0

Part of the source code is

id (*old_objc_msgSend)(id, SEL, ...);

__attribute__((naked))
id new_objc_msgSend(id self, SEL op, ...) {
        __asm__ __volatile__ (
                ".thumb\n"
                "ldmia.w sp, {r2, r3}\n"
                "b _old_objc_msgSend\n"
        );
}

But the generated assembly is

Dump of assembler code for function _Z16new_objc_msgSendP11objc_objectP13objc_selectorz:
0x01a7ae9c <_Z16new_objc_msgSendP11objc_objectP13objc_selectorz+0>: stmia.w sp, {r2, r3}
0x01a7aea0 <_Z16new_objc_msgSendP11objc_objectP13objc_selectorz+4>: ldmia.w sp, {r2, r3}
0x01a7aea4 <_Z16new_objc_msgSendP11objc_objectP13objc_selectorz+8>: b.w 0x1a7af68 <_Z27new_initWithContentwithSizeP11objc_objectP13objc_selectorS0_6CGSize+188>
0x01a7aea8 <_Z16new_objc_msgSendP11objc_objectP13objc_selectorz+12>:    bx  lr
0x01a7aeaa <_Z16new_objc_msgSendP11objc_objectP13objc_selectorz+14>:    nop
End of assembler dump.

It branches to a different address.

c c
  • 241
  • 2
  • 6
  • So, what _is_ at that address? Has the symbol been optimised away, or maybe the compiler/linker has put a shim in the branch?. Also, the compiler and version are relevant - [does it even support doing this?](http://llvm.org/bugs/show_bug.cgi?id=9295) There's not enough information here to be useful. – Notlikethat Sep 22 '14 at 11:21
  • Thanks a lot for the reference. For your first question, the symbol old_objc_msgSend is there since nm prints out "00001050 S _old_objc_msgSend". – c c Sep 22 '14 at 13:30
  • 1
    `old_objc_msgSend` is a *function pointer* and you are jumping to the *function pointer*! You want the **address**; `ldr rx,=old_objc_msgSend\n ldr rx, [rx]\n b rx\n`. It is not a different address. The public symbols available to the debugger find *whatever+* **offset**; this should be the address of your function pointer. – artless noise Sep 22 '14 at 14:43

0 Answers0