iddoeldor/frida-snippets

Using iOS Observe class frida hooking snippet , I am getting Exc-Bad Access.

jameswatt99 opened this issue · 0 comments

jameswatt99 commented

Code:

function observeClass(name) {
var k = ObjC.classes[name];
k.$ownMethods.forEach(function(m) {
var impl = k[m].implementation;
console.log('Observing ' + name + ' ' + m);
Interceptor.attach(impl, {
onEnter: function(a) {
this.log = [];
this.log.push('(' + a[0] + ',' + Memory.readUtf8String(a[1]) + ') ' + name + ' ' + m);
if (m.indexOf(':') !== -1) {
var params = m.split(':');
params[0] = params[0].split(' ')[1];
for (var i = 0; i < params.length - 1; i++) {
try {
this.log.push(params[i] + ': ' + new ObjC.Object(a[2 + i]).toString());
} catch (e) {
this.log.push(params[i] + ': ' + a[2 + i].toString());
}
}
}

            this.log.push(
                Thread.backtrace(this.context, Backtracer.ACCURATE)
                .map(DebugSymbol.fromAddress)
                .join('\n')
            );
        },

        onLeave: function(r) {
            try {
                this.log.push('RET: ' + new ObjC.Object(r).toString());
            } catch (e) {
                this.log.push('RET: ' + r.toString());
            }

            console.log(this.log.join('\n') + '\n');
        }
    });
});

}
setImmediate(observeClass('EKEventStore'));

Error Message:

  • thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1)
    frame #0: 0x1b7c1be2 libobjc.A.dylibobject_getClass + 4 libobjc.A.dylibobject_getClass:
    -> 0x1b7c1be2 <+4>: ldr r0, [r0]
    0x1b7c1be4 <+6>: movs r0, #0x0
    0x1b7c1be6 <+8>: bx lr

libobjc.A.dylib`object_setClass:
0x1b7c1be8 <+0>: push {r4, r5, r7, lr}