IOS逆向[一].Hopper反汇编形态
来源:互联网 发布:专业处理淘宝盗图申诉 编辑:程序博客网 时间:2024/05/17 05:43
0x01. 源码包结构
手动添加FirstClass.h、FirstClass.m文件,主要分析反编译前后FirstClass的代码形态。
FirstClass.h实现如下
//// FirstClass.h// case2//// Created by apple on 14-11-19.// Copyright (c) 2014年 apple. All rights reserved.//#import <UIKit/UIKit.h>#define STR @"just for test"#define interger 100@interface FirstClass : NSObject { NSString *test;}- (void) sayHello : (NSString*)name;@endFirstClass.m实现如下//// FirstClass.m// case2//// Created by apple on 14-11-19.// Copyright (c) 2014年 apple. All rights reserved.//#import <Foundation/Foundation.h>#import "FirstClass.h"@implementation FirstClass- (id) init { return self;}- (void) sayHello: (NSString *)name{ NSLog(@"Ha Ha %@ %d %@", STR, interger, name);}@end在AppDelegate中插入调用代码
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. NSLog(@"Hello,world."); FirstClass *fc = [[FirstClass alloc] init]; [fc sayHello:(@"Success")]; return YES;}0x02. class-dump还原头文件
使用class-dump命令还原头文件得到FirstClass.h文件。
cat文件内容如下
0x03.使用Hopper反汇编
0x031. 包结构
0x032. sayHello方法
================ B E G I N O F P R O C E D U R E ================<span style="white-space:pre"></span> ; Basic Block Input Regs: ebp - Killed Regs: eax ecx edx esp ebp esi edi -[FirstClass sayHello:]_2890:00002890 55 push ebp00002891 89E5 mov ebp, esp00002893 57 push edi00002894 56 push esi00002895 83EC30 sub esp, 0x3000002898 E800000000 call 0x289d0000289d 58 pop eax ; XREF=0x28980000289e 8B4D10 mov ecx, dword [ss:ebp-0x38+arg_8]000028a1 8B550C mov edx, dword [ss:ebp-0x38+arg_4]000028a4 8B7508 mov esi, dword [ss:ebp-0x38+arg_0]000028a7 8D7DEC lea edi, dword [ss:ebp-0x38+var_36]000028aa 8975F4 mov dword [ss:ebp-0x38+var_44], esi000028ad 8955F0 mov dword [ss:ebp-0x38+var_40], edx000028b0 C745EC00000000 mov dword [ss:ebp-0x38+var_36], 0x0000028b7 893C24 mov dword [ss:esp], edi000028ba 894C2404 mov dword [ss:esp+0x4], ecx000028be 8945E8 mov dword [ss:ebp-0x38+_PIC_register_], eax000028c1 E828050000 call imp___symbol_stub__objc_storeStrong000028c6 8B45E8 mov eax, dword [ss:ebp-0x38+_PIC_register_]<span style="color:#cc0000;">000028c9 8D88371E0000 lea ecx, dword [ds:eax-0x289d+cfstring_Ha_Ha_____d___] ; @"Ha Ha %@ %d %@"000028cf 8D90471E0000 lea edx, dword [ds:eax-0x289d+cfstring_just_for_test] ; @"just for test"000028d5 BE64000000 mov esi, 0x64000028da 8B7DEC mov edi, dword [ss:ebp-0x38+var_36]000028dd 890C24 mov dword [ss:esp], ecx000028e0 89542404 mov dword [ss:esp+0x4], edx000028e4 C744240864000000 mov dword [ss:esp+0x8], 0x64000028ec 897C240C mov dword [ss:esp+0xc], edi000028f0 8975E4 mov dword [ss:ebp-0x38+var_28], esi000028f3 E8C0040000 call imp___symbol_stub__NSLog</span>000028f8 B800000000 mov eax, 0x0000028fd 8D4DEC lea ecx, dword [ss:ebp-0x38+var_36]00002900 890C24 mov dword [ss:esp], ecx00002903 C744240400000000 mov dword [ss:esp+0x4], 0x00000290b 8945E0 mov dword [ss:ebp-0x38+var_24], eax0000290e E8DB040000 call imp___symbol_stub__objc_storeStrong00002913 83C430 add esp, 0x3000002916 5E pop esi00002917 5F pop edi00002918 5D pop ebp00002919 C3 ret ; endp
0x033. didFinishLaunchingWithOptions
再看看sayHello的调用
================ B E G I N O F P R O C E D U R E ================ ; Basic Block Input Regs: ebp - Killed Regs: eax ecx edx ebx esp ebp esi edi -[AppDelegate application:didFinishLaunchingWithOptions:]_2970:00002970 55 push ebp00002971 89E5 mov ebp, esp00002973 53 push ebx00002974 57 push edi00002975 56 push esi00002976 83EC4C sub esp, 0x4c00002979 E800000000 call 0x297e0000297e 58 pop eax ; XREF=0x29790000297f 8B4D14 mov ecx, dword [ss:ebp-0x58+arg_C]00002982 8B5510 mov edx, dword [ss:ebp-0x58+arg_8]00002985 8B750C mov esi, dword [ss:ebp-0x58+arg_4]00002988 8B7D08 mov edi, dword [ss:ebp-0x58+arg_0]0000298b 8D5DE8 lea ebx, dword [ss:ebp-0x58+var_64]0000298e 897DF0 mov dword [ss:ebp-0x58+var_72], edi00002991 8975EC mov dword [ss:ebp-0x58+var_68], esi00002994 C745E800000000 mov dword [ss:ebp-0x58+var_64], 0x00000299b 891C24 mov dword [ss:esp], ebx0000299e 89542404 mov dword [ss:esp+0x4], edx000029a2 8945D8 mov dword [ss:ebp-0x58+_PIC_register_], eax000029a5 894DD4 mov dword [ss:ebp-0x58+var_44], ecx000029a8 E841040000 call imp___symbol_stub__objc_storeStrong000029ad 8D45E4 lea eax, dword [ss:ebp-0x58+var_60]000029b0 C745E400000000 mov dword [ss:ebp-0x58+var_60], 0x0000029b7 8B4DD4 mov ecx, dword [ss:ebp-0x58+var_44]000029ba 890424 mov dword [ss:esp], eax000029bd 894C2404 mov dword [ss:esp+0x4], ecx000029c1 E828040000 call imp___symbol_stub__objc_storeStrong000029c6 8B45D8 mov eax, dword [ss:ebp-0x58+_PIC_register_]<span style="color:#990000;">000029c9 8D88761D0000 lea ecx, dword [ds:eax-0x297e+cfstring_Hello_world_] ; @"Hello,world."000029cf 890C24 mov dword [ss:esp], ecx000029d2 E8E1030000 call imp___symbol_stub__NSLog000029d7 B800000000 mov eax, 0x0000029dc 8D4DE0 lea ecx, dword [ss:ebp-0x58+var_56]000029df 8B55D8 mov edx, dword [ss:ebp-0x58+_PIC_register_]000029e2 8DB2861D0000 lea esi, dword [ds:edx-0x297e+cfstring_Success] ; @"Success"000029e8 8BBAD21C0000 mov edi, dword [ds:edx-0x297e+0x4650]000029ee 8B9AC21C0000 mov ebx, dword [ds:edx-0x297e+0x4640] ; @selector(alloc)000029f4 893C24 mov dword [ss:esp], edi000029f7 895C2404 mov dword [ss:esp+0x4], ebx000029fb 8945D0 mov dword [ss:ebp-0x58+var_40], eax000029fe 894DCC mov dword [ss:ebp-0x58+var_36], ecx00002a01 8975C8 mov dword [ss:ebp-0x58+var_32], esi00002a04 E8C7030000 call imp___symbol_stub__objc_msgSend00002a09 8B4DD8 mov ecx, dword [ss:ebp-0x58+_PIC_register_]00002a0c 8B91C61C0000 mov edx, dword [ds:ecx-0x297e+0x4644] ; @selector(init)00002a12 890424 mov dword [ss:esp], eax00002a15 89542404 mov dword [ss:esp+0x4], edx00002a19 E8B2030000 call imp___symbol_stub__objc_msgSend00002a1e 8945E0 mov dword [ss:ebp-0x58+var_56], eax00002a21 8B45E0 mov eax, dword [ss:ebp-0x58+var_56]00002a24 8B4DD8 mov ecx, dword [ss:ebp-0x58+_PIC_register_]00002a27 8B91CA1C0000 mov edx, dword [ds:ecx-0x297e+0x4648] ; @selector(sayHello:)00002a2d 890424 mov dword [ss:esp], eax00002a30 89542404 mov dword [ss:esp+0x4], edx00002a34 8B45C8 mov eax, dword [ss:ebp-0x58+var_32]00002a37 89442408 mov dword [ss:esp+0x8], eax00002a3b E890030000 call imp___symbol_stub__objc_msgSend</span>00002a40 C745DC01000000 mov dword [ss:ebp-0x58+var_52], 0x100002a47 8B45CC mov eax, dword [ss:ebp-0x58+var_36]00002a4a 890424 mov dword [ss:esp], eax00002a4d C744240400000000 mov dword [ss:esp+0x4], 0x000002a55 E894030000 call imp___symbol_stub__objc_storeStrong00002a5a B800000000 mov eax, 0x000002a5f 8D4DE4 lea ecx, dword [ss:ebp-0x58+var_60]00002a62 890C24 mov dword [ss:esp], ecx00002a65 C744240400000000 mov dword [ss:esp+0x4], 0x000002a6d 8945C4 mov dword [ss:ebp-0x58+var_28], eax00002a70 E879030000 call imp___symbol_stub__objc_storeStrong00002a75 B800000000 mov eax, 0x000002a7a 8D4DE8 lea ecx, dword [ss:ebp-0x58+var_64]00002a7d 890C24 mov dword [ss:esp], ecx00002a80 C744240400000000 mov dword [ss:esp+0x4], 0x000002a88 8945C0 mov dword [ss:ebp-0x58+var_24], eax00002a8b E85E030000 call imp___symbol_stub__objc_storeStrong00002a90 B001 mov al, 0x100002a92 0FBEC0 movsx eax, al00002a95 83C44C add esp, 0x4c00002a98 5E pop esi00002a99 5F pop edi00002a9a 5B pop ebx00002a9b 5D pop ebp00002a9c C3 ret ; endp
0x04. 小结
使用Hopper生成的汇编代码较IDA来说冗余度比较大,可读性较差。
0 0
- IOS逆向[一].Hopper反汇编形态
- IOS逆向基础知识[一].基础数据类型的反汇编形态
- Hopper 反汇编
- [Mac OS/iOS]反汇编工具Hopper分析Crash Log
- [Mac OS/iOS]反汇编工具Hopper分析Crash Log
- Hopper Disassembler基础使用-iOS逆向工程
- mac反汇编工具Hopper Disassembler 2.8.5
- 逆向与反汇编工具
- iOS开发 -- 分析CrashLog (3) Hopper逆向分析
- iOS逆向工程之Hopper+LLDB调试第三方App
- iOS逆向工程之Hopper中的ARM指令
- iOS逆向工程之Hopper+LLDB调试第三方App
- iOS逆向工程之Hopper+LLDB调试第三方App
- iOS逆向工程之Hopper中的ARM指令
- iOS逆向工程之Hopper中的ARM指令详解
- iOS 逆向 汇编指令
- iOS 逆向--ARM汇编
- 漏洞汇编形态一:NULL结尾拷贝
- poj 1222 EXTENDED LIGHTS OUT(数学:高斯消元||爆搜:DFS)
- 从C++转C#
- To Be a Dog Man
- 系统文件hosts
- Name Eevrything
- IOS逆向[一].Hopper反汇编形态
- iOS --- NSURLRequest 和 NSURLConnection 的网络操作
- Android中几种定时任务的种实现方法
- arm平台的反编译命令
- windows下cmd命令编译C++
- 跨平台的游戏客户端Socket封装
- mysql+php实现选课系统中遇到的问题及解决方法
- linux内核可变参数分析
- Future APP
