Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hook_MGCopyAnswer.dylib cause APP "Preferences" crash #2

Open
sugarocrean opened this issue Sep 4, 2017 · 1 comment
Open

hook_MGCopyAnswer.dylib cause APP "Preferences" crash #2

sugarocrean opened this issue Sep 4, 2017 · 1 comment

Comments

@sugarocrean
Copy link

Platform: 6plus
ios: 10.2
Jailbreak: yalu102

steps:

  1. build hook_MGCopyAnswer.dylib with ios9 sdk
  2. ldid -S hook_MGCopyAnswer.dylib
  3. copy to 6P's directory:/Library/MobileSubstrate/DynamicLibraries
  4. Launch Preferences app, Click 'General' -> "About", then Preferences crashed

bt:
Process 5074 stopped

  • thread longjmp可以换成asm_exit? #9, queue = 'com.apple.root.default-qos', stop reason = signal SIGABRT
    frame #0: 0x0000000189479d74 libsystem_kernel.dylib__abort_with_payload + 8 libsystem_kernel.dylib__abort_with_payload:
    -> 0x189479d74 <+8>: b.lo 0x189479d8c ; <+32>
    0x189479d78 <+12>: stp x29, x30, [sp, #-0x10]!
    0x189479d7c <+16>: mov x29, sp
    0x189479d80 <+20>: bl 0x18945e7d0 ; cerror_nocancel
    (lldb) bt
  • thread longjmp可以换成asm_exit? #9, queue = 'com.apple.root.default-qos', stop reason = signal SIGABRT
    • frame #0: 0x0000000189479d74 libsystem_kernel.dylib__abort_with_payload + 8 frame #1: 0x00000001894764c8 libsystem_kernel.dylibabort_with_payload + 12
      frame hook_MGCopyAnswer.dylib cause APP "Preferences" crash #2: 0x000000018c6ea328 TCC<redacted> + 260 frame #3: 0x000000018c6ea224 TCC + 704
      frame How can I using #4: 0x000000018c6ed330 TCC<redacted> + 348 frame #5: 0x000000018957efcc libxpc.dylib + 80
      frame #6: 0x000000018957ef3c libxpc.dylib<redacted> + 40 frame #7: 0x00000001893361bc libdispatch.dylib + 16
      frame Register status is not restored #8: 0x0000000189344a4c libdispatch.dylib<redacted> + 732 frame #9: 0x000000018934634c libdispatch.dylib + 572
      frame 指令传参的顺序影响寄存器使用?求解答 #10: 0x00000001893460ac libdispatch.dylib<redacted> + 124 frame #11: 0x000000018953f2a0 libsystem_pthread.dylib_pthread_wqthread + 1288
      (lldb) q
@jmpews
Copy link
Owner

jmpews commented Sep 4, 2017

ok, i will try it tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmpews @sugarocrean