Custom hooks causing traced app to crash
KiranPanesar opened this issue · 7 comments
I've created a custom hook to trace NSString's +stringWithFormat method. Seeing as there is no README or wiki post on how to do this, I followed the UIPasteboard hook. Here are the steps I have taken:
- Create an
NSStringHooks.xmin the/hooksdirectory. That file looks like this. - Added a method to
PlistObjectConverterto convert NSString data. Those files look like this. Line 527 is the beginning of the implementation of+convertNSString:. - Added the
NSStringHookstoTweak.xmi. That file looks like this. Line 159 is where I am initialising theNSStringHooksgroup.
When I run make package in the /src directory, a deb file is successfully created. I can SFTP that to my device and successfully run dpkg -i introspy.deb to install the custom build onto my device. But when I open an app for which I have enabled tracing, it crashes on launch.
Troubleshooting
- I have removed the
NSStringHookstweak altogether, built it usingmake packageand then installed it. That works fine. No crashes when launching a traced app. - I have added
NSStringHooksback in (using the above steps), except I removed all tracing logic from NSStringHooks.xm. So all it was doing was intercepting the call and then passing it straight to the original method. This still causes a crash on the device.
I feel like I am missing a step, because I can't get my custom trace's toggle to show up under the Introspy Settings. The Introspy2.plist files seem to be generated by the make routine, so any changes I make there to add a toggle are overwritten.
Can any contributors see what I am missing in my setup of a custom hook?
Once I've got all this figured out, I'll create a concise list of steps and add it to the README/Wiki.
I'm not 100% sure but I'm guessing your hook to +stringWithFormat is doing an infinite recursion. Somewhere in your hook is making a call to +stringWithFormat so it hooks again and again. But it's just a theory.
Another theory is it may not be hooking the right class name. I experienced a crash when I was hooking NSURLSession. See #32
Can you share any crash/exception logs?
Additionally, you don't need convertNSString: as the PlistObjectConverter's methods are simply to convert non-stringable objects into helpful strings/dictionaries. Simply call -[addArgFromPlistObject:@"thestring" withKey:@"paramName"]
Also, +stringWithFormat is a complex method that accepts variadic parameters. Try hooking a simpler method with definite number of parameters like - lengthOfBytesUsingEncoding: or - getCharacters:range:.
I am not sure how to hook variadic functions. This may not be an Introspy problem but a theos limitation like #32.
@radj Thanks for the tip! A couple of things:
- You were right! I tried hooking into the
-lengthmethod on__NSCFStringand it worked. When It try and hook into-lengthonNSStringit crashes. When I use the runtime to print out the class methods of NSString,-lengthis not there (but it is for__NSCFString). - However,
__NSCFStringdoesn't have the+stringWithFormatmethod. NSString is the one who defines and implements this (confirmed by inspecting that class at runtime).
3) I tried hooking+stringWithString:onNSString, which is also defined and implemented inNSStringand it worked perfectly! I can see it printed out to the console.
Now I just need to figure out how I can do variadic parameters.
I created a demo iOS app. Pretty much the only thing it does is call [NSString stringWithFormat:@"asd"];. Ran it through Xcode, put down Exception Breakpoints and grabbed the backtrace using LLDB. Here's the trace of the crashing thread.
Closing this and opening a more relevant issue (#35)
I want to find an important key in an app , so the only way , that I know is make a hook on nsstringwithformat method , but it's not working!
so do you have any idea to find that key ?
the application make a MD5 from mixed key (A-B-C) so I need to find the value of A-B -C
thank you
@KiranPanesar how can I make a hook on nsstringwithformat ?
any idea ?