Small valley bottom exploration collection

Today’s blog has a wave of retweets that may eventually be coveredThe disassembly(brothers do not panic {at the beginning I was the most panic 😆}, we do not need to understand him, we only need to understand the general process on the line)

1. Code analysis

    1. Start with a wave of code that methods don’t implement
@interface XGTest : NSObject
- (void)testDemo;
@end
@implementation XGTest
@end


int main(int argc, const char * argv[]) {
    @autoreleasepool {
        // insert code here...
        
        XGTest *test = [XGTest alloc];
        [test testDemo];
        
        NSLog(@"Hello, World!");
    }
    return 0;
}
Copy the code

One thing we all know: It crashes ~ (run 😆 if you don’t know)

1.1. InstrumentObjcMessageSends aided analysis

Guys, let me open a god perspective ~ (I’ll disassemble the final proof)

    1. The code:
extern void instrumentObjcMessageSends(BOOL flag);

       instrumentObjcMessageSends(YES);
       [test testDemo];
       instrumentObjcMessageSends(NO);
Copy the code
    1. Before and after the method callinstrumentObjcMessageSendsAfter running in the folder\tmp\The next one will be generatedmsgSends-Opening file

    1. Let’s go ahead and look at this file.

We see that after the dynamic method resolution, there are some methods, but we don’t know what this is. (In fact, fast forwarding and slow forwarding ~)

1.2. ForwardingTargetForSelector analysis

    1. At this point, we want to take a look at the official Apple documentation

    1. When I click in

Haha, at this point, I’m going to recommend something

So, English can also be done 😆..

    1. That means you canFind a game changer(It seems that Youdao Dictionary is not humanized.)
    1. So LET me create a new oneClassLet him do it for him and see if he can
 @interface XGSubTest : NSObject
- (void)testDemo;
@end
@implementation XGSubTest
- (void)testDemo{
    NSLog(@"%s",__func__);
}
@end

@implementation XGTest

- (id)forwardingTargetForSelector:(SEL)aSelector{
    NSLog(@"%s - %@",__func__,NSStringFromSelector(aSelector));
    return [XGSubTest alloc];
// return [super forwardingTargetForSelector:aSelector];
}
@end
Copy the code
    1. Look at the output

It does not collapse ~

1.3. methodSignatureForSelector

As we just saw, after going through the quick search, we can continue to find the answer through Apple documentation.

    1. Take a look at Apple’s official documentation

    1. Point in

    1. If you look at this carefully, you’ll see a correlation method

This time youdao translation is ok 😆

That we deal with this would not be in forwardingTargetForSelector ~, see if methodSignatureForSelector set

    1. We need to look at the documentation for the return value ~

    1. code
@implementation XGTest

- (id)forwardingTargetForSelector:(SEL)aSelector{
    NSLog(@"%s - %@",__func__,NSStringFromSelector(aSelector));
    return [super forwardingTargetForSelector:aSelector];
}

- (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector{
    NSLog(@"%s - %@",__func__,NSStringFromSelector(aSelector));
    return [NSMethodSignature signatureWithObjCTypes:"v@:"];
}

- (void)forwardInvocation:(NSInvocation *)anInvocation{
    NSLog(@"%s - %@",__func__,anInvocation);
}

@end
Copy the code
    1. He did go, and he didn’t crash, but it was a fly in the ointment.

    1. Sex ~, then I’ll see if I can specify a way to deal with ~

This is finally perfect this feeling of being able to do so much. The Runtime is still very powerful

2. Assembly verification

At first we are of god find forwardingTargetForSelector and methodSignatureForSelector perspective

    1. We verify with disassembly: go back to the starting state, let it crash, and look at the stack

    1. I click on it to see ~

    1. Our first instinct is to lookCoreFoundationThe source code. I looked here. Can’t find ~)
    1. Then we can only through disassembly ~ here is a tool

You can find a cracked version.

    1. We find the compiled image file ( image list)

    1. To find himDragged intoHopper

    1. Then we find what we want to look for (global search can locate it)

To be honest, guys, this stuff isn’t easy to screenshot

    1. Here I will post the necessary things for my brothers

    1. At this point we’re not sure he’s gonemethodSignatureForSelectorLet’s watch himgotoThen go the process ~

    1. So we also know that the dynamic method agreement will goFast forwardandSlowly forward

Guys, it’s a little messyDo make😆