10.1 Block-level
%hook
指定需要hook的class,必须以%end结尾。可以被%group包含
%hook SBApplicationController
-(void)uninstallApplication:(SBApplication *)application {
NSLog(@"Hey, we're hooking uninstallApplication:!");
%orig; // Call the original implementation of this method
return;
}
%end
%group
该指令用于将%hook分组,便于代码管理及按条件初始化分组,必须以%end结尾。
一个%group可以包含多个%hook,所有不属于某个自定义group的%hook会被隐式归类到%group_ungrouped中。
%group iOS8
%hook IOS8_SPECIFIC_CLASS
// your code here
%end // end hook
%end // end group ios8
%group iOS9
%hook IOS9_SPECIFIC_CLASS
// your code here
%end // end hook
%end // end group ios9
%ctor {
if (kCFCoreFoundationVersionNumber > 1200) {
%init(iOS9);
} else {
%init(iOS8);
}
}
%new
在%hook内部使用,给一个现有class添加新函数,功能与class_addMethod相同。
注: Objective-C的category与class_addMethod的区别: 前者是静态的而后者是动态的。
%hook SBApplicationController
-(void)uninstallApplication:(SBApplication *)application {
NSLog(@"Hey, we're hooking uninstallApplication:!");
%orig; // Call the original implementation of this method
return;
}
%new
- (void)namespaceNewMethod
{
NSLog(@"We've added a new method to SpringBoard.");
}
%end
10.2 Top level
%ctor
tweak的构造函数,完成初始化工作;如果不显示定义,Theos会自动生成一个%ctor,并在其中调用%init(_ungrouped)。
%dtor
tweak的构造函数,完成收尾。如果不显示定义,Theos会自动生成一个%dtor。
10.3 Function level
%init
该指令用于初始化某个%group,必须在%hook或%ctor内调用;如果带参数,则初始化指定的group,如果不带参数,则初始化_ungrouped.
注: 切记,只有调用了%init,对应的%group才能起作用!
%ctor {
if (kCFCoreFoundationVersionNumber > 1200) %init(iOS9);
else %init(iOS8);
}
%c
该指令的作用等同于objc_getClass或NSClassFromString,即动态获取一个类的定义,在%hook或%ctor内使用 。
%hook SpringBoard
- (void)_menuButtonDown:(id)down
{
%orig;
SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance];
[shotter saveScreenshot:YES];
}
%end@
%log
该指令在%hook内部使用,将函数的类名、参数等信息写入syslog,可以%log([(),…..])的格式追加其他打印信息。
%orig
该指令在%hook内部使用,执行被hook的函数的原始代码;也可以用%orig更改原始函数的参数。
练习
@interface SBScreenshotter: NSObject
+ (id)sharedInstance;
- (void)saveScreenshot: (BOOL)arg1;
@end
@interface SpringBoard
+ (void)_AutoScreenSave2;
- (void)_AutoScreenSave;
@end
%hook SpringBoard
- (void)applicationDidFinishLaunching:(id)application
{
%orig;
UIAlertView *alert = [[UIAlertView alloc]
initWithTitle:@"Hello,Tanzhou!"
message:nil
delegate:self cancelButtonTitle:@"OK"
otherButtonTitles:nil];
[alert show];
}
%new
- (void)_AutoScreenSave
{
NSLog(@"instance method");
SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance];
[shotter saveScreenshot:YES];
}
%new
+ (void)_AutoScreenSave2
{
NSLog(@"class method");
SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance];
[shotter saveScreenshot:YES];
}
- (void)_menuButtonDown:(id)down
{
//SBScreenShotter *shotter = [%c(SBScreenShotter) sharedInstance];
//[shotter saveScreenshot:YES];
//[self _AutoScreenSave];
[%c(SpringBoard) _AutoScreenSave2];
NSLog(@"x=%d, y=%d", 10, 20);
%log((NSString *)@"iOSRE", (NSString *)@"Debug");
%orig; // call the original _menuButtonDown:
}
%end
%hook SBLockScreenDateViewController
- (void)setCustomSubtitleText:(id)arg1 withColor:(id)arg2
{
/*
NSDate *date=[NSDate date];
NSDateFormatter *format1=[[NSDateFormatter alloc]init];
[format1 setDateFormat:@"yyyy/MM/dd HH:mm:ss"];
NSString *str1=[format1 stringFromDate:date];
*/
struct tm *loctime;
char timeBuf[1024] = {0};
time_t now = time(NULL);
loctime = localtime(&now);
strftime(timeBuf, 30, "[%Y/%m/%d %H:%M:%S]", loctime);
%orig([NSString stringWithUTF8String:timeBuf],arg2);
}
%end
/*
%group HookTest
%hook SpringBoard
- (void)_lockButtonDown:(struct __IOHIDEvent *)arg1 fromSource:(int)arg2
{
NSLog(@"_lockButtonDown");
}
- (void)_lockButtonUp:(struct __IOHIDEvent *)arg1 fromSource:(int)arg2
{
NSLog(@"_lockButtonUp");
}
- (void)powerDownCanceled:(id)arg1
{
NSLog(@"powerDownCanceled");
%orig;
}
- (void)powerDown
{
NSLog(@"powerDown");
}
- (void)powerDownRequested:(id)arg1
{
NSLog(@"powerDownRequested");
}
%end
%end
*/
%ctor
{
%init(_ungrouped);
//%init(HookTest);
}