From 1c9ba76e860687ce58183c3b1acc134dee64c725 Mon Sep 17 00:00:00 2001 From: "Jay Freeman (saurik)" Date: Tue, 26 Oct 2010 08:18:53 +0000 Subject: [PATCH] OMG, now I have 2.2 and 4.0 but not 3.0. --- LockScreen.mm | 215 ++++++++++++++++++-------------------------------- 1 file changed, 76 insertions(+), 139 deletions(-) diff --git a/LockScreen.mm b/LockScreen.mm index f1457da..b675fb3 100644 --- a/LockScreen.mm +++ b/LockScreen.mm @@ -92,8 +92,8 @@ extern NSString * const kCAFilterNearest; _disused static unsigned trace_; #define _trace() do { \ - NSLog(@"_trace(%u)@%s:%u[%s]\n", \ - trace_++, __FILE__, __LINE__, __FUNCTION__\ + NSLog(@"_trace(%u)@%s:%u[%s](%p)\n", \ + trace_++, __FILE__, __LINE__, __FUNCTION__, pthread_self() \ ); \ } while (false) @@ -937,40 +937,12 @@ struct State { // State Machine {{{ static bool cycript_; -static bool jscript_; - -struct ParserSet { - bool backup_; - - ParserSet() { - backup_ = jscript_; - jscript_ = true; - cycript_ = false; - } - - ~ParserSet() { - jscript_ = backup_; - } -}; - -MSHook(State, _ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE, void *_this, State state) { - ParserSet set; - return __ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE(_this, state); -} - -MSHook(void, _ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE, void *_this, void *resource) { - ParserSet set; - return __ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE(_this, resource); -} - -MSHook(void, _ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv, void *_this) { - ParserSet set; - return __ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv(_this); -} MSHook(bool, _ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE, const WebCore::String &mime) { - if (!jscript_ || mime != "text/cycript") + _trace(); + if (mime != "text/cycript") return __ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE(mime); + _trace(); static void *handle(dlopen("/usr/lib/libcycript.dylib", RTLD_LAZY | RTLD_GLOBAL)); if (handle == NULL) @@ -981,7 +953,16 @@ MSHook(bool, _ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6 } // }}} // Script Compiler {{{ +static void Log(const WebCore::String &string) { + size_t length(string.length()); + UChar data[length + 1]; + data[length] = 0; + memcpy(data, string.characters(), length * 2); + NSLog(@"wtf %p:%S:", &string, data); +} + static void Cycriptify(apr_pool_t *pool, const uint16_t *&data, size_t &size) { + _trace(); if (void *handle = dlopen("/usr/lib/libcycript.dylib", RTLD_LAZY | RTLD_GLOBAL)) if (void (*CYParseUChar)(apr_pool_t *, const uint16_t **, size_t *) = reinterpret_cast(dlsym(handle, "CydgetPoolParse"))) CYParseUChar(pool, &data, &size); @@ -991,6 +972,10 @@ static void (*_ZN7WebCore6String6appendEPKtj)(WebCore::String *, const UChar *, static void (*_ZN7WebCore6String8truncateEj)(WebCore::String *, unsigned); static void Cycriptify(const WebCore::String &source, int *psize = NULL) { + if (!cycript_) + return; + cycript_ = false; + const uint16_t *data(source.characters()); size_t length(source.length()), size(length); @@ -1008,6 +993,8 @@ static void Cycriptify(const WebCore::String &source, int *psize = NULL) { *psize = size; apr_pool_destroy(pool); + + Log(source); } // }}} @@ -1033,81 +1020,48 @@ bool CYWeakHell() { false; } -MSHook(void, _ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE, JSC::SourceCode **_this, JSC::JSGlobalData *global, int *line, JSC::UString *message) { - if (!cycript_) - return __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message); - else { - cycript_ = false; - - JSC::SourceCode *source(*_this); - const uint16_t *data(source->data()); - size_t size(source->length()); - - apr_pool_t *pool; - apr_pool_create(&pool, NULL); - - Cycriptify(pool, data, size); - source->~SourceCode(); - new (source) JSC::SourceCode(JSC::UStringSourceProvider::create(JSC::UString(data, size), "cycript://"), 1); - - apr_pool_destroy(pool); +static WebCore::String *string; - __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message); - } +MSHook(const WebCore::String &, _ZNK7WebCore20StringSourceProvider6sourceEv, void *_this) { + _trace(); + const WebCore::String &source(__ZNK7WebCore20StringSourceProvider6sourceEv(_this)); + string = const_cast(&source); + return source; } -MSHook(void, _ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE, void *_this, int start, const UChar *code, unsigned length, int *source, int *line, JSC::UString *message) { - if (!cycript_) - return __ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE(_this, start, code, length, source, line, message); - else { - const uint16_t *data(code); - size_t size(length); - - apr_pool_t *pool; - apr_pool_create(&pool, NULL); - - Cycriptify(pool, data, size); - __ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE(_this, start, data, size, source, line, message); - - apr_pool_destroy(pool); - } +// iOS 2.x +MSHook(State, _ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i, void *_this, const WebCore::String &string, State state, const WebCore::String &url, int line) { + _trace(); + Cycriptify(string); + return __ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i(_this, string, state, url, line); } -static WebCore::String *string; - +// iOS 4.x cdata MSHook(void, _ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi, void *_this, const WebCore::String &source, const WebCore::KURL &url, int line) { - if (cycript_) - Cycriptify(source); + _trace(); + Cycriptify(source); return __ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi(_this, source, url, line); } -/*void Log(const WebCore::String &string) { - size_t length(string.length()); - UChar data[length + 1]; - data[length] = 0; - memcpy(data, string.characters(), length * 2); - NSLog(@"wtf :%S:", data); -}*/ - +// iOS 4.x @src= MSHook(const WebCore::String &, _ZN7WebCore12CachedScript6scriptEv, void *_this) { + _trace(); const WebCore::String &script(__ZN7WebCore12CachedScript6scriptEv(_this)); - - //NSLog(@"wtf evil %s %s -- %p %p", jscript_ ? "true" : "false", cycript_ ? "true" : "false", _this, &script); - //Log(script); - string = const_cast(&script); + Log(script); return script; } +// iOS 4.x @src= MSHook(State, _ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE, void *_this, void *source, State state) { - //NSLog(@"wtf tree %s %s %p", jscript_ ? "true" : "false", cycript_ ? "true" : "false", string); - - if (cycript_ && string != NULL) - Cycriptify(*string, reinterpret_cast(source) + 3); - - cycript_ = false; + _trace(); + if (string != NULL) { + if (iOS4) + Cycriptify(*string, reinterpret_cast(source) + 3); + else + Cycriptify(*string); + } string = NULL; - return __ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE(_this, source, state); } @@ -1384,69 +1338,52 @@ static void dlset(Type_ &function, const char *name) { [NSURLProtocol registerClass:[CydgetURLProtocol class]]; [NSURLProtocol registerClass:[CydgetCGIURLProtocol class]]; - if (!iOS4) { - void (*_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE)(JSC::SourceCode **, JSC::JSGlobalData *, int *, JSC::UString *); - dlset(_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE, "_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE"); - if (_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE != NULL) - MSHookFunction(_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE, MSHake(_ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE)); - } - - void (*_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE)(void *, int, const UChar *, unsigned, int *, int *, JSC::UString *); - dlset(_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE, "_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE"); - if (_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE != NULL) - MSHookFunction(_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE, MSHake(_ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE)); - - struct nlist nl[10]; + struct nlist nl[9]; memset(nl, 0, sizeof(nl)); - nl[0].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE"; - nl[1].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE"; - nl[2].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv"; - nl[3].n_un.n_name = (char *) "__ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE"; - - nl[4].n_un.n_name = (char *) "__ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi"; - nl[5].n_un.n_name = (char *) "__ZN7WebCore12CachedScript6scriptEv"; - nl[6].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE"; + nl[0].n_un.n_name = (char *) "__ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE"; - nl[7].n_un.n_name = (char *) "__ZN7WebCore6String6appendEPKtj"; - nl[8].n_un.n_name = (char *) "__ZN7WebCore6String8truncateEj"; + nl[1].n_un.n_name = (char *) "__ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi"; - nlist("/System/Library/PrivateFrameworks/WebCore.framework/WebCore", nl); + nl[2].n_un.n_name = (char *) "__ZN7WebCore12CachedScript6scriptEv"; + nl[3].n_un.n_name = (char *) "__ZNK7WebCore20StringSourceProvider6sourceEv"; - State (*_ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE)(void *, State); - nlset(_ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE, nl, 0); - MSHookFunction(_ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE, MSHake(_ZN7WebCore13HTMLTokenizer13scriptHandlerENS0_5StateE)); + nl[4].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i"; + nl[5].n_un.n_name = (char *) "__ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE"; - void (*_ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE)(void *, void *); - nlset(_ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE, nl, 1); - if (_ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE != NULL) - MSHookFunction(_ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE, MSHake(_ZN7WebCore13HTMLTokenizer14notifyFinishedEPNS_14CachedResourceE)); + nl[6].n_un.n_name = (char *) "__ZN7WebCore6String6appendEPKtj"; + nl[7].n_un.n_name = (char *) "__ZN7WebCore6String8truncateEj"; - void (*_ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv)(void *); - nlset(_ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv, nl, 2); - if (_ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv != NULL) - MSHookFunction(_ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv, MSHake(_ZN7WebCore13HTMLTokenizer29executeExternalScriptsIfReadyEv)); + nlist("/System/Library/PrivateFrameworks/WebCore.framework/WebCore", nl); bool (*_ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE)(const WebCore::String &); - nlset(_ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE, nl, 3); + nlset(_ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE, nl, 0); MSHookFunction(_ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE, MSHake(_ZN7WebCore16MIMETypeRegistry29isSupportedJavaScriptMIMETypeERKNS_6StringE)); - if (iOS4) { - void (*_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi)(void *, const WebCore::String &, const WebCore::KURL &, int); - nlset(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi, nl, 4); - MSHookFunction(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi, MSHake(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi)); + void (*_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi)(void *, const WebCore::String &, const WebCore::KURL &, int); + nlset(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi, nl, 1); + MSHookFunction(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi, MSHake(_ZN7WebCore16ScriptSourceCodeC2ERKNS_6StringERKNS_4KURLEi)); - const WebCore::String &(*_ZN7WebCore12CachedScript6scriptEv)(void *); - nlset(_ZN7WebCore12CachedScript6scriptEv, nl, 5); - MSHookFunction(_ZN7WebCore12CachedScript6scriptEv, MSHake(_ZN7WebCore12CachedScript6scriptEv)); + const WebCore::String &(*_ZN7WebCore12CachedScript6scriptEv)(void *); + nlset(_ZN7WebCore12CachedScript6scriptEv, nl, 2); + MSHookFunction(_ZN7WebCore12CachedScript6scriptEv, MSHake(_ZN7WebCore12CachedScript6scriptEv)); - State (*_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE)(void *, void *, State); - nlset(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE, nl, 6); + /*const WebCore::String &(*_ZNK7WebCore20StringSourceProvider6sourceEv)(void *); + nlset(_ZNK7WebCore20StringSourceProvider6sourceEv, nl, 3); + MSHookFunction(_ZNK7WebCore20StringSourceProvider6sourceEv, MSHake(_ZNK7WebCore20StringSourceProvider6sourceEv));*/ + + State (*_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i)(void *, const WebCore::String &, State, const WebCore::String &, int); + nlset(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i, nl, 4); + if (_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i != NULL) + MSHookFunction(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i, MSHake(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_6StringENS0_5StateES3_i)); + + State (*_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE)(void *, void *, State); + nlset(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE, nl, 5); + if (_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE != NULL) MSHookFunction(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE, MSHake(_ZN7WebCore13HTMLTokenizer15scriptExecutionERKNS_16ScriptSourceCodeENS0_5StateE)); - } - nlset(_ZN7WebCore6String6appendEPKtj, nl, 7); - nlset(_ZN7WebCore6String8truncateEj, nl, 8); + nlset(_ZN7WebCore6String6appendEPKtj, nl, 6); + nlset(_ZN7WebCore6String8truncateEj, nl, 7); } + (id) rootViewController { -- 2.45.2