tweak脚本积累

Posted on

脚步小子,不过都是自己写的

# 可能用到的头文件

素质低一点先全导入

#import <Foundation/Foundation.h>
#import <substrate.h>
#include <mach-o/dyld.h>
#include <mach/mach_types.h>
#include <stdio.h>
#import <execinfo.h>  
#import <dlfcn.h>

# 打印调用栈

void logBacktrace() {
    void *callstack[128];
    int frames = backtrace(callstack, 128);
    char **strs = backtrace_symbols(callstack, frames);
 
    Dl_info info;
 
    NSLog(@"[Backtrace]");
    for (int i = 0; i < frames; ++i) {
        if (dladdr(callstack[i], &info) && info.dli_fbase) {
            NSLog(@"%s - %p (base address: %p)", strs[i], callstack[i], info.dli_fbase);
        } else {
            NSLog(@"%s - %p", strs[i], callstack[i]);
        }
    }
    free(strs);
}
 
%hook HeimdallrUtilities
 
+ (id)apmVersionName {
    NSLog(@"[Hooked] +[HeimdallrUtilities apmVersionName] called");
    logBacktrace();
    
    id result = %orig;
    NSLog(@"Result: %@", result);
    return result;
}

# C 函数

static int (*original_open)(const char *pathname, int oflag, ...);
static int replaced_open(const char *pathname, int oflag, ...) {
    void* arg;
    va_list args;
    va_start(args, oflag);
    arg = va_arg(args, void *);
    va_end(args);
    return original_open(pathname, oflag, arg);
}
static int (*original_stat)(const char* pathname, struct stat* buf);
static int replaced_stat(const char* pathname, struct stat* buf) {
    NSLog(@"HOOK stat");
    return original_stat(pathname, buf);
}
__attribute__((constructor))
static void initialize() {
    // 获取 open 和 stat 函数的地址
    void *handle = dlopen(NULL, RTLD_NOW);
    void *openAddr = dlsym(handle, "open");
    void *statAddr = dlsym(handle, "stat");
    
    // 使用 MSHookFunction 进行 hook
    MSHookFunction(openAddr, (void *)replaced_open, (void **)&original_open);
    MSHookFunction(statAddr, (void *)replaced_stat, (void **)&original_stat);
    dlclose(handle);
}
# 打印函数参数


#import <Foundation/Foundation.h>
#import <substrate.h>
#include <mach-o/dyld.h>
 
// 声明原始函数的类型
typedef id (*orig_sub_A12E07C_t)(id a1);
 
// 保存原始函数指针
orig_sub_A12E07C_t orig_sub_A12E07C;
 
// Hook 的函数
id hook_sub_A12E07C(id a1) {
    // 打印函数的参数
    NSLog(@"[HOOK] sub_A12E07C called with a1: %@", a1);
    
    // 调用原始函数并获取返回值
    id ret = orig_sub_A12E07C(a1);
 
    // 打印函数的返回值
    NSLog(@"[HOOK] sub_A12E07C returned: %@", ret);
    
    // 返回原始函数的返回值
    return ret;
}
 
 
void image_added(const struct mach_header *mh, intptr_t slide) {
    const char* module_name = "AwemeCore";
    uint32_t image_count = _dyld_image_count();
    for (uint32_t i = 0; i < image_count; i++) {
        if (_dyld_get_image_header(i) == mh) {
            const char* image_name = _dyld_get_image_name(i);
            if (strstr(image_name, module_name)) {
                NSLog(@"[HOOK] %s loaded", module_name);
                uintptr_t base_address = (uintptr_t)mh;
                uintptr_t target_address = base_address + 0xa12e07c;
 
                // Hook 函数
                MSHookFunction((void *)target_address, (void *)hook_sub_A12E07C, (void **)&orig_sub_A12E07C);
                
                NSLog(@"[HOOK] Hook installed at address: 0x%lx", target_address);
            }
            break;
        }
    }
}
 
__attribute__((constructor)) static void initialize() {
    // 设置模块加载回调
    _dyld_register_func_for_add_image(image_added);
}