0

I am new to assembly code and am learning a lot through examining disassembled iOS code through Hopper. One thing I cannot figure out is how to determine the variables that are being used in a formatted string. Here is a code snippet.

r0 = [var_60 myCustomString];
r0 = [r0 retain];
r22 = [[NSString stringWithFormat:@"%@%@%@"] retain];
[r0 release];

As you can see a variable is set in r0 just prior to r22. Then stringWithFormat:@"%@%@%@" is called with three variables (i.e. %@).

How would I go about finding what the other two variables are. I know one is myCustomString but do I just go back through the code and determine what other variables have not been released? If so, what order would the formatted string work in. For example, would myCustomString be the first format variable (%@) or the last one since it was most recently defined.

Thank you for your help!

EDIT

Here is the decompiled view of this variable:

enter image description here

MillerMedia
  • 3,651
  • 17
  • 71
  • 150
  • Short answer is that Hopper's decompiler isn't that great, and it just fails here, and you can check what's going on using the disassembled view rather than the decompiled view. The best way to explore is to write your own code and see what it takes to reproduce what you're seeing in Hopper. Which architecture is this, btw? – Rob Napier Jan 10 '23 at 16:55
  • Thanks! The architecture is aarch64. I should clarify that this is part of a larger function. I've also just pasted the section of the decompiled view of this string definition if there is anything to be derived from it. Great idea about writing my own code for this, so I will try that as well. – MillerMedia Jan 10 '23 at 19:15
  • Also, you seem to be correct about the decompiler failing as I checked other code that I have access to the source on and it included the variables after the stringWithFormat function call. – MillerMedia Jan 10 '23 at 20:02
  • 1
    Make sure you're building in Release mode when you try to see what Hopper does. The key point is that on aarch64, parameters are generally in x0 through x7. You can see how x0 is `self` and x1 is `_cmd` and x2 is the first parameter (the format string). But the rest are varadic, and I don't know the calling convention for that. You'll need to look it up. – Rob Napier Jan 10 '23 at 20:28

0 Answers0