If I am debugging a Mach-O binary using lldb, what data structures in memory can I examine to determine if any methods have been swizzled? Any steps I can follow?
Also, is there a way to determine programmatically if any methods have been swizzled?
Asked
Active
Viewed 113 times
0
-
Does this answer your question? [Is there any way to list all swizzled methods in an iOS app?](https://stackoverflow.com/questions/38488312/is-there-any-way-to-list-all-swizzled-methods-in-an-ios-app) – Willeke Aug 24 '20 at 07:29
-
Hi, it seems that its meant for iOS simulator. I am looking for code that will run on devices. – localacct Aug 26 '20 at 08:53
1 Answers
2
Since you mention lldb you can set symbolic breakpoints on:
b method_exchangeImplementation
b method_setImplementation
b class_replaceMethod
When you hit a breakpoint for:
method_exchangeImplementations(Method _Nonnull m1, Method _Nonnull m2)
you can inspect the m1 m2 args selector names like this:
po (SEL)method_getName($arg1)
po (SEL)method_getName($arg2)
For method_setImplementation(Method _Nonnull m, IMP _Nonnull imp):
po (SEL)method_getName($arg1)
For class_replaceMethod(Class cls, SEL name, IMP imp, const char *types)
po $arg1
po (SEL)method_getName($arg2)
Those Method will likely be yielded through previous calls to:
class_getInstanceMethod(Class _Nullable cls, SEL _Nonnull name)
class_getClassMethod(Class _Nullable cls, SEL _Nonnull name)
so after:
b class_getInstanceMethod
b class_getClassMethod
and hitting respective breakpoints, to inspect class:
po $arg1
to inspect selector:
po (SEL)method_getName($arg2)
The best place to setup those symbolic breakpoints would be here:
__attribute__((constructor))
static void premain() {
int i = 0;
i++; // put xcode breakpoint here and when hit prep your lldb symbolic bps
}
Kamil.S
- 5,205
- 2
- 22
- 51