IOS逆向[一].Hopper反汇编形态
2014-11-19 23:19
911 查看
0x01. 源码包结构
手动添加FirstClass.h、FirstClass.m文件,主要分析反编译前后FirstClass的代码形态。
FirstClass.h实现如下
FirstClass.m实现如下
在AppDelegate中插入调用代码
0x02. class-dump还原头文件
使用class-dump命令还原头文件得到FirstClass.h文件。
cat文件内容如下
0x03.使用Hopper反汇编
0x031. 包结构
0x032. sayHello方法
0x033. didFinishLaunchingWithOptions
再看看sayHello的调用
0x04. 小结
使用Hopper生成的汇编代码较IDA来说冗余度比较大,可读性较差。
手动添加FirstClass.h、FirstClass.m文件,主要分析反编译前后FirstClass的代码形态。
FirstClass.h实现如下
// // FirstClass.h // case2 // // Created by apple on 14-11-19. // Copyright (c) 2014年 apple. All rights reserved. // #import <UIKit/UIKit.h> #define STR @"just for test" #define interger 100 @interface FirstClass : NSObject { NSString *test; } - (void) sayHello : (NSString*)name; @end
FirstClass.m实现如下
// // FirstClass.m // case2 // // Created by apple on 14-11-19. // Copyright (c) 2014年 apple. All rights reserved. // #import <Foundation/Foundation.h> #import "FirstClass.h" @implementation FirstClass - (id) init { return self; } - (void) sayHello: (NSString *)name{ NSLog(@"Ha Ha %@ %d %@", STR, interger, name); } @end
在AppDelegate中插入调用代码
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. NSLog(@"Hello,world."); FirstClass *fc = [[FirstClass alloc] init]; [fc sayHello:(@"Success")]; return YES; }
0x02. class-dump还原头文件
使用class-dump命令还原头文件得到FirstClass.h文件。
cat文件内容如下
0x03.使用Hopper反汇编
0x031. 包结构
0x032. sayHello方法
================ B E G I N O F P R O C E D U R E ================ <span style="white-space:pre"> </span> ; Basic Block Input Regs: ebp - Killed Regs: eax ecx edx esp ebp esi edi -[FirstClass sayHello:]_2890: 00002890 55 push ebp 00002891 89E5 mov ebp, esp 00002893 57 push edi 00002894 56 push esi 00002895 83EC30 sub esp, 0x30 00002898 E800000000 call 0x289d 0000289d 58 pop eax ; XREF=0x2898 0000289e 8B4D10 mov ecx, dword [ss:ebp-0x38+arg_8] 000028a1 8B550C mov edx, dword [ss:ebp-0x38+arg_4] 000028a4 8B7508 mov esi, dword [ss:ebp-0x38+arg_0] 000028a7 8D7DEC lea edi, dword [ss:ebp-0x38+var_36] 000028aa 8975F4 mov dword [ss:ebp-0x38+var_44], esi 000028ad 8955F0 mov dword [ss:ebp-0x38+var_40], edx 000028b0 C745EC00000000 mov dword [ss:ebp-0x38+var_36], 0x0 000028b7 893C24 mov dword [ss:esp], edi 000028ba 894C2404 mov dword [ss:esp+0x4], ecx 000028be 8945E8 mov dword [ss:ebp-0x38+_PIC_register_], eax 000028c1 E828050000 call imp___symbol_stub__objc_storeStrong 000028c6 8B45E8 mov eax, dword [ss:ebp-0x38+_PIC_register_] <span style="color:#cc0000;">000028c9 8D88371E0000 lea ecx, dword [ds:eax-0x289d+cfstring_Ha_Ha_____d___] ; @"Ha Ha %@ %d %@" 000028cf 8D90471E0000 lea edx, dword [ds:eax-0x289d+cfstring_just_for_test] ; @"just for test" 000028d5 BE64000000 mov esi, 0x64 000028da 8B7DEC mov edi, dword [ss:ebp-0x38+var_36] 000028dd 890C24 mov dword [ss:esp], ecx 000028e0 89542404 mov dword [ss:esp+0x4], edx 000028e4 C744240864000000 mov dword [ss:esp+0x8], 0x64 000028ec 897C240C mov dword [ss:esp+0xc], edi 000028f0 8975E4 mov dword [ss:ebp-0x38+var_28], esi 000028f3 E8C0040000 call imp___symbol_stub__NSLog</span> 000028f8 B800000000 mov eax, 0x0 000028fd 8D4DEC lea ecx, dword [ss:ebp-0x38+var_36] 00002900 890C24 mov dword [ss:esp], ecx 00002903 C744240400000000 mov dword [ss:esp+0x4], 0x0 0000290b 8945E0 mov dword [ss:ebp-0x38+var_24], eax 0000290e E8DB040000 call imp___symbol_stub__objc_storeStrong 00002913 83C430 add esp, 0x30 00002916 5E pop esi 00002917 5F pop edi 00002918 5D pop ebp 00002919 C3 ret ; endp
0x033. didFinishLaunchingWithOptions
再看看sayHello的调用
================ B E G I N O F P R O C E D U R E ================ ; Basic Block Input Regs: ebp - Killed Regs: eax ecx edx ebx esp ebp esi edi -[AppDelegate application:didFinishLaunchingWithOptions:]_2970: 00002970 55 push ebp 00002971 89E5 mov ebp, esp 00002973 53 push ebx 00002974 57 push edi 00002975 56 push esi 00002976 83EC4C sub esp, 0x4c 00002979 E800000000 call 0x297e 0000297e 58 pop eax ; XREF=0x2979 0000297f 8B4D14 mov ecx, dword [ss:ebp-0x58+arg_C] 00002982 8B5510 mov edx, dword [ss:ebp-0x58+arg_8] 00002985 8B750C mov esi, dword [ss:ebp-0x58+arg_4] 00002988 8B7D08 mov edi, dword [ss:ebp-0x58+arg_0] 0000298b 8D5DE8 lea ebx, dword [ss:ebp-0x58+var_64] 0000298e 897DF0 mov dword [ss:ebp-0x58+var_72], edi 00002991 8975EC mov dword [ss:ebp-0x58+var_68], esi 00002994 C745E800000000 mov dword [ss:ebp-0x58+var_64], 0x0 0000299b 891C24 mov dword [ss:esp], ebx 0000299e 89542404 mov dword [ss:esp+0x4], edx 000029a2 8945D8 mov dword [ss:ebp-0x58+_PIC_register_], eax 000029a5 894DD4 mov dword [ss:ebp-0x58+var_44], ecx 000029a8 E841040000 call imp___symbol_stub__objc_storeStrong 000029ad 8D45E4 lea eax, dword [ss:ebp-0x58+var_60] 000029b0 C745E400000000 mov dword [ss:ebp-0x58+var_60], 0x0 000029b7 8B4DD4 mov ecx, dword [ss:ebp-0x58+var_44] 000029ba 890424 mov dword [ss:esp], eax 000029bd 894C2404 mov dword [ss:esp+0x4], ecx 000029c1 E828040000 call imp___symbol_stub__objc_storeStrong 000029c6 8B45D8 mov eax, dword [ss:ebp-0x58+_PIC_register_] <span style="color:#990000;">000029c9 8D88761D0000 lea ecx, dword [ds:eax-0x297e+cfstring_Hello_world_] ; @"Hello,world." 000029cf 890C24 mov dword [ss:esp], ecx 000029d2 E8E1030000 call imp___symbol_stub__NSLog 000029d7 B800000000 mov eax, 0x0 000029dc 8D4DE0 lea ecx, dword [ss:ebp-0x58+var_56] 000029df 8B55D8 mov edx, dword [ss:ebp-0x58+_PIC_register_] 000029e2 8DB2861D0000 lea esi, dword [ds:edx-0x297e+cfstring_Success] ; @"Success" 000029e8 8BBAD21C0000 mov edi, dword [ds:edx-0x297e+0x4650] 000029ee 8B9AC21C0000 mov ebx, dword [ds:edx-0x297e+0x4640] ; @selector(alloc) 000029f4 893C24 mov dword [ss:esp], edi 000029f7 895C2404 mov dword [ss:esp+0x4], ebx 000029fb 8945D0 mov dword [ss:ebp-0x58+var_40], eax 000029fe 894DCC mov dword [ss:ebp-0x58+var_36], ecx 00002a01 8975C8 mov dword [ss:ebp-0x58+var_32], esi 00002a04 E8C7030000 call imp___symbol_stub__objc_msgSend 00002a09 8B4DD8 mov ecx, dword [ss:ebp-0x58+_PIC_register_] 00002a0c 8B91C61C0000 mov edx, dword [ds:ecx-0x297e+0x4644] ; @selector(init) 00002a12 890424 mov dword [ss:esp], eax 00002a15 89542404 mov dword [ss:esp+0x4], edx 00002a19 E8B2030000 call imp___symbol_stub__objc_msgSend 00002a1e 8945E0 mov dword [ss:ebp-0x58+var_56], eax 00002a21 8B45E0 mov eax, dword [ss:ebp-0x58+var_56] 00002a24 8B4DD8 mov ecx, dword [ss:ebp-0x58+_PIC_register_] 00002a27 8B91CA1C0000 mov edx, dword [ds:ecx-0x297e+0x4648] ; @selector(sayHello:) 00002a2d 890424 mov dword [ss:esp], eax 00002a30 89542404 mov dword [ss:esp+0x4], edx 00002a34 8B45C8 mov eax, dword [ss:ebp-0x58+var_32] 00002a37 89442408 mov dword [ss:esp+0x8], eax 00002a3b E890030000 call imp___symbol_stub__objc_msgSend</span> 00002a40 C745DC01000000 mov dword [ss:ebp-0x58+var_52], 0x1 00002a47 8B45CC mov eax, dword [ss:ebp-0x58+var_36] 00002a4a 890424 mov dword [ss:esp], eax 00002a4d C744240400000000 mov dword [ss:esp+0x4], 0x0 00002a55 E894030000 call imp___symbol_stub__objc_storeStrong 00002a5a B800000000 mov eax, 0x0 00002a5f 8D4DE4 lea ecx, dword [ss:ebp-0x58+var_60] 00002a62 890C24 mov dword [ss:esp], ecx 00002a65 C744240400000000 mov dword [ss:esp+0x4], 0x0 00002a6d 8945C4 mov dword [ss:ebp-0x58+var_28], eax 00002a70 E879030000 call imp___symbol_stub__objc_storeStrong 00002a75 B800000000 mov eax, 0x0 00002a7a 8D4DE8 lea ecx, dword [ss:ebp-0x58+var_64] 00002a7d 890C24 mov dword [ss:esp], ecx 00002a80 C744240400000000 mov dword [ss:esp+0x4], 0x0 00002a88 8945C0 mov dword [ss:ebp-0x58+var_24], eax 00002a8b E85E030000 call imp___symbol_stub__objc_storeStrong 00002a90 B001 mov al, 0x1 00002a92 0FBEC0 movsx eax, al 00002a95 83C44C add esp, 0x4c 00002a98 5E pop esi 00002a99 5F pop edi 00002a9a 5B pop ebx 00002a9b 5D pop ebp 00002a9c C3 ret ; endp
0x04. 小结
使用Hopper生成的汇编代码较IDA来说冗余度比较大,可读性较差。
相关文章推荐
- IOS逆向基础知识[一].基础数据类型的反汇编形态
- iOS 逆向之ARM汇编
- iOS 逆向之ARM汇编
- iOS 如何做才安全--逆向工程 - Reveal、IDA、Hopper、https抓包 等
- iOS逆向工程之Hopper中的ARM指令
- iOS逆向工程之Hopper中的ARM指令
- [Mac OS/iOS]反汇编工具Hopper分析Crash Log
- [置顶] iOS逆向工程之Hopper+LLDB调试第三方App
- iOS逆向工程之Hopper中的ARM指令详解
- iOS逆向工程之Hopper中的ARM指令
- iOS 逆向--ARM汇编
- iOS 逆向之ARM汇编
- iOS 逆向之ARM汇编
- iOS 逆向之ARM汇编
- IOS反汇编工具Hopper分析Crash Log
- ARM汇编基础(iOS逆向)
- iOS开发 -- 分析CrashLog (3) Hopper逆向分析
- iOS 逆向之ARM汇编
- hopper反汇编工具的逆向伪代码功能并不理想
- iOS逆向工程之Hopper+LLDB调试第三方App