以下仅做我在hook 中的记录,
环境 VM PRO 15
MAC OS 15
Xcode 11.2
工具 monkeydev
install_name_tool
otool
思路:将要hook 的dylib,注入到我们新建的xcode工程中,然后拿着protuct 放到monkeydev 里去正常hook。
1.将dylib扔进hopper,发现有一个RobborVC,随新建一个Xcode工程,在viewDidAppear中,present进RobborVC,
Class cls =NSClassFromString(@"RobotVc"); id Vc = [[cls alloc]init]; [self presentViewController:Vc animated:YES completion:^{ }];
1.使用 0tool -l 查看dylib 的依赖路径,如下图,发现dylib 还依赖了一个libsubstrate.dylib,
2.将上面两个dylib 拖入新建Xocde的根目录中
3.使用install_name_tool修改dylib 依赖路径,
install_name_tool [-id name] input 修改对自身的依赖 install_name_tool [-change old new] input 修改对第三方库的依赖 如: install_name_tool -id @@executable_path/Frameworks/CXZDZW.dylib /Users/jack/Desktop/testDLb/CXZDZW.dylib
install_name_tool -change @loader_path/libsubstrate.dylib /Users/jack/Desktop/testDLb/libsubstrate.dylib
4.载build phases 新增 run script 增加bash脚本,进行copy dylib进 $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH 目录下,并签名
if [-f $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib];then
rm -rf $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib
fi
if [-f $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib];then
rm -rf $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib
fi
if [[ "${CONFIGURATION}" == "Debug" || "${CONFIGURATION}" == "DailyBuild" ]]; then echo "begin copy CXZDZW dylibs into product" cp -R $PROJECT_DIR/CXZDZW.dylib $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH cp -R $PROJECT_DIR/libsubstrate.dylib $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH if [ "${CODE_SIGNING_REQUIRED:-}" != "NO" ]; then /usr/bin/codesign --force --sign "${EXPANDED_CODE_SIGN_IDENTITY}" "$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib" /usr/bin/codesign --force --sign "${EXPANDED_CODE_SIGN_IDENTITY}" "$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib" fi fi
5.找到.app文件,拖入monkeydev中,hook 即可
ps:草稿箱好多半成品文章。。。。