A, install,
-
Hopper Disassmbler can decompile machine language code from Mach-O files into assembly code or OC pseudocode or Swift pseudocode.
-
I installed here is a trial version, the official download address.
Install good open, did not buy on the trial point
Then he came in
Second, the use of
- will
Mach-O
The file toHopper DisassmblerIn the software, what I’m dragging isThe application
File, right click display package content inside thereMach-O
The difference is only you find it or it finds itMach-O
.
- The meaning of each configuration, translation will know, direct point
OK
That’s it. And then you get itMach-O
fileAssembly code
, if the package is relatively large, it takes some time to parse, and there will be some problems in use, so you can parse it in advance.
- Let’s take a look at the test I used
Mach-O
File source, easy to do comparison.
- (void)viewDidLoad {
[super viewDidLoad];
NSString * string = @"dzm";
NSLog(@"%@", string);
}
Copy the code
- through
Hopper Disassmbler
What do you think when you see assembly codeOC
orSwift
What about pseudocode?
/* @class ViewController */
-(void)viewDidLoad {
var_20 = self;
[[&var_20 super] viewDidLoad];
var_28 = [@"dzm" retain];
NSLog(@"%@", var_28);
objc_storeStrong(&var_28, 0x0);
return;
}
Copy the code
You’ll notice a lot of similarities between the pseudo-code and the original code.
The following is an extension that you can skip.
How to view the official framework source code? Such as:UIKit
?
-
How to find UIKit mach-o file, through the path to find UIKit. Framework, you need to manually file down, the path is the same.
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Framew orks/UIKit.frameworkCopy the code
-
TBD file contains the path to the UIKit Mach-O file. It is a text file. You can open it directly.
-
However, this path is stored on the phone, so we need to access this path through a command line connection to the phone or iFunBox and copy mach-O out.
/System/Library/Frameworks/UIKit.framework/UIKit Copy the code
-
You can also use the command line to get the path of UIKit on the phone, which is the same as the file path of uikit.tbd above.
DengzemiaodeMacBook - Pro: / / to connect my mobile dengzemiao $sh/Users/dengzemiao/Desktop/SSH/login. Sh / / search PID iPhone app: ~ root# ps -A | grep neteasemusic PID TTY TIME CMD 621 ?? 0:28. 44 / var/containers/Bundle/Application/C32DF80E - 733 - a - 4426 - B915 - FD05A426E319 / neteasemusic app/neteasemusic / / to monitor the PID IPhone :~ root# cycript p 621 // import DZMCycript CY# @import DZMCycript {} // load UIKit CY# DZMLoadFramework('UIKit') // Check the import path, the path is the same as above. #"NSBundle </System/Library/Frameworks/UIKit.framework> (loaded)"Copy the code
-
Through iFunBox access phone System directory/System/Library/Frameworks/UIKit framework, find the UIKit Mach – O files.
-
I don’t see UIKit found in the Mach-O file. Where is it? There is a concept called dyld shared cache.
Four, what isDyld shared cache
?
-
Since iOS3.1, in order to improve performance, most of the system dynamic library files are packaged and stored in a dyld shared cache. The cache file path is:
/System/Library/Caches/com.apple.dyld/dyld_shared_cache_armX Copy the code
The X from dyld_shared_cache_armX stands for the ARM processor instruction set architecture and may be… _armv6,… _armv7,… _arm7s,… _arm64, etc., all instruction sets are in principle backward compatible, high level supports all low level.
-
Now that we know which file UIKit’s Mach-o is in, we can find it and look at it. When we find the directory, we find a file dyLD_SHARED_cache_arm64, which we export to the desktop.
-
Then drag it to Hopper Disassmbler and find DYLD Shared Cache (Individual file). In this case, we need to search below to find UIKit, select it, and click Next.
After the search, because there are a lot of UIKit, could we see the path to find before we get the path/System/Library/Frameworks/UIKit framework, the match is on it.
Click Next to recognize UIKit’s Mach-O, and click OK.
-
In the next chapter, the dSC_EXTRACtor dynamic library extractor will be written to extract the contents of dyld_shared_cache_armX dynamic file.