6. Objective-C’s dynamic nature
6
Objec5ve-‐C:
All available classes are in a set
Classes are dictionaries of methods
As
a
consequence:
Dynamic loading: loading new classes in the application’s “context”
Categories: adding new methods to existing classes
Method swizzling: exchange implementations of a method
Until the last consequences
7. NSBundle you said?
7
From
Apple
docs:
An
NSBundle
object
represents
a
loca%on
in
the
file
system
that
groups
code
and
resources
that
can
be
used
in
a
program.
NSBundle
objects
locate
program
resources,
dynamically
load
and
unload
executable
code,
and
assist
in
localiza;on.
You
build
a
bundle
in
Xcode
using
one
of
these
project
types:
Applica;on,
Framework,
plug-‐ins.
You’re already using NSBundles
9. SIMBL and NSBundle
9
SIMBL:
Runs
as
a
daemon
in
the
system
Watches
for
new
processes
to
be
launched
by
launchd
This is done by observing NSWorkspace
Hooks
in
the
applica5on’s
process
and
loads
your
bundle
Uses the ScriptingBridge interface, SBApplication
SIMBL mixes your NSBundle with the application’s ones
10. The entry point
10
PrincipalClass and +load
NSBundles
have
an
Info.plist
file
Bundle version
Principal class: The principal class typically controls all the other classes
in the bundle; it should mediate between those classes and classes
external to the bundle
SIMBLTargetApplications: custom key to indicate applications where you
want the bundle loaded by SIMBL
+load
method
is
called
whenever
any
class
is
loaded
in
an
applica5on’s
address
space
SIMBL
plugins
use
+load
in
the
Principal
Class
to
ini5alise
11. Your hooking points
11
Singletons
[NSApplication sharedApplication]
[NSNotificationCenter defaultCenter]
[NSHTTPCookieStorage sharedHTTPCookieStorage],…
Well-‐known
classes
(by
method
swizzling)
NSWindow,…
Classes
found
by
introspec5on
Open source code
Debugging the process
14. Running and debugging in Xcode
14
Run
Script
build
phase
to
install
your
project,
run
your
target
applica5on
and
aXach
the
debugger
to
it
https://github.com/iandai/Debug-SIMBL-Plugin
15. List classes in a binary
15
class-dump
Generates
.h
files
for
all
classes
and
methods
found
in
a
file
hXp://stevenygard.com/projects/class-‐dump/
16. List loaded classes at runtime
16
-(void) printClasses
{
int numClasses;
Class * classes = NULL;
classes = NULL;
numClasses = objc_getClassList(NULL, 0);
if (numClasses > 0 )
{
classes = (__unsafe_unretained Class *)malloc(sizeof(Class) *
numClasses);
numClasses = objc_getClassList(classes, numClasses);
for (int i = 0; i < numClasses; i++) {
Class c = classes[i];
NSLog(@"%s", class_getName(c));
}
free(classes);
}
}
18. Objective-C tracing
18
Console and graphical debugger
hXp://www.dribin.org/dave/blog/archives/2006/04/22/
tracing_objc/
command line: NSObjCMessageLoggingEnabled=YES
llvm: call (void)instrumentObjcMessageSends(YES)
dtrace
sudo dtrace -q -n 'objc1234:::entry { printf("%s %sn", probemod,
probefunc); }' // where 1234 is the process ID of the app.
19. F-Script
19
Console and graphical debugger
hXp://www.fscript.org/
hXp://areciv.com/blog/2014/08/f-‐script-‐injec5on-‐in-‐
mavericks/
(also
works
for
Yosemite)
Tip: put the Framework under /System, so that you can also get to it
from a sandboxed application
21. SIMBL future
21
Doesn’t look that good
SIMBL
project
no
longer
maintained,
not
suppor5ng
sandboxed
applica5ons
EasySIMBL
supports
sandboxed
applica5ons
up
to
Yosemite
SwiB
design
is
not
so
dynamic
Still compatible with Objective-C to some extent
One of the main speed gains is because the classes and methods are
statically compiled if possible
Security
concerns
SIMBL allows you to do virtually anything in a process