Geek Answers Handbook

MobileSubstrate: MSHookFunction example

I am trying to write a MobileSubstrate plugin that connects to a C method. I tried to edit the famous "ExampleHook" by simply writing a demo version of MSHook and connecting it in the Initialize method. This is probably too optimistic and it will not work. But I can not find a single simple example of MSHookFunction (). There is little information about this on the Internet. Perhaps I did not understand the whole concept of MSHookFunction.

Please can someone help me with a little code example? I would deeply appreciate any help.

Regards, Marc Backes

+4
source share
1 answer

I understand that you have found this, but I am posting this answer to help anyone else.

A simple example can be found in the MobileSubstrate article on the iPhone Dev Wiki, and the actual example of this in the project is on this bit of the Faker user agent.

But what is an answer without an actual explanation? Therefore we go!

void MSHookFunction(void* function, void* replacement, void** p_original); is a function definition for MSHookFunction , a magic function that makes your X() function contain Y() , for example.

That is, when the program is usually called X() , the call will be redirected to Y() . This is pretty much the main explanation for function interpolation.

Now, what are the options and their usefulness?

  • function is a pointer to the function you want to insert. This would be a pointer to X() in our brief explanation.
  • replacement is a pointer to the function with which you want to set the function . In our brief explanation, this will be a function pointer to Y() .

  • p_original is a pointer to a function pointer, which will now indicate that there used to be a function .

    The reason is that it is simple: if you intend to modify the behavior, but not suppress it, you still need to name what was X() . But a generic call to X() will not work as intended, as this will result in a call to Y() instead of the standard function .

    Therefore, you have a function pointer to call X() , as if it were not inserted.

Now, explaining the devwiki example:

 static void (*original_CFShow)(CFTypeRef obj); // a function pointer to store the original CFShow(). void replaced_CFShow(CFTypeRef obj) { // our replacement of CFShow(). printf("Calling original CFShow(%p)...", obj); original_CFShow(obj); // calls the original CFShow. printf(" done.\n"); } ... // hook CFShow to our own implementation. MSHookFunction(CFShow, replaced_CFShow, &original_CFShow); // From now on any call to CFShow will pass through replaced_CFShow first. ... CFShow(CFSTR("test"));

We are here:

  • Pass a pointer to CFShow , the function we want to change the default behavior from the function parameter.
  • Pass the pointer to the newly created replaced_CFShow function as the replacement parameter. That is, whenever CFShow is called by default, replaced_CFShow will be called instead.
  • We pass the pointer to the pointer to the original_CFShow function as the p_original parameter. Since we still want CFShow things to continue to execute on their own in our replacement function, we call this.
+9
source

More articles:


All Articles