-
使用tweak創(chuàng)建工程
? tweak /opt/theos/bin/nic.pl NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/activator_event [2.] iphone/application_modern [3.] iphone/cydget [4.] iphone/flipswitch_switch [5.] iphone/framework [6.] iphone/ios7_notification_center_widget [7.] iphone/library [8.] iphone/notification_center_widget [9.] iphone/preference_bundle_modern [10.] iphone/tool [11.] iphone/tweak [12.] iphone/xpc_service Choose a Template (required): 11 Project Name (required): MyFirstRePoject Package Name [com.yourcompany.myfirstrepoject]: com.iosre.myfirstrepoject Author/Maintainer Name [chenzhou]: chuck [iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: com.apple.springboard [iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: SpringBoard Instantiating iphone/tweak in myfirstrepoject/... Done.- Choose a Template (required): 選擇tweak工程
- Project Name (required): 工程名
- Package Name [com.yourcompany.myfirstrepoject]: deb包的名字
- Author/Maintainer Name [chenzhou]: 作者
- [iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: tweak作用對象的bundle indentifier
- [iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: tweak安裝完成后需要重啟的應(yīng)用
-
tweak 工程目錄結(jié)構(gòu)介紹
- Makefile
默認(rèn)文件信息: // 工程包含的通用頭文件 include $(THEOS)/makefiles/common.mk // 創(chuàng)建工程時(shí)指定的“Project Name梯码,指定好之后一般不要再更改 TWEAK_NAME = MyFirstReProject // tweak包含的源文件宝泵,指定多個(gè)文件時(shí)用空格隔開 MyFirstReProject_FILES = Tweak.xm // tweak工程的頭文件,一般有application.mk轩娶、tweak.mk和tool.mk幾類 include $(THEOS_MAKE_PATH)/tweak.mk // 指定tweak安裝之后儿奶,需要做的事情,這里是殺掉SpringBoard進(jìn)程 after-install:: install.exec "killall -9 SpringBoard" 補(bǔ)充: // 編譯debug或者release DEBUG = 0 // 越獄iPhone的ip地址 THEOS_DEVICE_IP = 192.168.1.113 // 指定支持的處理器架構(gòu) ARCHS = armv7 arm64 // 指定需要的SDK版本iphone:Base SDK:Deployment Target TARGET = iphone:latest:8.0 //最新的SDK鳄抒,程序發(fā)布在iOS8.0以上 // 導(dǎo)入框架闯捎,多個(gè)框架時(shí)用空格隔開 MyFirstReProject_FRAMEWORKS = UIKit MyFirstReProject_PRIVATE_FRAMEWORKS = AppSupport // 鏈接libsqlite3.0.dylib、libz.dylib和dylib1.o MyFirstReProject_LDFLAGS = -lz –lsqlite3.0 –dylib1.o // make clean clean:: rm -rf ./packages/*-
tweak文件
- xm中的x代表這個(gè)文件支持logos語法许溅,如果后綴名單獨(dú)是一個(gè)x說明源文件支持logos和c語法瓤鼻;如果后綴名是xm,說明源文件支持logos和c/c++語法闹司。
- %hook指定需要hook的class娱仔,必須以%end結(jié)尾
- %log該指令在%hook內(nèi)部是使用,將函數(shù)名的類名游桩、參數(shù)等信息寫入syslog牲迫,Cydia內(nèi)搜索安裝syslog
- %orig該指令在%hook內(nèi)部使用耐朴,執(zhí)行被鉤住(hook)的函數(shù)的原始代碼盹憎。
- tewak工程創(chuàng)建的代碼
/* How to Hook with Logos Hooks are written with syntax similar to that of an Objective-C @implementation. You don't need to #include <substrate.h>, it will be done automatically, as will the generation of a class list and an automatic constructor. %hook ClassName // Hooking a class method + (id)sharedInstance { return %orig; } // Hooking an instance method with an argument. - (void)messageName:(int)argument { %log; // Write a message about this call, including its class, name and arguments, to the system log. %orig; // Call through to the original function with its original arguments. %orig(nil); // Call through to the original function with a custom argument. // If you use %orig(), you MUST supply all arguments (except for self and _cmd, the automatically generated ones.) } // Hooking an instance method with no arguments. - (id)noArguments { %log; id awesome = %orig; [awesome doSomethingElse]; return awesome; } // Always make sure you clean up after yourself; Not doing so could have grave consequences! %end */- 修改tewak工程的xm文件之后的代碼筛峭,hook Springboard當(dāng)按下home鍵觸發(fā)的函數(shù),并打印信息
%hook SpringBoard - (void)_menuButtonDown:(id)arg1 { NSLog(@"x=%d, y=%d", 10, 20); %log((NSString *)@"iOSRE", (NSString *)@"Debug"); %orig; // call the original _menuButtonDown: } %end -
control
- control文件記錄了deb包管理系統(tǒng)所需的基本信息陪每,會(huì)被打包deb包里影晓。
-
MyFirstRePoject.plist
- 做用對象的文件
? myfirstrepoject plutil -p MyFirstRePoject.plist { "Filter" => { "Bundles" => [ 0 => "com.apple.springboard" ] } }
-
編譯工程
# Makefile文件直接make執(zhí)行 ? myfirstrepoject make # 錯(cuò)誤 ? myfirstrepoject make Makefile:1: /makefiles/common.mk: No such file or directory Makefile:6: /tweak.mk: No such file or directory make: *** No rule to make target `/tweak.mk'. Stop. # 修改export THEOS=/opt/theos未設(shè)置 export THEOS=/opt/theos # 重啟shell在執(zhí)行make # 最終生成的文件在./.theos/obj/debug/*.dylib -
打包工程
? myfirstrepoject make package > Making all for tweak MyFirstRePoject… make[2]: Nothing to be done for `internal-library-compile'. > Making stage for tweak MyFirstRePoject… Can't locate IO/Compress/Lzma.pm in @INC (you may need to install the IO::Compress::Lzma module) (@INC contains: /usr/local/Cellar/perl/5.26.2/lib/perl5/site_perl/5.26.2/darwin-thread-multi-2level /usr/local/Cellar/perl/5.26.2/lib/perl5/site_perl/5.26.2 /usr/local/Cellar/perl/5.26.2/lib/perl5/5.26.2/darwin-thread-multi-2level /usr/local/Cellar/perl/5.26.2/lib/perl5/5.26.2 /usr/local/lib/perl5/site_perl/5.26.2/darwin-thread-multi-2level /usr/local/lib/perl5/site_perl/5.26.2) at /opt/theos/bin/dm.pl line 12. BEGIN failed--compilation aborted at /opt/theos/bin/dm.pl line 12. make: *** [internal-package] Error 2 # 打印錯(cuò)誤詳細(xì)信息 ? myfirstrepoject make package messages=yes # 清楚make記錄 ? myfirstrepoject make clean # 錯(cuò)誤缺少IO::Compress::Lzma文件 # 通過cpan來安裝就可以了 sudo cpan IO::Compress::Lzma # 然后在執(zhí)行make命令 ? myfirstrepoject make clean ==> Cleaning… ? myfirstrepoject make package > Making all for tweak MyFirstRePoject… ==> Preprocessing Tweak.xm… ==> Compiling Tweak.xm (armv7)… ==> Linking tweak MyFirstRePoject (armv7)… clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated] ==> Generating debug symbols for MyFirstRePoject (armv7)… ==> Preprocessing Tweak.xm… ==> Compiling Tweak.xm (arm64)… ==> Linking tweak MyFirstRePoject (arm64)… clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated] ==> Generating debug symbols for MyFirstRePoject (arm64)… ==> Merging tweak MyFirstRePoject… ==> Signing MyFirstRePoject… > Making stage for tweak MyFirstRePoject… dm.pl: building package `com.iosre.myfirstrepoject:iphoneos-arm' in `./packages/com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb' # ./packages/com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb 即為打出的deb包。 -
查看包(使用dpkg來查看deb包的信息)
? packages dpkg -I com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb new Debian package, version 2.0. size 3682 bytes: control archive=311 bytes. 247 bytes, 10 lines control Package: com.iosre.myfirstrepoject Name: MyFirstRePoject Depends: mobilesubstrate Architecture: iphoneos-arm Description: An awesome MobileSubstrate tweak! Maintainer: chuck Author: chuck Section: Tweaks Version: 0.0.1-6+debug Installed-Size: 120 -
把deb包拷貝到iPhone上去
? packages scp com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb root@192.168.6.107:/tmp -
在iPhone里使用dpkg安裝包
# 如果沒有dpkg使用 apt-get install dpkg 或者直接在Cydia里搜索安裝 iPhone:/tmp root# apt-get install dpkg # 使用 dpkg -i deb包 進(jìn)行安裝 iPhone:/tmp root# dpkg -i com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb Selecting previously unselected package com.iosre.myfirstrepoject. (Reading database ... 4614 files and directories currently installed.) Preparing to unpack com.iosre.myfirstrepoject_0.0.1-6+debug_iphoneos-arm.deb ... Unpacking com.iosre.myfirstrepoject (0.0.1-6+debug) ... Setting up com.iosre.myfirstrepoject (0.0.1-6+debug) ... -
重啟SpringBoard
# Springboard是系統(tǒng)應(yīng)用檩禾,殺死進(jìn)程后會(huì)自動(dòng)重啟 iPhone:/tmp root# killall -9 SpringBoard -
查看日志
# 在Cydia搜索“syslogd to/var/log/syslog”并安裝 # 打印最近的10條日志挂签,并實(shí)時(shí)更新 iPhone:~ root# tail -f /var/log/syslog # 錯(cuò)誤 tail : command not found # 在Cydia搜索“Core Utilities”并安裝 # 看了我的Cydia里裝了Core utilties還是不能使用的話重新裝一遍就可以使用了 # 打印出了我第一個(gè)tewak工程的輸出 Apr 25 10:44:24 iPhone SpringBoard[91]: [MyFirstRePoject] Tweak.xm:5 DEBUG: -[<SpringBoard: 0x150022800> _menuButtonDown:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Timestamp: 8674105041 Total Latency: 21490 us SenderID: 0x0000000100000196 BuiltIn: 1 AttributeDataLength: 36 AttributeData: 01 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ValueType: Absolute EventType: Keyboard UsagePage: 12 Usage: 64 Down: 1 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]: iOSRE, Debug # 或者直接打印SpringBoard的日志 iPhone:/tmp root# tail -f /var/log/syslog | grep SpringBoard Apr 25 10:54:15 iPhone SpringBoard[91]: x=10, y=20 Apr 25 10:54:15 iPhone SpringBoard[91]: [MyFirstRePoject] Tweak.xm:5 DEBUG: -[<SpringBoard: 0x150022800> _menuButtonDown:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apr 25 10:54:15 iPhone SpringBoard[91]: [MPUSystemMediaControls] Enabling lock screen media controls updates for screen turning on. Apr 25 10:54:15 iPhone SpringBoard[91]: [MPUSystemMediaControls] Updating supported commands for now playing application. Apr 25 10:54:16 iPhone SpringBoard[91]: -[UABestAppSuggestionManager notifyBestAppChanged:type:options:bundleIdentifier:activityType:dynamicIdentifier:when:confidence:deviceName:deviceIdentifier:deviceType:] (null) UASuggestedActionType=0 (null)/(null) opts=(null) when=2018-04-25 02:54:16 +0000 confidence=1 from=(null)/(null) (UABestAppSuggestionManager.m #319) Apr 25 10:54:19 iPhone SpringBoard[91]: x=10, y=20 Apr 25 10:54:19 iPhone SpringBoard[91]: [MyFirstRePoject] Tweak.xm:5 DEBUG: -[<SpringBoard: 0x150022800> _menuButtonDown:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apr 25 10:54:22 iPhone SpringBoard[91]: x=10, y=20 Apr 25 10:54:22 iPhone SpringBoard[91]: [MyFirstRePoject] Tweak.xm:5 DEBUG: -[<SpringBoard: 0x150022800> _menuButtonDown:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
修改Makefile文件
include $(THEOS)/makefiles/common.mk # 發(fā)布release版本 DEBUG = 1 # 安裝的ip THEOS_DEVICE_IP = 192.168.6.107 # 支持的架構(gòu) ARCHS = armv7 arm64 # 支持的iPhone版本 TARGET =iphone:latest:8.0 TWEAK_NAME = MyFirstRePoject MyFirstRePoject_FILES = Tweak.xm include $(THEOS_MAKE_PATH)/tweak.mk after-install:: install.exec "killall -9 SpringBoard" # 清楚 clean:: rm -rf ./package/* tip: # 錯(cuò)誤 需要把新添加的信息放到include $(THEOS)/makefiles/common.mk前面,第一行就可以了 ? myfirstrepoject make install ==> Error: /Applications/Xcode.app/Contents/Developer/usr/bin/make install requires that you set THEOS_DEVICE_IP in your environment. ==> Notice: It is also recommended that you have public-key authentication set up for root over SSH, or you will be entering your password a lot. make: *** [internal-install] Error 1 # 然后執(zhí)行直接安裝到手機(jī)上 make clean make make package make install -
Deb包介紹 官網(wǎng)
- deb包本質(zhì)是一個(gè)壓縮包文件盼产,里面包含一些特定的目錄和文件饵婆。安裝過程就是dpkg程序按照指定的規(guī)則去拷貝和執(zhí)行腳本。
# 安裝deb包 dpkg -i filename # 查看目錄結(jié)構(gòu) ? packages dpkg -c com.iosre.myfirstrepoject_0.0.1-10+debug_iphoneos-arm.deb drwxr-xr-x root/wheel 0 2018-04-25 13:45 . drwxr-xr-x root/wheel 0 2018-04-25 13:45 ./Library drwxr-xr-x root/wheel 0 2018-04-25 13:45 ./Library/MobileSubstrate drwxr-xr-x root/wheel 0 2018-04-25 13:45 ./Library/MobileSubstrate/DynamicLibraries -rw-r--r-- root/wheel 57 2018-04-25 13:45 ./Library/MobileSubstrate/DynamicLibraries/MyFirstRePoject.plist -rwxr-xr-x root/wheel 132896 2018-04-25 13:45 ./Library/MobileSubstrate/DynamicLibraries/MyFirstRePoject.dylib- DEBIAN目錄-存放control文件戏售、及安裝和卸載時(shí)需要執(zhí)行的文件等
- control文件
? DEBIAN cat control # deb包的名字侨核,卸載和查詢信息都用這個(gè)名字 Package: com.iosre.myfirstrepoject # 工程名 Name: MyFirstRePoject # 依賴包(可以指定多個(gè),用,分割) Depends: mobilesubstrate # 描述軟件支持的平臺架構(gòu) Architecture: iphoneos-arm # deb簡介 Description: An awesome MobileSubstrate tweak! # deb包維護(hù)人聯(lián)系方式 Maintainer: chuck # 軟件作者 Author: chuck # deb包歸屬類別 Section: Tweaks # 版本 Version: 0.0.1-10+debug Installed-Size: 136- 腳本文件(解釋器文件 #!/bin/sh)
-
preinst
- 在Deb包文件解包之前灌灾,將會(huì)運(yùn)行該腳本搓译。許多“preinst”腳本的任務(wù)是停止作用于待升級軟件包的服務(wù),直到軟件包安裝或升級完成锋喜。
-
postinst
- 該腳本的主要任務(wù)是完成安裝包時(shí)的配置工作些己。許多“postinst”腳本負(fù)責(zé)執(zhí)行有關(guān)命令為新安裝或升級的軟件重啟服務(wù)。
-
prerm
- 該腳本負(fù)責(zé)停止與軟件包相關(guān)聯(lián)的daemon服務(wù)跑芳。它在刪除軟件包關(guān)聯(lián)文件之前執(zhí)行轴总。
-
postrm
- 該腳本負(fù)責(zé)修改軟件包鏈接或文件關(guān)聯(lián),或刪除由它創(chuàng)建的文件博个。
-
# 創(chuàng)建script文件夾創(chuàng)建打包腳本,在安裝和卸載的時(shí)候都重啟SpringBoard ? myfirstrepoject cd script ? script ls ? script vim preinst ? script vim postinst ? script vim prerm ? script vim postrm ? script chmod +x ./* ? script ls postinst postrm preinst prermpostinst #!/bin/sh killall -9 SpringBoardpostrm #!/bin/sh killall -9 SpringBoard- 編寫Makefile
# 把腳本拷貝到DEBIAN目錄下功偿,在最后添加 before-package:: cp ./script/postinst ./.theos/_/DEBIAN/ cp ./script/postrm ./.theos/_/DEBIAN/- 查看
# 查看 ? myfirstrepoject cd .theos/_/DEBIAN ? DEBIAN ls control postinst postrm # 拷貝到手機(jī)上 ? packages scp com.iosre.myfirstrepoject_0.0.1-11+debug_iphoneos-arm.deb root@192.168.6.107:/tmp # 在手機(jī)上安裝deb包的時(shí)候就會(huì)自動(dòng)的重啟SpringBoard iPhone:/tmp root# dpkg -i com.iosre.myfirstrepoject_0.0.1-11+debug_iphoneos-arm.deb # 查看包的信息 iPhone:/tmp root# dpkg -I com.iosre.myfirstrepoject_0.0.1-11+debug_iphoneos-arm.deb new debian package, version 2.0. size 3722 bytes: control archive=384 bytes. 248 bytes, 10 lines control 34 bytes, 3 lines * postinst #!/bin/sh 34 bytes, 3 lines * postrm #!/bin/sh Package: com.iosre.myfirstrepoject Name: MyFirstRePoject Depends: mobilesubstrate Architecture: iphoneos-arm Description: An awesome MobileSubstrate tweak! Maintainer: chuck Author: chuck Section: Tweaks Version: 0.0.1-11+debug Installed-Size: 136 # 通過包的名稱來卸載包 Package: com.iosre.myfirstrepoject iPhone:/tmp root# dpkg -r com.iosre.myfirstrepoject- Library (/myfirstrepoject/.theos/_/Library)
/myfirstrepoject/.theos/_/Library 會(huì)鏡像映射到目標(biāo)設(shè)備 iPhone:/tmp root# cd /Library/MobileSubstrate/DynamicLibraries/- layout
- dpkg打包時(shí)會(huì)復(fù)制當(dāng)前目錄下layout目錄下的所有文件和目錄盆佣,這些文件和目錄會(huì)鏡像到目標(biāo)設(shè)備上(layout相對于設(shè)備的根目錄)
? myfirstrepoject mkdir layout ? myfirstrepoject cd layout ? layout mkdir -p usr/bin ? layout ls usr ? layout touch chuck01 ? layout cd usr/bin ? bin touch chuck02 ? bin cd .. ? usr cd .. ? layout ls chuck01 usr ? layout mkdir tmp ? layout ls chuck01 tmp usr ? layout cd tmp ? tmp touch chuck03 ? tmp# 在重新make package就可以看到我們直接創(chuàng)建的目錄 ? packages dpkg -c com.iosre.myfirstrepoject_0.0.1-12+debug_iphoneos-arm.deb drwxr-xr-x root/whee l 0 2018-04-25 14:48 . -rw-r--r-- root/wheel 0 2018-04-25 14:45 ./chuck01 drwxr-xr-x root/wheel 0 2018-04-25 14:44 ./usr drwxr-xr-x root/wheel 0 2018-04-25 14:45 ./usr/bin -rw-r--r-- root/wheel 0 2018-04-25 14:45 ./usr/bin/chuck02 drwxr-xr-x root/wheel 0 2018-04-25 14:48 ./Library drwxr-xr-x root/wheel 0 2018-04-25 14:48 ./Library/MobileSubstrate drwxr-xr-x root/wheel 0 2018-04-25 14:48 ./Library/MobileSubstrate/DynamicLibraries -rw-r--r-- root/wheel 57 2018-04-25 14:48 ./Library/MobileSubstrate/DynamicLibraries/MyFirstRePoject.plist -rwxr-xr-x root/wheel 132896 2018-04-25 14:48 ./Library/MobileSubstrate/DynamicLibraries/MyFirstRePoject.dylib drwxr-xr-x root/wheel 0 2018-04-25 14:45 ./tmp -rw-r--r-- root/wheel 0 2018-04-25 14:45 ./tmp/chuck03deb001.pngdeb002.pngdeb003.pngdeb004.png
再 dpkg -r package 的時(shí)候這些目錄會(huì)被刪除
deb包用解壓工具解壓出來的就是打包進(jìn)去文件和目錄
-
常見的Logos語法 維基百科wiki
- block-level
- %hook 制定需要hook的Class,必須以%end結(jié)尾械荷」菜#可以被多個(gè)%group包含
%hook SBApplicationController - (void)uninstallApplication:(SBApplication *)application { NSLog(@"Hey, we're hooking uninstallApplication:!"); %orig; // Call the original implementation of this method return; } %end- %group 該指令用于將%hook分組,便于代碼管理及按條件初始化分組吨瞎,必須以%end結(jié)尾痹兜。一個(gè)%group可以包含多個(gè)%hook,所有不屬于某個(gè)自定義group的%hook會(huì)被隱式歸類到%group_ungrouped中。
%group iOS8 %hook IOS8_SPECIFIC_CLASS // your code here %end // end hook %end // end group ios8 %group iOS9 %hook IOS9_SPECIFIC_CLASS // your code here %end // end hook %end // end group ios9 %ctor { if (kCFCoreFoundationVersionNumber > 1200) { %init(iOS9); } else { %init(iOS8); } }- %new 通過在方法定義之上添加這個(gè)指令颤诀,將一個(gè)新方法添加到鉤子類或子類中字旭。簽名是新方法的Objective-C類型編碼;如果省略对湃,將生成一個(gè)。必須在%hook塊內(nèi)遗淳。
// 使用 // %new
// %new(signature)
%hook SBApplicationController
- (void)uninstallApplication:(SBApplication *)application {
NSLog(@"Hey, we're hooking uninstallApplication:!");
%orig; // Call the original implementation of this method
return;
}
%new
- (void)namespaceNewMethod {
NSLog(@"We've added a new method to SpringBoard.");
}
%end
```
* Top level
* %ctor tweak的構(gòu)造函數(shù),完成初始化工作拍柒;如果不顯示定義,Theos會(huì)自動(dòng)生成一個(gè)%ctor,并在其中調(diào)用%init(_ungrouped)屈暗。
* %dtor tweak的構(gòu)造函數(shù),完成收尾拆讯。如果不顯示定義,Theos會(huì)自動(dòng)生成一個(gè)%dtor养叛。
* Function level
* %init 該指令用于初始化某個(gè)%group种呐,必須在%hook或%ctor內(nèi)調(diào)用;如果帶參數(shù)弃甥,則初始化指定的group陕贮,如果不帶參數(shù),則初始化_ungrouped潘飘。注: 切記肮之,只有調(diào)用了%ini,對應(yīng)的%group才能起作用!
```
%ctor {
if (kCFCoreFoundationVersionNumber > 1200) %init(iOS9);
else %init(iOS8);
}
```
* %c 該指令的作用等同于objc_getClass或NSClassFromString,即動(dòng)態(tài)獲取一個(gè)類的定義卜录,在%hook或%ctor內(nèi)使用 戈擒。
```
%hook SpringBoard
- (void)_menuButtonDown:(id)down
{
%orig;
SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance];
[shotter saveScreenshot:YES];
}
%end@
```
* %log 該指令在%hook內(nèi)部使用,將函數(shù)的類名艰毒、參數(shù)等信息寫入syslog,可以%log([(),…..])的格式追加其他打印信息筐高。
* %orig 該指令在%hook內(nèi)部使用,執(zhí)行被hook的函數(shù)的原始代碼丑瞧;也可以用%orig更改原始函數(shù)的參數(shù)柑土。
-
使用Logos語法,點(diǎn)擊home建截屏绊汹,%new新添加實(shí)例方法和類方法
//練習(xí) @interface SBScreenshotter: NSObject + (id)sharedInstance; - (void)saveScreenshot: (BOOL)arg1; @end @interface SpringBoard + (void)_AutoScreenSave2; - (void)_AutoScreenSave; @end %hook SpringBoard - (void)applicationDidFinishLaunching:(id)application { %orig; UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Hello稽屏,chuck!" message:nil delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil]; [alert show]; } %new - (void)_AutoScreenSave { NSLog(@"instance method"); SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance]; [shotter saveScreenshot:YES]; } %new + (void)_AutoScreenSave2 { NSLog(@"class method"); SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance]; [shotter saveScreenshot:YES]; } - (void)_menuButtonDown:(id)arg1 { // NSLog(@"x=%d, y=%d", 10, 20); // %log((NSString *)@"iOSRE", (NSString *)@"Debug"); // 實(shí)例方法調(diào)用 [self _AutoScreenSave]; // 類方法調(diào)用 [%c(SpringBoard) _AutoScreenSave2]; %log((NSString *)@"iOSRE", (NSString *)@"Debug"); %orig; // call the original _menuButtonDown: } %end
