%hookf does not work with MGCopyAnswer?

[seeskyline]

• Electra: 1.0.2
• System Version: iOS 11.0
• Device: iPhone 8

If I use %hookf for MGCopyAnswer, my device always shows alert after respring, "SpringBoard ran into a problem and is now in safe mode....Restart SpringBoard".

Code as below:

extern "C" CFPropertyListRef MGCopyAnswer(CFStringRef prop, uint32_t outTypeCode); %hookf(CFPropertyListRef, MGCopyAnswer, CFStringRef prop, uint32_t outTypeCode) { return %orig(prop, outTypeCode); }

Below is the crash log, anyone can look into it and figure it out?

Incident Identifier: AA553D33-5A6E-419C-A48A-747F9ACAB0F0 CrashReporter Key: 0aebd97973d338aadf6b452e5c49defbbbbda4b5 Hardware Model: iPhone10,1 Process: ptpd [1853] Path: /usr/libexec/ptpd Identifier: ptpd Version: ??? Code Type: ARM-64 (Native) Role: Unspecified Parent Process: launchd [1] Coalition: com.apple.ptpd [103]

Date/Time: 2018-03-02 11:47:00.7929 +0800 Launch Time: 2018-03-02 11:47:00.6340 +0800 OS Version: iPhone OS 11.0 (15A372) Baseband Version: 1.00.03 Report Version: 104

Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Triggered by Thread: 0

Application Specific Information: abort() called

Filtered syslog: None found

Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x000000018632d348 __pthread_kill + 8 1 libsystem_pthread.dylib 0x00000001864457a4 pthread_kill$VARIANT$armv81 + 360 2 libsystem_c.dylib 0x000000018629cfd8 abort + 140 3 libsubstitute.0.dylib 0x00000001012ac6b4 0x10129c000 + 67252 4 testTweak.dylib 0x0000000101770994 0x101700000 + 461204 5 dyld 0x0000000101467a64 ImageLoaderMachO::doModInitFunctions+ 96868 (ImageLoader::LinkContext const&) + 408 6 dyld 0x0000000101467ca8 ImageLoaderMachO::doInitialization+ 97448 (ImageLoader::LinkContext const&) + 36 7 dyld 0x0000000101462d00 ImageLoader::recursiveInitialization+ 77056 (ImageLoader::LinkContext const&, unsigned int, char const, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 372 8 dyld 0x0000000101461d40 ImageLoader::processInitializers+ 73024 (ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 136 9 dyld 0x0000000101461dfc ImageLoader::runInitializers+ 73212 (ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 84 10 dyld 0x000000010145579c dyld::runInitializers+ 22428 (ImageLoader) + 88 11 dyld 0x000000010145c324 dlopen + 976 12 libdyld.dylib 0x00000001861ff4d4 dlopen + 116 13 TweakInject.dylib 0x00000001011e7528 0x1011e0000 + 29992 14 dyld 0x0000000101467a64 ImageLoaderMachO::doModInitFunctions+ 96868 (ImageLoader::LinkContext const&) + 408 15 dyld 0x0000000101467ca8 ImageLoaderMachO::doInitialization+ 97448 (ImageLoader::LinkContext const&) + 36 16 dyld 0x0000000101462d00 ImageLoader::recursiveInitialization+ 77056 (ImageLoader::LinkContext const&, unsigned int, char const, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 372 17 dyld 0x0000000101461d40 ImageLoader::processInitializers+ 73024 (ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 136 18 dyld 0x0000000101461dfc ImageLoader::runInitializers+ 73212 (ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 84 19 dyld 0x0000000101452594 dyld::initializeMainExecutable+ 9620 () + 140 20 dyld 0x0000000101457320 dyld::_main+ 29472 (macho_header const, unsigned long, int, char const, char const, char const*, unsigned long) + 6364 21 dyld 0x000000010145121c _dyld_start + 68

[cjsworld]

the problem is MGCopyAnswer it self

[seeskyline]

Thank you for your comment. So MGCopyAnswer cannot be hooked anymore? Any other way to hook it properly?

[cjsworld]

my hook works fine. email me for detail.

[dingronghui]

I hook MGCopyAnswer method in iOS11, and the program crashed