0

When I open the iOS framework AddressBook with IDA, I get the following code:

**__ABPeoplePickerNavigationController_initAsAddressBook_withAddressBook__
var_C= -0xC
PUSH            {R7,LR}
MOV             R7, SP
SUB             SP, SP, #4
MOVW            R1, #0x2B06
MOV.W           R12, #0
MOVT.W          R1, #0xB
STR.W           R12, [SP,#0xC+var_C]
ADD             R1, PC
LDR             R1, [R1]
BLX             _objc_msgSend
ADD             SP, SP, #4
POP             {R7,PC}
; End of function __ABPeoplePickerNavigationController_initAsAddressBook_withAddressBook__**

How can get to know what selector is stored in R1 before _objc_msgSend() called.

With some help from Internet, I do the following things:

  1. After MOVW R1, #0x2B06 and MOVT.W R1, #0xB, I got the R1=0x000B2B06

  2. After ADD R1, PC, I got R1=0x000B2B06+PC(A13A)+4=0x000BCC44, where A13A is the address of ADD R1, PC

  3. the content near that address is:

    __objc_selrefs:000BCC44 DCD aInitasaddres_0 ; "initAsAddressBook:withAddressBook:withS"... __objc_selrefs:000BCC48 DCD aDefaultstylepr ; "defaultStyleProviderForStyle:" __objc_selrefs:000BCC4C DCD aInitwithnaviga ; "initWithNavigationController:" __objc_selrefs:000BCC50 DCD aSetupinitialst ; "setupInitialStackAndLoadState:"

So I got the selector "initAsAddressBook:withAddressBook:withS...",

4.But when I log the workflow I got that "setupInitialStackAndLoadState:" was actually called.

Is there anything wrong with my method to get the selector?

Matt
  • 22,721
  • 17
  • 71
  • 112
youmingtaizi
  • 1
  • 1
  • It makes sense for "initAsAddressBook" method to call another "initAsAddressBook" selector. Why do you think this call goes to "setupInitialStackAndLoadState"? How do you "log the workflow"? – Igor Skochinsky Jun 01 '12 at 09:19
  • I use MSMessageHook to add the log at the beginning and the end of every method, including "initAsAddressBook:withAddressBook:withS...". When the app run, I got the following log: started: ABPeoplePickerNavigationController_initAsAddressBook_withAddressBook_ started: ABPeoplePickerNavigationController_setupInitialStackAndLoadState_ ...finished: ABPeoplePickerNavigationController_initAsAddressBook_withAddressBook_and no started: ABPeoplePickerNavigationController_initAsAddressBook_withAddressBook_withStyle_ appeared in the log file! – youmingtaizi Jun 01 '12 at 14:24

1 Answers1

0

I think it's just a bug or a timing issue with your logging tool. It's clearly calling initAsAddressBook:withAddressBook:withStyle:. Here's what IDA 6.3 shows (a somewhat different build, it seems):

__text:000014A8       PUSH            {R7,LR}
__text:000014AA       ADD             R7, SP, #0
__text:000014AC       SUB             SP, SP, #4
__text:000014AE       LDR             R1, =(selRef_initAsAddressBook_withAddressBook_withStyle_ - 0x14BA)
__text:000014B0       SXTB            R2, R2
__text:000014B2       MOV.W           R12, #0
__text:000014B6       ADD             R1, PC ; selRef_initAsAddressBook_withAddressBook_withStyle_
__text:000014B8       STR.W           R12, [SP,#4+var_4]
__text:000014BC       LDR             R1, [R1]          ; "initAsAddressBook:withAddressBook:withS"...
__text:000014BE       BLX             _objc_msgSend
__text:000014C2       SUB.W           SP, R7, #0
__text:000014C6       POP             {R7,PC}

The setupInitialStackAndLoadState selector is called later in initAsAddressBook:withAddressBook:withStyle:.

Igor Skochinsky
  • 24,629
  • 2
  • 72
  • 109
  • But in my log file, the method initAsAddressBook:withAddressBook:withStyle: is not called. What is called is initAsAddressBook:withAddressBook:. So maybe what you said "The setupInitialStackAndLoadState selector is called later in initAsAddressBook:withAddressBook:withStyle:" makes no sense! – youmingtaizi Jun 02 '12 at 04:20