Xcode, put down Exception Breakpoints and grabbed the backtrace using LLDB. Here's the trace of the crashing thread.
Closing this and opening a more relevant issue (#35)
I want to find an important key in an app , so the only way , that I know is make a hook on nsstringwithformat method , but it's not working!
so do you have any idea to find that key ?
the application make a MD5 from mixed key (A-B-C) so I need to find the value of A-B -C
thank you
@KiranPanesar how can I make a hook on nsstringwithformat ?
any idea ?