持续创造,加速生长!这是我参与「日新计划 10 月更文应战」的第29天,点击检查活动概况
前语
- 快速找到按钮action办法
cy# [#0x17a9cad0 actionsForTarget:#0x174eb8b0 forControlEvent:64]
@["onVerifyContactOk"]
- 代码触发button的点击事情:
[btn sendActionsForControlEvents:UIControlEventTouchUpInside];
I 找按钮的action办法(在逆向分析中的应用例子)
1.1 过程1: 利用cy 找到对应的按钮地址
- 打开views结构:
[UIWindow keyWindow].recursiveDescription().toString()
| | | | | | | | | | | <WCPayOfflinePayBottomButton: 0x170bab80; baseClass =
- 文字unicode转码
\u4e8c\u7ef4\u7801\u6536\u6b3e 进行搜索找到对应按钮
echo -e
1.2 过程2:寻觅 点击按钮对应的执行办法
UIButton 是承继 UIControl 的,而 UIControl 的话能够经过allTargets 与 allControlEvents检查一切的目标与事情,再运用actionsForTarget:forControlEvent:从而找到触发的办法
- (nullable NSArray<NSString *> *)actionsForTarget:(nullable id)target forControlEvent:(UIControlEvents)controlEvent; // single event. returns NSArray of NSString selector names. returns nil if none
- allTargets
cy# [#0x17a9cad0 allTargets]
[NSSet setWithArray:@[#"<WeixinContactInfoAssist: 0x174eb8b0>"]]]
- allControlEvents
cy# [#0x17a9cad0 allControlEvents]
64
actionsForTarget: forControlEvent
cy# [#0x17a9cad0 actionsForTarget:#0x174eb8b0 forControlEvent:64]
@["onVerifyContactOk"]
- 终究确定:
WeixinContactInfoAssist WeixinContactInfoAssist:
- (void)onVerifyContactOk;
1.3 进行验证办法
- objc_msgSend
objc_msgSend(vc, @selector(initView));
- []
cy# [[[#0x170bab80 allTargets] allObjects][0] receiveMoneyBtnPress:nil]
- valueForKey
cy# [[#0x183d6e00 valueForKey:@"m_delegate"] WCPayFacingReceiveChangeToFixedAmount]
1.4 tweak code
相关code的获取,请关注公号:iOS逆向。
- cy# [#0x16b60600 _ivarDescription].toString()
CBaseContactInfoAssist *m_oContactInfoAssist;
CContact *m_contact;
\tm_uiVerify (unsigned long): <01000000>
\tm_contact (CContact*): <CPushContact: 0x177450d0>
\tm_oContactInfoAssist (CBaseContactInfoAssist*): <WeixinContactInfoAssist: 0x174eb8b0>
- 书写
tweak
%hook ContactInfoViewController
- (void)viewWillAppear:(BOOL)arg1 {
%orig;
Ivar mDelegateVar = class_getInstanceVariable(objc_getClass("ContactInfoViewController"), "m_oContactInfoAssist");
WeixinContactInfoAssist * mDelegate = object_getIvar(self, mDelegateVar);
[mDelegate onAction];
Ivar mDelegateVar1 = class_getInstanceVariable(objc_getClass("ContactInfoViewController"), "m_contact");
}
1.5 小结
- 获取allTargets
cy# [[#0x170bab80 allTargets] allObjects][0]
#"<WCPayOfflinePayViewController: 0x1642b200>"
- 获取 actions
cy# [#0x170bab80 actionsForTarget:[[#0x170bab80 allTargets] allObjects][0] forControlEvent:[#0x170bab80 allControlEvents]]
@["receiveMoneyBtnPress:"]
-
cy# [#0x189ce7e0 setHidden:0]验证是否找对了view
II 代码触发button点击事情
2.1 UIControl
NS_CLASS_AVAILABLE_IOS(2_0) @interface UIControl : UIView
// send the action. the first method is called for the event and is a point at which you can observe or override behavior. it is called repeately by the second.
- (void)sendAction:(SEL)action to:(nullable id)target forEvent:(nullable UIEvent *)event;
- (void)sendActionsForControlEvents:(UIControlEvents)controlEvents; // send all actions associated with events
2.2 UIButton
NS_CLASS_AVAILABLE_IOS(2_0) @interface UIButton : UIControl <NSCoding>
2.3 iOS 代码触发button点击事情
cy# [#0x18c0ad10 sendActionsForControlEvents:UIControlEventTouchUpInside]
[btn sendActionsForControlEvents:UIControlEventTouchUpInside];
III 预备知识: UIButton到NSObject之间的承继关系
UIButton承继自UIControl,UIControl承继自UIView,UIView承继自UIResponder,UIResponder承继自最基本的类NSObject。
UIButton是一个控件,它具有“按下”等详细的动作控制,而不仅仅是一个简单的静态组件(如UILabel),从这个视点来看UIButton肯定是承继自UIControl的; UIControl承继自UIView,它将UIView的复杂的触摸事情封装成了像“Touch Down”“Editing DidBegin”“Touch Drag Enter”等详细的UIControlEvent事情,其他承继自UIControl的控件还有UISwitch、UITextField、UISlider、UISegmentedControl、UIPageControl等。
最终UIView、UIControl等都是可交互的元素,它们必定都承继自UIResponder,UIResponder承继自根类NSObject
see also
更多内容请关注 #公号:iOS逆向,只为你呈现有价值的信息,专注于移动端技术研究领域;
