将Foundation二进制文件丢到hopper里,
直接就能搜到-[NSBundle bundleIdentifier]是调用的-[NSBundle infoDictionary]实现的。
void * -[NSBundle bundleIdentifier](void * self, void * _cmd) {
rax = [[self infoDictionary] objectForKey:*_kCFBundleIdentifierKey];
return rax;
}
然后-[NSBundle infoDictionary]的实现是
void * -[NSBundle infoDictionary](void * self, void * _cmd) {
rax = [self _cfBundle];
if (rax != 0x0) {
rax = CFBundleGetInfoDictionary(rax);
rax = [rax retain];
rax = [rax autorelease];
}
else {
rax = 0x0;
}
return rax;
}
struct __CFBundle * -[NSBundle _cfBundle](void * self, void * _cmd) {
rdi = self;
rax = *(rdi + 0x10);
if (rax == 0x0) {
rbx = rdi;
rsi = *(rdi + 0x30);
if (rsi != 0x0) {
rax = CFURLCreateWithFileSystemPath(0x0, rsi, 0x0, 0x1);
*(rbx + 0x10) = CFBundleCreate(0x0, rax);
CFRelease(rax);
rax = *(rbx + 0x10);
}
}
return rax;
}
int CFURLCreateWithFileSystemPath(int allocator, int filePath, int pathStyle, int isDirectory) {
rax = _CFURLCreateWithFileSystemPath(allocator, filePath, pathStyle, isDirectory);
return rax;
}
int CFBundleCreate(int allocator, int bundleURL) {
rax = _CFBundleCreate(allocator, bundleURL);
return rax;
}
bundle的创建不看了
int CFBundleGetInfoDictionary(int bundle) {
rax = _CFBundleGetInfoDictionary(bundle);
return rax;
}
接着将CoreFoundation框架丢到hopper里面,找到_CFBundleGetInfoDictionary
int _CFBundleGetInfoDictionary(int arg0) {
pthread_mutex_lock(arg0 + 0xd0);
__CFBundleRefreshInfoDictionaryAlreadyLocked(arg0);
pthread_mutex_unlock(arg0 + 0xd0);
rax = *(arg0 + 0x18);
return rax;
}
int __CFBundleRefreshInfoDictionaryAlreadyLocked(int arg0) {
rdi = arg0;
if (*(rdi + 0x18) == 0x0) goto loc_1a8a23;
loc_1a8a00:
rax = *___stack_chk_guard;
if (rax != *___stack_chk_guard) {
rax = __stack_chk_fail();
}
return rax;
loc_1a8a23:
r15 = rdi;
var_60 = 0x0;
rax = __CFBundleCopyInfoDictionaryInDirectoryWithVersion(___kCFAllocatorSystemDefault, *(r15 + 0x10), &var_60, *(int8_t *)(r15 + 0x35) & 0xff, r8, r9);
*(r15 + 0x18) = rax;
rdi = *(r15 + 0x1c8);
if (rdi != 0x0) {
_CFRelease(rdi);
r14 = *(r15 + 0x18);
}
else {
r14 = rax;
}
*(r15 + 0x1c8) = var_60;
if (r14 == 0x0) goto loc_1a8a00;
loc_1a8a77:
rax = _CFDictionaryGetValue(r14, @"CFBundleNumericVersion");
r13 = rax;
if (rax != 0x0) goto loc_1a8ab9;
loc_1a8a9b:
rax = _CFDictionaryGetValue(r14, @"CFBundleVersion");
r13 = rax;
if (rax == 0x0) goto loc_1a8a00;
loc_1a8ab9:
if (_CFGetTypeID(r13) != _CFStringGetTypeID()) goto loc_1a8b38;
loc_1a8ace:
var_68 = @"CFBundleNumericVersion";
rax = _CFStringGetLength(r13);
r12 = rax + 0xffffffffffffffff;
rcx = 0x0;
if (r12 > 0x9) goto loc_1a8d29;
loc_1a8aea:
rbx = rax;
rdi = r13;
r13 = &var_50;
_CFStringGetCharacters(rdi, 0x0, rbx);
rdi = *(int32_t *)r13;
if (rdi <= 0x39) goto loc_1a8b61;
loc_1a8b13:
r9 = 0x0;
r11 = 0x0;
rax = 0x0;
rsi = 0x0;
if (rdi != 0x2e) goto loc_1a8c71;
loc_1a8b30:
rax = 0x0;
r13 = &var_4E;
goto loc_1a8b98;
loc_1a8b98:
rdx = 0x0;
goto loc_1a8b9a;
loc_1a8b9a:
r8 = 0x8000;
if (r12 <= 0x0) goto loc_1a8bf8;
loc_1a8ba5:
rdi = *(int16_t *)r13 & 0xffff;
r9 = 0x0;
if (rdi <= 0x39) goto loc_1a8c04;
loc_1a8bb8:
rbx = r12;
goto loc_1a8c6c;
loc_1a8c6c:
r11 = rdx;
goto loc_1a8c6f;
loc_1a8c6f:
rsi = 0x0;
goto loc_1a8c71;
loc_1a8c71:
rdi = rdi + 0xffffff9f;
rcx = 0x0;
if ((rdi > 0x5) || ((BIT_TEST(0x2b, rdi)))) goto loc_1a8d29;
loc_1a8c8e:
r8 = *(int32_t *)(0x379cf0 + sign_extend_64(rdi) * 0x4);
rdi = 0x0;
if (rbx < 0x2) goto loc_1a8cff;
loc_1a8ca5:
rdi = *(int16_t *)(r13 + 0x2) & 0xffff;
rdi = rdi + 0xffffffd0;
rcx = 0x0;
if (rdi > 0x9) goto loc_1a8d29;
loc_1a8cb5:
rcx = 0x0;
if (rbx < 0x3) goto loc_1a8cff;
loc_1a8cbd:
r10 = *(int16_t *)(r13 + 0x4) & 0xffff;
if (r10 > 0x39) goto loc_1a8d29;
loc_1a8ccc:
rdi = r10 + (rdi + rdi * 0x4) * 0x2 + 0xffffffffffffffd0;
rcx = 0x0;
rbx = rbx + 0xfffffffffffffffd;
if (rbx <= 0x0) goto loc_1a8cff;
loc_1a8cdc:
r10 = *(int16_t *)(r13 + 0x6) & 0xffff;
if (r10 > 0x39) goto loc_1a8d29;
loc_1a8ceb:
rdi = r10 + (rdi + rdi * 0x4) * 0x2 + 0xffffffffffffffd0;
rbx = rbx > 0x1 ? 0x1 : 0x0;
rdx = r11;
goto loc_1a8d04;
loc_1a8d04:
rcx = 0x0;
if ((rdi <= 0xff) && (rbx == 0x0)) {
rcx = rdi + r9 + (rdx << 0x1c) + (rax << 0x18) + (rsi << 0x14) + r8;
}
goto loc_1a8d29;
loc_1a8d29:
var_54 = 0x0;
var_54 = rcx;
rax = _CFGetAllocator(r15);
rax = _CFNumberCreate(rax, 0x3, &var_54);
_CFDictionarySetValue(r14, var_68, rax);
_CFRelease(rax);
goto loc_1a8a00;
loc_1a8cff:
rdx = r11;
goto loc_1a8d02;
loc_1a8d02:
rbx = 0x0;
goto loc_1a8d04;
loc_1a8c04:
rsi = (rdi & 0xffff) + 0xffffffd0;
rbx = r12 - 0x1;
if (rbx <= 0x0) goto loc_1a8bfa;
loc_1a8c12:
rcx = r13 + 0x2;
rdi = *(int16_t *)rcx & 0xffff;
r9 = 0x0;
if (rdi != 0x2e) goto loc_1a8d66;
loc_1a8c26:
rbx = r12 + 0xfffffffffffffffe;
if (rbx <= 0x0) goto loc_1a8bfa;
loc_1a8c2f:
r10 = r13 + 0x4;
rdi = *(int16_t *)r10 & 0xffff;
r9 = 0x0;
if (rdi <= 0x39) goto loc_1a8d71;
loc_1a8c49:
r13 = r10;
goto loc_1a8d69;
loc_1a8d69:
r11 = rdx;
goto loc_1a8c71;
loc_1a8d71:
r9 = ((rdi & 0xffff) << 0x10) + 0xffd00000;
r12 = r12 + 0xfffffffffffffffd;
if (r12 <= 0x0) goto loc_1a8bfd;
loc_1a8d8a:
r13 = r13 + 0x6;
rdi = *(int16_t *)r13 & 0xffff;
rbx = r12;
goto loc_1a8d69;
loc_1a8bfd:
rdi = 0x0;
goto loc_1a8d02;
loc_1a8bfa:
r9 = 0x0;
goto loc_1a8bfd;
loc_1a8d66:
r13 = rcx;
goto loc_1a8d69;
loc_1a8bf8:
rsi = 0x0;
goto loc_1a8bfa;
loc_1a8b61:
rdx = (rdi & 0xffff) + 0xffffffd0;
r8 = 0x8000;
if (r12 <= 0x0) goto loc_1a8bc0;
loc_1a8b72:
rdi = var_4E & 0xffff;
if (rdi <= 0x39) goto loc_1a8bd2;
loc_1a8b81:
if (rdi != 0x2e) goto loc_1a8c51;
loc_1a8b8b:
r13 = &var_4C;
r12 = rbx + 0xfffffffffffffffe;
rax = rdx;
goto loc_1a8b98;
loc_1a8c51:
r13 = &var_4E;
r9 = 0x0;
rbx = r12;
r11 = 0x0;
rax = rdx;
goto loc_1a8c6f;
loc_1a8bd2:
rax = (rdi & 0xffff) + 0xffffffd0;
rcx = rbx + 0xfffffffffffffffe;
if (rcx <= 0x0) goto loc_1a8bf8;
loc_1a8be1:
rdi = var_4C & 0xffff;
if (rdi != 0x2e) goto loc_1a8c62;
loc_1a8beb:
r13 = &var_4A;
r12 = rbx + 0xfffffffffffffffd;
goto loc_1a8b9a;
loc_1a8c62:
r13 = &var_4C;
r9 = 0x0;
rbx = rcx;
goto loc_1a8c6c;
loc_1a8bc0:
rax = rdx;
rdx = 0x0;
r9 = 0x0;
rdi = 0x0;
rbx = 0x0;
rsi = 0x0;
goto loc_1a8d04;
loc_1a8b38:
if (_CFGetTypeID(r13) != _CFNumberGetTypeID()) {
_CFDictionaryRemoveValue(r14, @"CFBundleNumericVersion");
}
goto loc_1a8a00;
}
int __CFBundleCopyInfoDictionaryInDirectoryWithVersion(int arg0, int arg1, int arg2, int arg3, int arg4, int arg5) {
rcx = arg3;
rdx = arg2;
rsi = arg1;
rdi = arg0;
if (rsi == 0x0) goto loc_24b9d;
loc_24b45:
var_F0 = rdi;
if (rcx > 0x3) goto loc_24f54;
loc_24b55:
r14 = rdx;
r15 = rsi;
goto *0x25000[sign_extend_64(*(int32_t *)(0x25000 + (rcx & 0xff) * 0x4)) + 0x25000];
loc_24b6e:
rbx = _CFURLCreateWithString(___kCFAllocatorSystemDefault, @"Resources/", r15);
r12 = @"Resources/Info-macos.plist";
rax = @"Resources/Info.plist";
goto loc_24c78;
loc_24c78:
if (rbx == 0x0) goto loc_24f54;
loc_24c81:
var_E0 = rax;
var_E8 = r14;
var_F8 = rbx;
rax = _CFURLCopyAbsoluteURL(rbx);
r13 = r15;
r15 = _CFURLCopyFileSystemPath(rax, 0x0);
_CFRelease(rax);
var_50 = 0x0;
*(&var_50 + 0x8) = &var_50;
*(&var_50 + 0x10) = 0x2000000000;
*(&var_50 + 0x18) = 0x0;
r14 = &var_70;
*r14 = 0x0;
*(r14 + 0x8) = r14;
*(r14 + 0x10) = 0x2000000000;
*(r14 + 0x18) = 0x0;
r12 = r12;
rbx = r15;
if (r15 != 0x0) {
r15 = r13;
r13 = _CFStringGetLength(@"Info.plist");
rax = _CFStringGetLength(@"Info-macos.plist");
var_C8 = __NSConcreteStackBlock;
*(&var_C8 + 0x8) = 0x42000000;
*(&var_C8 + 0x10) = ____CFBundleCopyInfoDictionaryInDirectoryWithVersion_block_invoke;
*(&var_C8 + 0x18) = ___block_descriptor_tmp;
*(&var_C8 + 0x20) = r14;
*(&var_C8 + 0x30) = rax;
*(&var_C8 + 0x38) = r12;
*(&var_C8 + 0x40) = r15;
*(&var_C8 + 0x28) = &var_50;
*(&var_C8 + 0x48) = r13;
*(&var_C8 + 0x50) = var_E0;
__CFIterateDirectory();
_CFRelease(rbx);
}
_CFRelease(var_F8);
rsi = *(var_68 + 0x18);
if (rsi == 0x0) goto loc_24de2;
loc_24db2:
var_D0 = 0x0;
_CFURLCreateDataAndPropertiesFromResource(___kCFAllocatorSystemDefault, rsi, &var_D0, 0x0, 0x0, 0x0);
rsi = var_D0;
if (rsi == 0x0) goto loc_24de2;
loc_24ddc:
rax = var_68;
goto loc_24e21;
loc_24e21:
r12 = *(rax + 0x18);
var_D8 = 0x0;
r15 = var_F0;
rax = _CFPropertyListCreateWithData(r15, rsi, 0x1, 0x0, &var_D8);
rbx = rax;
if (rax == 0x0) goto loc_24e7a;
loc_24e54:
if (_CFDictionaryGetTypeID() == _CFGetTypeID(rbx)) goto loc_24ee2;
loc_24e69:
_CFRelease(rbx);
goto loc_24ec7;
loc_24ec7:
rbx = _CFDictionaryCreateMutable(r15, 0x0, _kCFTypeDictionaryKeyCallBacks, _kCFTypeDictionaryValueCallBacks);
goto loc_24ee2;
loc_24ee2:
_CFRelease(0x0);
if ((var_E8 != 0x0) && (r12 != 0x0)) {
_CFRetain(r12);
*var_E8 = r12;
}
goto loc_24f0f;
loc_24f0f:
rdi = *(var_68 + 0x18);
if (rdi != 0x0) {
_CFRelease(rdi);
}
rdi = *(var_48 + 0x18);
if (rdi != 0x0) {
_CFRelease(rdi);
}
_Block_object_dispose(&var_70, 0x8);
_Block_object_dispose(&var_50, 0x8);
if (rbx == 0x0) {
rbx = _CFDictionaryCreateMutable(var_F0, 0x0, _kCFTypeDictionaryKeyCallBacks, _kCFTypeDictionaryValueCallBacks);
}
goto loc_24f73;
loc_24f73:
__CFBundleInfoPlistProcessInfoDictionary(rbx);
goto loc_24f7b;
loc_24f7b:
if (*___stack_chk_guard == *___stack_chk_guard) {
rax = rbx;
}
else {
rax = __stack_chk_fail();
}
return rax;
loc_24e7a:
rdi = var_D8;
if (rdi != 0x0) {
_CFLog(0x3, @"There was an error parsing the Info.plist for the bundle at URL <%p>: %@ - %ld", *(var_48 + 0x18), _CFErrorGetDomain(rdi), _CFErrorGetCode(var_D8), 0x0, stack[2015]);
_CFRelease(var_D8);
}
goto loc_24ec7;
loc_24de2:
rsi = *(var_48 + 0x18);
if (rsi == 0x0) goto loc_24e73;
loc_24df3:
var_D0 = 0x0;
_CFURLCreateDataAndPropertiesFromResource(___kCFAllocatorSystemDefault, rsi, &var_D0, 0x0, 0x0, 0x0);
rsi = var_D0;
if (rsi == 0x0) goto loc_24e73;
loc_24e1d:
rax = var_48;
goto loc_24e21;
loc_24e73:
rbx = 0x0;
goto loc_24f0f;
loc_24f54:
rbx = _CFDictionaryCreateMutable(var_F0, 0x0, _kCFTypeDictionaryKeyCallBacks, _kCFTypeDictionaryValueCallBacks);
goto loc_24f73;
loc_24ba4:
rbx = _CFURLCreateWithString(___kCFAllocatorSystemDefault, @"Support%20Files/", r15);
r12 = @"Support%20Files/Info-macos.plist";
rax = @"Support%20Files/Info.plist";
goto loc_24c78;
loc_24bd3:
rbx = _CFURLCreateWithString(___kCFAllocatorSystemDefault, @"Contents/", r15);
r12 = @"Contents/Info-macos.plist";
rax = @"Contents/Info.plist";
goto loc_24c78;
loc_24bff:
rax = _CFURLCopyFileSystemPath(r15, 0x0);
if (rax == 0x0) goto loc_24f54;
loc_24c12:
r13 = rax;
rax = _CFStringHasSuffix(rax, @"Support Files");
r12 = @"Resources/Info-macos.plist";
var_E0 = @"Resources/Info.plist";
if ((rax == 0x0) && (_CFStringHasSuffix(r13, @"Contents") == 0x0)) {
if (_CFStringHasSuffix(r13, @"Resources") != 0x0) {
rbx = 0x0;
}
else {
rbx = _CFRetain(r15);
r12 = @"Info-macos.plist";
var_E0 = @"Info.plist";
}
}
else {
rbx = 0x0;
}
_CFRelease(r13);
rax = var_E0;
goto loc_24c78;
loc_24b9d:
rbx = 0x0;
goto loc_24f7b;
}
rax = @"Resources/Info.plist";
可以看到读取的是 Resources文件夹下的Info.plist。后面还有其他路径下的。
还发现一个打开文件的方法
void _____CFLookupCFNetworkFunction_block_invoke(void * _block) {
rax = ___CFgetenvIfNotRestricted("CFNETWORK_LIBRARY_PATH");
rdi = "/System/Library/Frameworks/CFNetwork.framework/CFNetwork";
if (rax != 0x0) {
rdi = rax;
}
*___CFLookupCFNetworkFunction.image = dlopen(rdi, 0x5);
return;
}
好复杂,本来想的是直接读取文件,解析,可好像不是这样 的。