#import <UIKit/UIKit.h>
#import <hookzz/hookzz.h>
#import <mach-o/dyld.h>
#import <dlfcn.h>
#include <unistd.h>

ZzBuildHookAddress 内存的地址

void getpid_pre_call_sub_10025F9EC(RegState *rs, ThreadStack *threadstack, CallStack *callstack)
{
    NSLog(@"测试---x8 is:开始");
    
    unsigned long request = *(unsigned long *)(&rs->general.regs.x8);
    
    NSLog(@"测试---request(x8) is: %ld\n", request);
    
    
    *(&rs->general.regs.x8) = 4;
    
    unsigned long request2 = *(unsigned long *)(&rs->general.regs.x8);
    
    NSLog(@"测试---request(x8) 修改后is: %ld\n", request2);
    
    return;
    
}

void getpid_half_call_sub_10025F9EC(RegState *rs, ThreadStack *threadstack, CallStack *callstack)
{
    
}
static __attribute__((constructor)) void _logosLocalCtor_f033ab37(int __unused argc, char __unused **argv, char __unused **envp)
{
 void *hack_this_function_ptr = (void *)(_dyld_get_image_vmaddr_slide(0) + 0x10015CC40);
 ZzBuildHookAddress((void *)((unsigned long)hack_this_function_ptr + 0x100), (void *)((unsigned long)hack_this_function_ptr + 0x104), getpid_pre_call_sub_10025F9EC, getpid_half_call_sub_10025F9EC,TRUE);
   
 ZzEnableHook((void *)((unsigned long)hack_this_function_ptr + 0x100));

  }

上面是Hookzz的简单用法,暂时还没完善,还在学习中。

 1,092 人查看

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注