@zhuzhu wrote:
r7 = sp + 0xc; sp = sp - 0x1c; r10 = [arg2 retain]; r8 = [arg3 retain]; if (r10 != 0x0) { r6 = [[r10 pEffectObject] retain]; r0 = [r6 mStrKey]; r5 = [r0 retain]; r4 = [r5 hasPrefix:@"1a28ef99a66d4c74bc96976c15ec5ca5"]; [r5 release]; [r6 release]; r2 = 0xbebc200; r0 = 0x0; if ((r4 & 0xff) == 0x0) { r2 = 0xe100; } r4 = dispatch_time(r0, 0x0); asm{ strd r0, r6, [sp, #0x30 + var_2C] }; asm{ strd r1, r2, [sp, #0x30 + var_24] }; var_1C = [r10 retain]; r0 = [r8 retain]; var_18 = r0; dispatch_after(r4, 0x0, __dispatch_main_q); [var_18 release]; [var_1C release]; } [r8 release]; [r10 release]; return; }这段汇编中的:
r2 = 0xbebc200; r0 = 0x0; if ((r4 & 0xff) == 0x0) { r2 = 0xe100; } r4 = dispatch_time(r0, 0x0); asm{ strd r0, r6, [sp, #0x30 + var_2C] }; asm{ strd r1, r2, [sp, #0x30 + var_24] }; var_1C = [r10 retain]; r0 = [r8 retain]; var_18 = r0; dispatch_after(r4, 0x0, __dispatch_main_q);r2 因该是dispatch_after 的block 参数,但是 r2 的地址是0xbebc200 没有这块地址怎么整? 下面是反汇编的源码
================ B E G I N N I N G O F P R O C E D U R E ================ 00a3fec2 push {r4, r5, r6, r7, lr} ; Objective C Implementation defined at 0x1b93a38 (instance) 00a3fec4 add r7, sp, #0xc 00a3fec6 push.w {r8, sl} 00a3feca sub sp, #0x1c 00a3fecc mov r0, r2 ; argument #1 for method imp___picsymbolstub4__objc_retain 00a3fece mov r5, r3 00a3fed0 blx imp___picsymbolstub4__objc_retain 00a3fed4 mov sl, r0 00a3fed6 mov r0, r5 00a3fed8 blx imp___picsymbolstub4__objc_retain 00a3fedc mov r8, r0 00a3fede cmp.w sl, #0x0 00a3fee2 beq 0xa3ffca 00a3fee4 movw r0, #0x3e50 ; @selector(pEffectObject), :lower16:(0x1c53d40 - 0xa3fef0) 00a3fee8 movt r0, #0x121 ; @selector(pEffectObject), :upper16:(0x1c53d40 - 0xa3fef0) 00a3feec add r0, pc ; @selector(pEffectObject) 00a3feee ldr r1, [r0] ; "pEffectObject",@selector(pEffectObject), argument #2 for method imp___picsymbolstub4__objc_msgSend 00a3fef0 mov r0, sl 00a3fef2 blx imp___picsymbolstub4__objc_msgSend 00a3fef6 mov r7, r7 00a3fef8 blx imp___picsymbolstub4__objc_retainAutoreleasedReturnValue 00a3fefc mov r6, r0 00a3fefe movw r0, #0x9722 ; @selector(mStrKey), :lower16:(0x1c4962c - 0xa3ff0a) 00a3ff02 movt r0, #0x120 ; @selector(mStrKey), :upper16:(0x1c4962c - 0xa3ff0a) 00a3ff06 add r0, pc ; @selector(mStrKey) 00a3ff08 ldr r1, [r0] ; "mStrKey",@selector(mStrKey), argument #2 for method imp___picsymbolstub4__objc_msgSend 00a3ff0a mov r0, r6 00a3ff0c blx imp___picsymbolstub4__objc_msgSend 00a3ff10 mov r7, r7 00a3ff12 blx imp___picsymbolstub4__objc_retainAutoreleasedReturnValue 00a3ff16 mov r5, r0 00a3ff18 movw r0, #0x24a8 ; @selector(hasPrefix:), :lower16:(0x1c423d0 - 0xa3ff28) 00a3ff1c movt r0, #0x120 ; @selector(hasPrefix:), :upper16:(0x1c423d0 - 0xa3ff28) 00a3ff20 movw r2, #0x3826 ; @"1a28ef99a66d4c74bc96976c15ec5ca5", :lower16:(cfstring_1a28ef99a66d4c74bc96976c15ec5ca5 - 0xa3ff2e) 00a3ff24 add r0, pc ; @selector(hasPrefix:) 00a3ff26 movt r2, #0x104 ; @"1a28ef99a66d4c74bc96976c15ec5ca5", :upper16:(cfstring_1a28ef99a66d4c74bc96976c15ec5ca5 - 0xa3ff2e) 00a3ff2a add r2, pc ; @"1a28ef99a66d4c74bc96976c15ec5ca5" 00a3ff2c ldr r1, [r0] ; "hasPrefix:",@selector(hasPrefix:), argument #2 for method imp___picsymbolstub4__objc_msgSend 00a3ff2e mov r0, r5 00a3ff30 blx imp___picsymbolstub4__objc_msgSend 00a3ff34 mov r4, r0 ; XREF=-[PYLeftAndRightLabel layoutSubviews]+474 00a3ff36 mov r0, r5 00a3ff38 blx imp___picsymbolstub4__objc_release 00a3ff3c mov r0, r6 00a3ff3e blx imp___picsymbolstub4__objc_release 00a3ff42 movw r2, #0xc200 00a3ff46 tst.w r4, #0xff 00a3ff4a movt r2, #0xbeb 00a3ff4e mov.w r0, #0x0 ; argument #1 for method imp___picsymbolstub4__dispatch_time 00a3ff52 itt eq 00a3ff54 movweq r2, #0xe100 00a3ff58 movteq r2, #0x5f5 00a3ff5c movs r1, #0x0 ; argument #2 for method imp___picsymbolstub4__dispatch_time 00a3ff5e movs r3, #0x0 00a3ff60 movs r6, #0x0 00a3ff62 blx imp___picsymbolstub4__dispatch_time 00a3ff66 mov r4, r0 00a3ff68 movw r0, #0x92 ; :lower16:(imp___nl_symbol_ptr___NSConcreteStackBlock - 0xa3ff7a) 00a3ff6c movt r0, #0xfe ; :upper16:(imp___nl_symbol_ptr___NSConcreteStackBlock - 0xa3ff7a) 00a3ff70 mov r5, r1 00a3ff72 movw r1, #0x47 ; :lower16:(0xa3ffdf - 0xa3ff98) 00a3ff76 add r0, pc ; imp___nl_symbol_ptr___NSConcreteStackBlock 00a3ff78 movt r1, #0x0 ; :upper16:(0xa3ffdf - 0xa3ff98) 00a3ff7c movw r2, #0x6360 ; :lower16:(0x1a562f0 - 0xa3ff90) 00a3ff80 movt r2, #0x101 ; :upper16:(0x1a562f0 - 0xa3ff90) 00a3ff84 ldr r0, [r0] ; imp___nl_symbol_ptr___NSConcreteStackBlock,__NSConcreteStackBlock 00a3ff86 str r0, [sp, #0x30 + var_30] 00a3ff88 mov.w r0, #0xc2000000 00a3ff8c add r2, pc ; 0x1a562f0 00a3ff8e strd r0, r6, [sp, #0x30 + var_2C] 00a3ff92 mov r0, sl ; argument #1 for method imp___picsymbolstub4__objc_retain 00a3ff94 add r1, pc 00a3ff96 strd r1, r2, [sp, #0x30 + var_24] 00a3ff9a blx imp___picsymbolstub4__objc_retain 00a3ff9e str r0, [sp, #0x30 + var_1C] 00a3ffa0 mov r0, r8 00a3ffa2 blx imp___picsymbolstub4__objc_retain 00a3ffa6 movw r1, #0x62 ; :lower16:(imp___nl_symbol_ptr___dispatch_main_q - 0xa3ffb6) 00a3ffaa mov r3, sp 00a3ffac movt r1, #0xfe ; :upper16:(imp___nl_symbol_ptr___dispatch_main_q - 0xa3ffb6) 00a3ffb0 str r0, [sp, #0x30 + var_18] 00a3ffb2 add r1, pc ; imp___nl_symbol_ptr___dispatch_main_q 00a3ffb4 mov r0, r4 ; argument #1 for method imp___picsymbolstub4__dispatch_after 00a3ffb6 ldr r2, [r1] ; imp___nl_symbol_ptr___dispatch_main_q,__dispatch_main_q, argument #3 for method imp___picsymbolstub4__dispatch_after 00a3ffb8 mov r1, r5 00a3ffba blx imp___picsymbolstub4__dispatch_after 00a3ffbe ldr r0, [sp, #0x30 + var_18] 00a3ffc0 blx imp___picsymbolstub4__objc_release 00a3ffc4 ldr r0, [sp, #0x30 + var_1C] 00a3ffc6 blx imp___picsymbolstub4__objc_release 00a3ffca mov r0, r8 ; XREF=-[pg_sdk_ui_c360_controller editSDKMakeWithSender:withPath:]+32 00a3ffcc blx imp___picsymbolstub4__objc_release 00a3ffd0 mov r0, sl 00a3ffd2 blx imp___picsymbolstub4__objc_release 00a3ffd6 add sp, #0x1c 00a3ffd8 pop.w {r8, sl} 00a3ffdc pop {r4, r5, r6, r7, pc} ; endp
Posts: 2
Participants: 2