davidgoldman / inspectivec Goto Github PK

View Code? Open in Web Editor NEW

711.0 711.0 115.0 417 KB

objc_msgSend hook for debugging/inspection purposes.

License: GNU General Public License v3.0

C 6.42% Objective-C++ 60.38% Makefile 1.34% Logos 0.89% Objective-C 25.46% Cycript 5.52%

inspectivec's People

Contributors

Stargazers

Watchers

Forkers

eni9889 packetfahrer vhacker cptfrazz robottang changbiao piaoyunsoft jkcydia jatwaston pandazheng ggthedev chyuantw inarcissuss yunlinakeji pgorsira sunlight2728 seanxiao1988 phongnh haorenqq adm1n007 zhouhesheng ta01st vincentsit suxinde2009 lgq2015 ivin-zhang piaoapiao blockchainb damnya lgq20151 houweifeng suifeng niaorenhuaduo jsj2008 396424982 lubaoyilang mohistattack jmpews relay110 zhencang liushaoxing321 ajian2017 evilino kimiwu bjzz fangqing badheli caiyangjieto shuixi2013 ganvinalix chago holyswordman allea uroboro duduwang20 retval isonium yuknight bigfacecat2017 fengjixuchui shiflymoon cocodinglee fly8888 alanl junyixie see123654 tony0x59 vicxia dxd214 evifree st-rnd balaenicepsrex ahui2823 turlodales rexq57 youngshingjun boyang222 biboyang c-learn zhkl0228 morefine qinglong61 whutdyp avcatshy dilliosdev daydreamboy github-jinwei iwindupbird baiwyc119 bookofstophere piowind rweichler iamfaith hkthirdx level3tjg prathumca viclizq zhzpower fullonrager hasthu

inspectivec's Issues

Sandbox error when running in stock photos app

I am using latest InspectiveC in a tweak injected into ios stock photos app with the following process filter:

com.apple.mobileslideshow

But it fails to create the log file due to permission error.

I got this from syslog:

Sandbox: MobileSlideShow(5264) deny(1) file-write-create /private/var/mobile/Documents/InspectiveC/MobileSlideShow/5264_main.log

Here are the details of my setup:
-Iphone X
-ios 11.1.2
-Using electra jailbreak

How do i fix this?

Compilation Errors

Hi David,

Could you let me know how you compiled InspectiveC? I am compiling this against my MBA, Yosemite 10.10.3, iOS SDK 8.3

By just running make against the Makefile in the InspectiveC directory I am getting a whole bunch of errors, for example,

logging.mm:304:9: error: use of undeclared identifier 'CGAffineTransform'; did you mean 'CFStringTransform'?
CGAffineTransform at = va_arg(args, CGAffineTransform);
^~~~~~~~~~~~~~~~~
CFStringTransform

logging.mm:304:26: error: expected ';' after expression
CGAffineTransform at = va_arg(args, CGAffineTransform);
^
;

logging.mm:307:9: error: unknown type name 'CGPoint'; did you mean 'Point'?
CGPoint point = va_arg(args, CGPoint);
^~~~~~~
Point

logging.mm:310:36: error: unknown type name 'CGRect'; did you mean 'Rect'?
CGRect rect = va_arg(args, CGRect);
^~~~~~
Rect

I have been able to compile my own tweaks properly, but somehow am having trouble with compiling the InspectiveC dylib.

Any help is appreciated.

C++ requires a type specifier for all declarations

who can help me

Feature request: Complete logging option

Should add the ability to temporarily log all Objective-C messages.

This would be nice as it allows one to see what C/C++ functions are doing in the Objective-C world.

i.e:

static void (*orig_func)(...);

static void replace_func(...) {
  enableCompleteLogging();
  orig_func(...);
  disableCompleteLogging();
}

after init, no response.

if i use file to init, it will no response

jmpewsde-iPhone:/private/var/mobile/Documents/Dumped root# cycript -p PUClient InspectiveC.cy

if i use line commnd, it will so slow that to response.

and i just can force to stop the process.

Feature request: Option to log messages to nil

I could definitely see this being (somewhat) useful.

Example no longer functional

The example project in the repository doesn't seem to be functional anymore.
I can't seem to get any of the actual options in the README to work either.

iPhone 5S iOS 10.2 - Yalu102

Feature request: maximum_depth filter.

I want to filter to log via call-tree depth just like Subjective-C's SubjC_set_maximum_depth(size_t maximum_depth) function.

Meaning of ***

Great tool, thanks.

I'm wondering what lines like

***-|Some object<some_address> cy$hasProperty:| @"toCYON"***

mean

The InspectiveC log stops abruptly while printing a class name

After setting watchSelector(@selector(startPictureInPicture)) and tapping the button that calls the method, the InspectiveC log stops abruptly without finishing the method calls and in the middle of printing a class name. I am running this through Cycript on an iPhone 5 9.0.2.

The relative logging depth was set to one.

-|Application sendEvent:| @<0x17e39d90>
  -|UIWindow sendEvent:| @<0x17e42680>
    -|UIWindow _sendTouchesForEvent:| @<0x17e42680>
      -|AVButton touchesEnded:withEvent:| @<0x17dc41b0>
        -|AVButton _sendActionsForEvents:withEvent:| @<0x17dc41b0>
          -|AVButton sendAction:to:forEvent:| @<0x17dc41b0>
            -|Application sendAction:toTarget:fromSender:forEvent:| @<0x17e39d90>
              -|Application sendAction:to:from:forEvent:| @<0x17e39d90>
                -|NSKVONotifying_AVFullScreenPlaybackControlsViewController performSelector:withObject:withObject:| @<0x189ba400>
                  -|NSKVONotifying_AVFullScreenPlaybackControlsViewController pictureInPictureButtonTapped:| @<0x189ba400>
                    -|NSKVONotifying_AVPlayerViewController pictureInPictureButtonTapped:| @<0x182c1a00>
                      -|NSKVONotifying_AVPlayerViewController _togglePictureInPicture| @<0x182c1a00>
                        ***-|NSKVONotifying_AVPictureInPictureController@<0x17e89cb0> startPictureInPicture|***
                          +|UIApplication sharedApplication|
                          -|Application@<0x17e39d90> applicationState|
                          -|AVPictureInPictureController@<0x17e89cb0> isPictureInPicturePossible|
                          -|AVPictureInPictureController@<0x17e89cb0> _window|
                          -|UIWindow@<0x17e42680> retain|
                          -|UIWindow@<0x17e42680> layer|
                          -|UIWindowLayer@<0x17ff48a0> retain|
                          -|WebAVPlayerLayerView@<0x17d6e700> playerLayer|
                          -|WebAVPlayerLayer@<0x17fe44e0> retain|
                          -|WebAVPlayerLayer@<0x17fe44e0> videoGravity|
                          -|__NS

Is this a known issue?

Help

I need help, it doesn't work

Example project crashed when use the libinspectivec.dylib made by myself

I'm using the latest theos and building with make package FINALPACKAGE=1.
iPhone 5c, iOS 9.0.1, iOS 9.0 SDK

InspectiveC watching an object, but the log file is not generated

�How I am using InspectiveC

cy# intFunc=new Type("v").functionWith(int);objFunc=new Type("v").functionWith(id);classFunc=new Type("v").functionWith(Class);selFunc=new Type("v").functionWith(SEL);voidFunc=new Type("v").functionWith(new Type("v"));objSelFunc=new Type("v").functionWith(id,SEL);classSelFunc=new Type("v").functionWith(Class,SEL);handle=dlopen("/usr/lib/libinspectivec.dylib",RTLD_NOW);setMaximumRelativeLoggingDepth=intFunc(dlsym(handle,"InspectiveC_setMaximumRelativeLoggingDepth"));watchObject=objFunc(dlsym(handle,"InspectiveC_watchObject"));unwatchObject=objFunc(dlsym(handle,"InspectiveC_unwatchObject"));watchSelectorOnObject=objSelFunc(dlsym(handle,"InspectiveC_watchSelectorOnObject"));unwatchSelectorOnObject=objSelFunc(dlsym(handle,"InspectiveC_unwatchSelectorOnObject"));watchClass=classFunc(dlsym(handle,"InspectiveC_watchInstancesOfClass"));unwatchClass=classFunc(dlsym(handle,"InspectiveC_unwatchInstancesOfClass"));watchSelectorOnClass=classSelFunc(dlsym(handle,"InspectiveC_watchSelectorOnInstancesOfClass"));unwatchSelectorOnClass=classSelFunc(dlsym(handle,"InspectiveC_unwatchSelectorOnInstancesOfClass"));watchSelector=selFunc(dlsym(handle,"InspectiveC_watchSelector"));unwatchSelector=selFunc(dlsym(handle,"InspectiveC_unwatchSelector"));enableLogging=voidFunc(dlsym(handle,"InspectiveC_enableLogging"));disableLogging=voidFunc(dlsym(handle,"InspectiveC_disableLogging"));enableCompleteLogging=voidFunc(dlsym(handle,"InspectiveC_enableCompleteLogging"));disableCompleteLogging=voidFunc(dlsym(handle,"InspectiveC_disableCompleteLogging"))
(extern "C" void InspectiveC_disableCompleteLogging(void))

cy# watchObject(choose(Application)[0])

The log folder /private/var/mobile/Documents/InspectiveC/ is never created and no logs are created.

I can tell that it is watching the object because I set InspectiveC to watch the AppDelegate object of Safari, and it caused the UI to be slow to respond with every touch input, so InspectiveC must be doing something.

iOS 9.0.2
Latest stable InspectiveC deb
Using the Cycript method

Feature request: Log NSBlock type signature

It appears that NSBlocks may contain type signature information. It would certainly be useful to log this signature if it is available.

See:
https://github.com/ebf/CTObjectiveCRuntimeAdditions
http://clang.llvm.org/docs/Block-ABI-Apple.html

_assert(CYRecvAll(client, &size, sizeof(size))):../Console.cpp(142):Run

When using the deb for the current repository, I have the following error when loading InspectiveC with cycript:

cy# intFunc=new Type("v").functionWith(int);objFunc=new Type("v").functionWith(id);classFunc=new Type("v").functionWith(Class);selFunc=new Type("v").functionWith(SEL);voidFunc=new Type("v").functionWith(new Type("v"));objSelFunc=new Type("v").functionWith(id,SEL);classSelFunc=new Type("v").functionWith(Class,SEL);handle=dlopen("/usr/lib/libinspectivec.dylib",RTLD_NOW);setMaximumRelativeLoggingDepth=intFunc(dlsym(handle,"InspectiveC_setMaximumRelativeLoggingDepth"));watchObject=objFunc(dlsym(handle,"InspectiveC_watchObject"));unwatchObject=objFunc(dlsym(handle,"InspectiveC_unwatchObject"));watchSelectorOnObject=objSelFunc(dlsym(handle,"InspectiveC_watchSelectorOnObject"));unwatchSelectorOnObject=objSelFunc(dlsym(handle,"InspectiveC_unwatchSelectorOnObject"));watchClass=classFunc(dlsym(handle,"InspectiveC_watchInstancesOfClass"));unwatchClass=classFunc(dlsym(handle,"InspectiveC_unwatchInstancesOfClass"));watchSelectorOnClass=classSelFunc(dlsym(handle,"InspectiveC_watchSelectorOnInstancesOfClass"));unwatchSelectorOnClass=classSelFunc(dlsym(handle,"InspectiveC_unwatchSelectorOnInstancesOfClass"));watchSelector=selFunc(dlsym(handle,"InspectiveC_watchSelector"));unwatchSelector=selFunc(dlsym(handle,"InspectiveC_unwatchSelector"));enableLogging=voidFunc(dlsym(handle,"InspectiveC_enableLogging"));disableLogging=voidFunc(dlsym(handle,"InspectiveC_disableLogging"));enableCompleteLogging=voidFunc(dlsym(handle,"InspectiveC_enableCompleteLogging"));disableCompleteLogging=voidFunc(dlsym(handle,"InspectiveC_disableCompleteLogging"))
*** _assert(CYRecvAll(client, &size, sizeof(size))):../Console.cpp(142):Run

Crashes on iOS 10

Currently, this isn't working on iOS 10 due to an issue with MSHookFunction as of CydiaSubstrate v0.9.6301 and below. Saurik already knows about the issue - stay tuned for a fix.

Feature request: arm64 support

At least limited support (no argument logging) would be a great start.

Supporting argument logging on arm64 is not going to be fun - see this.

fatal error: error in backend: misaligned ARM call destination

at first, I download ur repo's newest deb for my iphone5 on ios8, but it crash anyway.
so I clone your repo and build it by theos with xcode8 and 9.2 sdk ,then I found a

fatal error: error in backend: misaligned ARM call destination

it just cause by armv7, arm64 is fine, but my iphone is armv7....

I find the reason is

"blx __Z19getOrigObjc_msgSendv\n"

uintptr_t getOrigObjc_msgSend() {
  return reinterpret_cast<uintptr_t>(orig_objc_msgSend);
}

But it is ashamed that I I can't fix it....

anyway?
thanks!!!

Example does not work on iOS 7.1.2

Hi, I am getting the following error when attempting the example with SpringBoard:

MS:Error: _krncall(mach_vm_read_overwrite(task, data, sizeof(*baton), reinterpret_cast<mach_vm_address_t>(baton), &error)) =268435459
*** _assert(status == 0):../Inject.cpp(143):InjectLibrary

My test bench:

iPhone 4 (iPhone3,1)
iOS 7.1.2
Cydia32_1.1.30
InspectiveC 1.1.0-1, installed via Cydia from apt.golddavid.com
Substrate Safe Mode (Cydia Substrate version 0.9.6301)
installed adv_cmds, which installed Cycript
Cycript then updated itself to 0.9.594 (from Cydia/Telesphoreo - http://apt.saurik.com)

I run the following code:

root# cycript -p SpringBoard

// THEN PASTE THE CONTENTS OF https://raw.githubusercontent.com/DavidGoldman/InspectiveC/master/cycript/InspectiveC.compiled.cy INTO THE CYCRIPT SHELL

cy# setMaximumRelativeLoggingDepth(5)
cy# watchObject(choose(SBUIController)[0])

at this point I get the error.

The logfile is too big.

InspectiveC is a awesome tool.But I've noticed that it produce too many information that I don't need.
eg:many inner detail of some regular call.
Perhaps we can add filter to it so that we can acquire the specific call information we need : )

No logs created for apsd daemon

Steps to reproduce:

Link tweak agains inspectivec.dylib
Tweak code:

#import "InspectiveC.h"
%ctor {
    NSLog(@"[LOGGGGGERRR] --- >>> Entry point <<< ---");
     InspectiveC_setMaximumRelativeLoggingDepth(5);
//   InspectiveC_enableCompleteLogging();
     InspectiveC_enableLogging();
    }

tweak.plist filter:

{
    Filter = {
        Executables = (
            apsd,
        );
    };
}

[InspectiveC] Loading - Directory is "/var/mobile/Documents"
No logs created

Log is always empty despite running enableCompleteLogging()

I have a tweak that runs the following code

#include "InspCWrapper.m"

%ctor {
    setMaximumRelativeLoggingDepth(4);

    NSLog(@"Flag1");
    enableLogging();
    enableCompleteLogging();

    NSLog(@"Flag2");
}

I can confirm that this runs because both Flag1 and Flag2 run successfully. However, despite running enableCompleteLogging(). The log file located in
/var/mobile/Containers/Data/Application/<App-Hex>/Documents/InspectiveC
I always empty. I am happy to sure any additional information if you can confirm that this is not a mistake on my part/what information you need. I installed the deb from Cydia so I did not use fishook when compiling (is this the reason?).
Also, i attempted using the same function using cycript and got this

cy#  enableCompleteLogging(); 
throw new Error("insufficient number of arguments to ffi function")

Feature request: logging caller image name

It could be really great to know who is calling particular objc_msgSend. Could you add a caller image name to logfile ?

Something like:

 void *addr = __builtin_return_address(0);
 Dl_info info;
 dladdr(addr, &info);
 NSString *callerName = [NSString stringWithUTF8String: info.dli_sname]; // thats bad and just an example