Open Ianlitian opened 2 years ago
在 M1 上 hook 系统函数CFPasteboardCopyData会崩溃,其他的函数如CFPasteboardSetData不会。
dobby版本: master分支最新代码
环境: M1 macOS 11.5.2
系统崩溃报告:
Process: TestCopy [42746] Path: /Users/USER/Library/Developer/Xcode/DerivedData/TestCopy-atwbsqoyyigyeybenhvhfgqfyhor/Build/Products/Debug/TestCopy.app/Contents/MacOS/TestCopy Identifier: com.TestCopy Version: 1.0 (1) Code Type: ARM-64 (Native) Parent Process: zsh [39528] Responsible: Terminal [35866] User ID: 501 Date/Time: 2022-01-12 16:42:46.260 +0800 OS Version: macOS 11.5.2 (20G95) Report Version: 12 Anonymous UUID: E0B2BC22-D962-08D8-722C-C14C3BAB9198 Sleep/Wake UUID: 2E799BE2-F5B7-4026-9B0F-5D3C84A4914D Time Awake Since Boot: 40000 seconds Time Since Wake: 4000 seconds System Integrity Protection: disabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x00000001026d0000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Bus error: 10 Termination Reason: Namespace SIGNAL, Code 0xa Terminating Process: exc handler [42746] VM Regions Near 0x1026d0000: VM_ALLOCATE 1026cc000-1026d0000 [ 16K] r--/r-- SM=PRV --> VM_ALLOCATE 1026d0000-1026d4000 [ 16K] r-x/rwx SM=COW CG image 1026d4000-1026d8000 [ 16K] rw-/rwx SM=PRV Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.CoreFoundation 0x0000000183ab5d24 CFPasteboardCopyData + 1144 1 com.apple.CoreFoundation 0x0000000183ab5d1c CFPasteboardCopyData + 1136 2 com.TestCopy 0x000000010246ec54 new_CFPasteboardCopyData + 56 (ViewController.m:51) 3 com.apple.HIToolbox 0x000000018b9e0628 isPrefsGetDefaultAsciiKeyboardLayout + 164 4 com.apple.HIToolbox 0x000000018b9e015c isPrefsCreateCacheFromEnabledAndDefaultInputSources + 40 5 com.apple.HIToolbox 0x000000018b9dfa64 islGetInputSourceListWithAdditions + 316 6 com.apple.HIToolbox 0x000000018b9f2e8c _HaveOnlyOneKeyboardInputSource + 20 7 com.apple.HIToolbox 0x000000018b9f2dd8 isCreateCurrentKeyboardInputSourceRef + 60 8 com.apple.HIToolbox 0x000000018b9f2b90 TSMCurrentKeyboardInputSourceRefCreate + 96 9 com.apple.HIToolbox 0x000000018b9fb3bc TSMCurrentKeyboardLayoutInputSourceRefCreate + 72 10 com.apple.HIToolbox 0x000000018b9fb328 TISCopyCurrentKeyboardLayoutInputSource + 24 11 com.apple.AppKit 0x000000018691b4ec __ScheduleKeyboardAwareShortcutUpdate_block_invoke_2 + 112 12 com.apple.CoreFoundation 0x0000000183aba530 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28 13 com.apple.CoreFoundation 0x0000000183aba3a4 __CFRunLoopDoBlocks + 408 14 com.apple.CoreFoundation 0x0000000183ab9030 __CFRunLoopRun + 800 15 com.apple.CoreFoundation 0x0000000183ab8598 CFRunLoopRunSpecific + 600 16 com.apple.HIToolbox 0x000000018b9dd280 RunCurrentEventLoopInMode + 292 17 com.apple.HIToolbox 0x000000018b9dcf0c ReceiveNextEventCommon + 320 18 com.apple.HIToolbox 0x000000018b9dcdb4 _BlockUntilNextEventMatchingListInModeWithFilter + 72 19 com.apple.AppKit 0x00000001862a9660 _DPSNextEvent + 836 20 com.apple.AppKit 0x00000001862a8000 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1292 21 com.apple.AppKit 0x0000000186299e4c -[NSApplication run] + 596 22 com.apple.AppKit 0x000000018626b878 NSApplicationMain + 1064 23 com.TestCopy 0x000000010246f0b4 main + 44 (main.m:14) 24 libdyld.dylib 0x00000001839d9430 start + 4 Thread 1: 0 libsystem_pthread.dylib 0x00000001839b65cc start_wqthread + 0 Thread 2: 0 libsystem_pthread.dylib 0x00000001839b65cc start_wqthread + 0 Thread 3: 0 libsystem_pthread.dylib 0x00000001839b65cc start_wqthread + 0 Thread 4: 0 libsystem_pthread.dylib 0x00000001839b65cc start_wqthread + 0 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x0000000148f04c40 x1: 0x0000000000000008 x2: 0x0000000148f0c4c0 x3: 0x0000000000000003 x4: 0x0000000148f0c4c0 x5: 0x0000000000000003 x6: 0x0000000000000000 x7: 0x0000000000000b80 x8: 0x000000016d991da0 x9: 0xd09670fd868100a3 x10: 0x0000000000041d40 x11: 0x0000000000179f41 x12: 0x000000006ad96e2e x13: 0x000000000000bf3d x14: 0x00000000a4429313 x15: 0x000000000000bf3d x16: 0x000000018380a730 x17: 0x00000001f2430478 x18: 0x0000000150043940 x19: 0x00000001026d0000 x20: 0x000000014a10f5b0 x21: 0x00000000fffffff8 x22: 0x0000000183e1ed92 x23: 0x000000016d991da0 x24: 0x000000016d991da0 x25: 0x000000016d991d70 x26: 0x0000000000000000 x27: 0x00000001e2dfc000 x28: 0x00000001e2dfc000 fp: 0x000000016d991e30 lr: 0x3a53000183ab5d1c sp: 0x000000016d991c90 pc: 0x0000000183ab5d24 cpsr: 0x60000000 far: 0x00000001026d0000 esr: 0x9200004f Binary Images: External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 992 thread_create: 0 thread_set_state: 9874 VM Region Summary: ReadOnly portion of Libraries: Total=774.7M resident=0K(0%) swapped_out_or_unallocated=774.7M(100%) Writable regions: Total=1.2G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=1.2G(100%)
代码:
unsigned long (*ori_CFPasteboardCopyData)(PasteboardRef pasteboard, CFIndex item, CFIndex flavor, CFStringRef data); unsigned long (*ori_CFPasteboardSetData)(PasteboardRef pasteboard, CFIndex item, CFStringRef flavor, CFDataRef data, CFOptionFlags flags); //Set unsigned long new_CFPasteboardSetData(PasteboardRef pasteboard, CFIndex item, CFStringRef flavor, CFDataRef data, CFOptionFlags flags) { printf("ori_CFPasteboardSetData = [%016lx] \n",(unsigned long)ori_CFPasteboardSetData); return ori_CFPasteboardSetData(pasteboard, item, flavor, data, flags); } ////Copy unsigned long new_CFPasteboardCopyData(PasteboardRef pasteboard, CFIndex item, CFIndex flavor, CFStringRef data) { printf("ori_CFPasteboardCopyData\n"); return ori_CFPasteboardCopyData(pasteboard, item, flavor, data); } - (void)viewDidLoad { [super viewDidLoad]; int ret = 0; ret = DobbyHook((void*)DobbySymbolResolver(NULL, "CFPasteboardCopyData"), new_CFPasteboardCopyData, (void*)&ori_CFPasteboardCopyData); NSLog(@"hook CFPasteboardCopyData ret=[%d]",ret); ret = DobbyHook((void*)DobbySymbolResolver(NULL, "CFPasteboardSetData"), new_CFPasteboardSetData, (void*)&ori_CFPasteboardSetData); NSLog(@"hook CFPasteboardSetData ret=[%d]",ret); }
反汇编代码:
CoreFoundation`CFPasteboardCopyData: 0x183ab58ac <+0>: adrp x17, -527483 0x183ab58b0 <+4>: add x17, x17, #0xc1c ; =0xc1c 0x183ab58b4 <+8>: br x17 0x183ab58b8 <+12>: stp x24, x23, [sp, #0x170] 0x183ab58bc <+16>: stp x22, x21, [sp, #0x180] 0x183ab58c0 <+20>: stp x20, x19, [sp, #0x190] 0x183ab58c4 <+24>: stp x29, x30, [sp, #0x1a0] 0x183ab58c8 <+28>: add x29, sp, #0x1a0 ; =0x1a0 0x183ab58cc <+32>: mov x23, x3 0x183ab58d0 <+36>: mov x21, x2 0x183ab58d4 <+40>: mov x22, x1 0x183ab58d8 <+44>: mov x20, x0 0x183ab58dc <+48>: mov x19, x8 0x183ab58e0 <+52>: adrp x8, 388947 0x183ab58e4 <+56>: ldr x8, [x8, #0xf20] 0x183ab58e8 <+60>: ldr x8, [x8] 0x183ab58ec <+64>: stur x8, [x29, #-0x48] 0x183ab58f0 <+68>: bl 0x183b90b4c ; _CFGetNonObjCTypeID 0x183ab58f4 <+72>: cmp x0, #0x35 ; =0x35 0x183ab58f8 <+76>: b.ne 0x183ab5e20 ; <+1396> 0x183ab58fc <+80>: adrp x24, 437562 0x183ab5900 <+84>: ldrb w8, [x24, #0xb2a] 0x183ab5904 <+88>: tbnz w8, #0x1, 0x183ab590c ; <+96> 0x183ab5908 <+92>: bl 0x183a69b18 ; __CF_USED 0x183ab590c <+96>: ldrb w8, [x24, #0xb2a] 0x183ab5910 <+100>: tbz w8, #0x0, 0x183ab5918 ; <+108> 0x183ab5914 <+104>: bl 0x183b912ec ; __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__ 0x183ab5918 <+108>: sub x25, x29, #0xc0 ; =0xc0 0x183ab591c <+112>: adrp x8, 437562 0x183ab5920 <+116>: ldr x24, [x8, #0xab8] 0x183ab5924 <+120>: mov x0, x24 0x183ab5928 <+124>: mov w1, #0x1 0x183ab592c <+128>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5930 <+132>: cbz w0, 0x183ab5998 ; <+236> 0x183ab5934 <+136>: ldr x8, [x20, #0x10] 0x183ab5938 <+140>: ldr x9, [x20, #0x20] 0x183ab593c <+144>: mov w10, #0x502 0x183ab5940 <+148>: movk w10, #0x842, lsl #16 0x183ab5944 <+152>: stur w10, [x29, #-0x90] 0x183ab5948 <+156>: stur x8, [x25, #0x34] 0x183ab594c <+160>: mov w8, #0x842 0x183ab5950 <+164>: sturh w8, [x29, #-0x84] 0x183ab5954 <+168>: stur x9, [x25, #0x3e] 0x183ab5958 <+172>: mov w9, #0x800 0x183ab595c <+176>: sturh w9, [x29, #-0x7a] 0x183ab5960 <+180>: stur x22, [x29, #-0x78] 0x183ab5964 <+184>: sturh w9, [x29, #-0x70] 0x183ab5968 <+188>: stur x21, [x25, #0x52] 0x183ab596c <+192>: sturh w8, [x29, #-0x66] 0x183ab5970 <+196>: stur x23, [x25, #0x5c] 0x183ab5974 <+200>: adrp x0, -127 0x183ab5978 <+204>: add x0, x0, #0x0 ; =0x0 0x183ab597c <+208>: adrp x3, 1056 0x183ab5980 <+212>: add x3, x3, #0xef9 ; =0xef9 0x183ab5984 <+216>: sub x4, x29, #0x90 ; =0x90 0x183ab5988 <+220>: mov x1, x24 0x183ab598c <+224>: mov w2, #0x1 0x183ab5990 <+228>: mov w5, #0x34 0x183ab5994 <+232>: bl 0x183c1316c ; symbol stub for: _os_log_impl 0x183ab5998 <+236>: sub x24, x29, #0x90 ; =0x90 0x183ab599c <+240>: stp xzr, x24, [x29, #-0x90] 0x183ab59a0 <+244>: adrp x8, 555 0x183ab59a4 <+248>: ldr d0, [x8, #0x148] 0x183ab59a8 <+252>: stur d0, [x29, #-0x80] 0x183ab59ac <+256>: adrp x8, 361504 0x183ab59b0 <+260>: add x8, x8, #0x68a ; =0x68a 0x183ab59b4 <+264>: stur x8, [x29, #-0x78] 0x183ab59b8 <+268>: mov w8, #-0x8 0x183ab59bc <+272>: stur w8, [x29, #-0x70] 0x183ab59c0 <+276>: stp xzr, xzr, [x29, #-0x60] 0x183ab59c4 <+280>: stur xzr, [x29, #-0x68] 0x183ab59c8 <+284>: adrp x1, 439191 0x183ab59cc <+288>: add x1, x1, #0x2e8 ; =0x2e8 0x183ab59d0 <+292>: mov x0, x23 0x183ab59d4 <+296>: bl 0x183a4085c ; CFEqual 0x183ab59d8 <+300>: cmp w0, #0x0 ; =0x0 0x183ab59dc <+304>: cset w8, ne 0x183ab59e0 <+308>: adrp x9, 439191 0x183ab59e4 <+312>: add x9, x9, #0x308 ; =0x308 0x183ab59e8 <+316>: csel x9, x23, x9, eq 0x183ab59ec <+320>: add x10, sp, #0xb0 ; =0xb0 0x183ab59f0 <+324>: stp xzr, x10, [sp, #0xb0] 0x183ab59f4 <+328>: adrp x11, 555 0x183ab59f8 <+332>: ldr d0, [x11, #0x158] 0x183ab59fc <+336>: str d0, [sp, #0xc0] 0x183ab5a00 <+340>: add x11, x10, #0x18 ; =0x18 0x183ab5a04 <+344>: adrp x16, 205 0x183ab5a08 <+348>: add x16, x16, #0xf3c ; =0xf3c 0x183ab5a0c <+352>: pacia x16, x11 0x183ab5a10 <+356>: str x16, [sp, #0xc8] 0x183ab5a14 <+360>: add x11, x10, #0x20 ; =0x20 0x183ab5a18 <+364>: adrp x16, 205 0x183ab5a1c <+368>: add x16, x16, #0xf4c ; =0xf4c 0x183ab5a20 <+372>: pacia x16, x11 0x183ab5a24 <+376>: stp x16, xzr, [sp, #0xd0] 0x183ab5a28 <+380>: add x11, sp, #0x80 ; =0x80 0x183ab5a2c <+384>: stp xzr, x11, [sp, #0x80] 0x183ab5a30 <+388>: str d0, [sp, #0x90] 0x183ab5a34 <+392>: add x12, x11, #0x18 ; =0x18 0x183ab5a38 <+396>: adrp x16, 205 0x183ab5a3c <+400>: add x16, x16, #0xf3c ; =0xf3c 0x183ab5a40 <+404>: pacia x16, x12 0x183ab5a44 <+408>: str x16, [sp, #0x98] 0x183ab5a48 <+412>: add x12, x11, #0x20 ; =0x20 0x183ab5a4c <+416>: adrp x16, 205 0x183ab5a50 <+420>: add x16, x16, #0xf4c ; =0xf4c 0x183ab5a54 <+424>: pacia x16, x12 0x183ab5a58 <+428>: stp x16, xzr, [sp, #0xa0] 0x183ab5a5c <+432>: ldr x0, [x20, #0x18] 0x183ab5a60 <+436>: add x12, sp, #0x20 ; =0x20 0x183ab5a64 <+440>: adrp x16, 388947 0x183ab5a68 <+444>: ldr x16, [x16, #0xf10] 0x183ab5a6c <+448>: mov x17, x12 0x183ab5a70 <+452>: movk x17, #0x6ae1, lsl #48 0x183ab5a74 <+456>: pacda x16, x17 0x183ab5a78 <+460>: str x16, [sp, #0x20] 0x183ab5a7c <+464>: adrp x13, 365 0x183ab5a80 <+468>: ldr d0, [x13, #0xb98] 0x183ab5a84 <+472>: str d0, [sp, #0x28] 0x183ab5a88 <+476>: add x12, x12, #0x10 ; =0x10 0x183ab5a8c <+480>: adrp x13, 439181 0x183ab5a90 <+484>: add x13, x13, #0x828 ; =0x828 0x183ab5a94 <+488>: adrp x16, 0 0x183ab5a98 <+492>: add x16, x16, #0xf04 ; =0xf04 0x183ab5a9c <+496>: pacia x16, x12 0x183ab5aa0 <+500>: stp x16, x13, [sp, #0x30] 0x183ab5aa4 <+504>: stp x22, x21, [sp, #0x60] 0x183ab5aa8 <+508>: str x9, [sp, #0x70] 0x183ab5aac <+512>: stp x24, x10, [sp, #0x40] 0x183ab5ab0 <+516>: strb w8, [sp, #0x78] 0x183ab5ab4 <+520>: stp x11, x20, [sp, #0x50] 0x183ab5ab8 <+524>: add x1, sp, #0x20 ; =0x20 0x183ab5abc <+528>: bl 0x183c137ec ; symbol stub for: dispatch_sync 0x183ab5ac0 <+532>: ldr x21, [sp, #0xb8] 0x183ab5ac4 <+536>: ldr x8, [x21, #0x28] 0x183ab5ac8 <+540>: cbz x8, 0x183ab5b1c ; <+624> 0x183ab5acc <+544>: adrp x8, 437562 0x183ab5ad0 <+548>: ldr x20, [x8, #0xad8] 0x183ab5ad4 <+552>: mov x0, x20 0x183ab5ad8 <+556>: mov w1, #0x2 0x183ab5adc <+560>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5ae0 <+564>: cbnz w0, 0x183ab5d80 ; <+1236> 0x183ab5ae4 <+568>: ldr x0, [x21, #0x28] 0x183ab5ae8 <+572>: mov x9, x0 0x183ab5aec <+576>: ldr x10, [x9, #0x10]! 0x183ab5af0 <+580>: mov x8, sp 0x183ab5af4 <+584>: blraa x10, x9 0x183ab5af8 <+588>: ldur x8, [x29, #-0x88] 0x183ab5afc <+592>: ldp q0, q1, [sp] 0x183ab5b00 <+596>: stp q0, q1, [x8, #0x20] 0x183ab5b04 <+600>: ldr x8, [sp, #0xb8] 0x183ab5b08 <+604>: ldr x0, [x8, #0x28] 0x183ab5b0c <+608>: bl 0x183c141cc ; symbol stub for: objc_release 0x183ab5b10 <+612>: adrp x22, 873 0x183ab5b14 <+616>: add x22, x22, #0xd92 ; =0xd92 0x183ab5b18 <+620>: b 0x183ab5b3c ; <+656> 0x183ab5b1c <+624>: ldur x8, [x29, #-0x88] 0x183ab5b20 <+628>: ldr x8, [x8, #0x30] 0x183ab5b24 <+632>: adrp x9, 873 0x183ab5b28 <+636>: add x9, x9, #0xd8a ; =0xd8a 0x183ab5b2c <+640>: adrp x10, 873 0x183ab5b30 <+644>: add x10, x10, #0xd92 ; =0xd92 0x183ab5b34 <+648>: cmp x8, #0x0 ; =0x0 0x183ab5b38 <+652>: csel x22, x10, x9, eq 0x183ab5b3c <+656>: ldr x23, [sp, #0x88] 0x183ab5b40 <+660>: ldr x8, [x23, #0x28] 0x183ab5b44 <+664>: cbz x8, 0x183ab5be8 ; <+828> 0x183ab5b48 <+668>: adrp x21, 437562 0x183ab5b4c <+672>: ldr x20, [x21, #0xaf0] 0x183ab5b50 <+676>: mov x0, x20 0x183ab5b54 <+680>: mov w1, #0x2 0x183ab5b58 <+684>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5b5c <+688>: cbnz w0, 0x183ab5db0 ; <+1284> 0x183ab5b60 <+692>: ldr x0, [x23, #0x28] 0x183ab5b64 <+696>: mov x9, x0 0x183ab5b68 <+700>: ldr x10, [x9, #0x10]! 0x183ab5b6c <+704>: sub x8, x29, #0xc0 ; =0xc0 0x183ab5b70 <+708>: blraa x10, x9 0x183ab5b74 <+712>: ldr x8, [sp, #0x88] 0x183ab5b78 <+716>: ldr x0, [x8, #0x28] 0x183ab5b7c <+720>: bl 0x183c141cc ; symbol stub for: objc_release 0x183ab5b80 <+724>: ldur x0, [x29, #-0xb0] 0x183ab5b84 <+728>: cbz x0, 0x183ab5bd4 ; <+808> 0x183ab5b88 <+732>: mov x1, #0x0 0x183ab5b8c <+736>: mov x2, #0x0 0x183ab5b90 <+740>: bl 0x183b82b24 ; _CFPasteboardConsumeSandboxExtensionData 0x183ab5b94 <+744>: mov x20, x0 0x183ab5b98 <+748>: ldur x0, [x29, #-0xb0] 0x183ab5b9c <+752>: bl 0x183a41fc8 ; CFRelease 0x183ab5ba0 <+756>: cbz w20, 0x183ab5be8 ; <+828> 0x183ab5ba4 <+760>: adrp x8, 389469 0x183ab5ba8 <+764>: ldrb w8, [x8, #0x4c8] 0x183ab5bac <+768>: cmp w8, #0x1 ; =0x1 0x183ab5bb0 <+772>: b.ne 0x183ab5be8 ; <+828> 0x183ab5bb4 <+776>: bl 0x183a77ef0 ; CFNotificationCenterGetLocalCenter 0x183ab5bb8 <+780>: adrp x1, 439191 0x183ab5bbc <+784>: add x1, x1, #0x328 ; =0x328 0x183ab5bc0 <+788>: mov x2, #0x0 0x183ab5bc4 <+792>: mov x3, #0x0 0x183ab5bc8 <+796>: mov w4, #0x1 0x183ab5bcc <+800>: bl 0x183b14ddc ; CFNotificationCenterPostNotification 0x183ab5bd0 <+804>: b 0x183ab5be8 ; <+828> 0x183ab5bd4 <+808>: ldr x20, [x21, #0xaf0] 0x183ab5bd8 <+812>: mov x0, x20 0x183ab5bdc <+816>: mov w1, #0x10 0x183ab5be0 <+820>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5be4 <+824>: cbnz w0, 0x183ab5de0 ; <+1332> 0x183ab5be8 <+828>: ldur x23, [x29, #-0x88] 0x183ab5bec <+832>: ldr x21, [x23, #0x30] 0x183ab5bf0 <+836>: cbz x21, 0x183ab5c80 ; <+980> 0x183ab5bf4 <+840>: adrp x8, 437562 0x183ab5bf8 <+844>: ldr x20, [x8, #0xac0] 0x183ab5bfc <+848>: mov x0, x20 0x183ab5c00 <+852>: mov w1, #0x1 0x183ab5c04 <+856>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5c08 <+860>: cbz w0, 0x183ab5d1c ; <+1136> 0x183ab5c0c <+864>: ldr w24, [x23, #0x20] 0x183ab5c10 <+868>: ldr x23, [x23, #0x28] 0x183ab5c14 <+872>: mov x0, x21 0x183ab5c18 <+876>: bl 0x183a52400 ; CFDataGetLength 0x183ab5c1c <+880>: ldur x8, [x29, #-0x88] 0x183ab5c20 <+884>: ldr x8, [x8, #0x38] 0x183ab5c24 <+888>: mov w9, #0x502 0x183ab5c28 <+892>: movk w9, #0x822, lsl #16 0x183ab5c2c <+896>: stur w9, [x29, #-0xc0] 0x183ab5c30 <+900>: stur x22, [x25, #0x4] 0x183ab5c34 <+904>: mov w9, #0x400 0x183ab5c38 <+908>: sturh w9, [x29, #-0xb4] 0x183ab5c3c <+912>: stur w24, [x25, #0xe] 0x183ab5c40 <+916>: mov w9, #0x800 0x183ab5c44 <+920>: sturh w9, [x29, #-0xae] 0x183ab5c48 <+924>: stur x23, [x25, #0x14] 0x183ab5c4c <+928>: sturh w9, [x29, #-0xa4] 0x183ab5c50 <+932>: stur x0, [x25, #0x1e] 0x183ab5c54 <+936>: sturh w9, [x29, #-0x9a] 0x183ab5c58 <+940>: stur x8, [x29, #-0x98] 0x183ab5c5c <+944>: adrp x0, -127 0x183ab5c60 <+948>: add x0, x0, #0x0 ; =0x0 0x183ab5c64 <+952>: adrp x3, 1056 0x183ab5c68 <+956>: add x3, x3, #0xff0 ; =0xff0 0x183ab5c6c <+960>: sub x4, x29, #0xc0 ; =0xc0 0x183ab5c70 <+964>: mov x1, x20 0x183ab5c74 <+968>: mov w2, #0x1 0x183ab5c78 <+972>: mov w5, #0x30 0x183ab5c7c <+976>: b 0x183ab5d18 ; <+1132> 0x183ab5c80 <+980>: ldr w21, [x23, #0x20] 0x183ab5c84 <+984>: cbnz w21, 0x183ab5ca8 ; <+1020> 0x183ab5c88 <+988>: adrp x8, 437562 0x183ab5c8c <+992>: ldr x20, [x8, #0xad8] 0x183ab5c90 <+996>: mov x0, x20 0x183ab5c94 <+1000>: mov w1, #0x10 0x183ab5c98 <+1004>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5c9c <+1008>: cbnz w0, 0x183ab5dec ; <+1344> 0x183ab5ca0 <+1012>: mov w21, #-0xa 0x183ab5ca4 <+1016>: str w21, [x23, #0x20] 0x183ab5ca8 <+1020>: adrp x8, 437562 0x183ab5cac <+1024>: ldr x20, [x8, #0xac0] 0x183ab5cb0 <+1028>: mov x0, x20 0x183ab5cb4 <+1032>: mov w1, #0x1 0x183ab5cb8 <+1036>: bl 0x183c1439c ; symbol stub for: os_log_type_enabled 0x183ab5cbc <+1040>: cbz w0, 0x183ab5d1c ; <+1136> 0x183ab5cc0 <+1044>: ldr x8, [x23, #0x28] 0x183ab5cc4 <+1048>: ldr x9, [x23, #0x38] 0x183ab5cc8 <+1052>: mov w10, #0x402 0x183ab5ccc <+1056>: movk w10, #0x822, lsl #16 0x183ab5cd0 <+1060>: stur w10, [x29, #-0xc0] 0x183ab5cd4 <+1064>: stur x22, [x25, #0x4] 0x183ab5cd8 <+1068>: mov w10, #0x400 0x183ab5cdc <+1072>: sturh w10, [x29, #-0xb4] 0x183ab5ce0 <+1076>: stur w21, [x25, #0xe] 0x183ab5ce4 <+1080>: mov w10, #0x800 0x183ab5ce8 <+1084>: sturh w10, [x29, #-0xae] 0x183ab5cec <+1088>: stur x8, [x25, #0x14] 0x183ab5cf0 <+1092>: sturh w10, [x29, #-0xa4] 0x183ab5cf4 <+1096>: stur x9, [x25, #0x1e] 0x183ab5cf8 <+1100>: adrp x0, -127 0x183ab5cfc <+1104>: add x0, x0, #0x0 ; =0x0 0x183ab5d00 <+1108>: adrp x3, 1057 0x183ab5d04 <+1112>: add x3, x3, #0x78 ; =0x78 0x183ab5d08 <+1116>: sub x4, x29, #0xc0 ; =0xc0 0x183ab5d0c <+1120>: mov x1, x20 0x183ab5d10 <+1124>: mov w2, #0x1 0x183ab5d14 <+1128>: mov w5, #0x26 0x183ab5d18 <+1132>: bl 0x183c1316c ; symbol stub for: _os_log_impl 0x183ab5d1c <+1136>: ldur x8, [x29, #-0x88] 0x183ab5d20 <+1140>: ldp q0, q1, [x8, #0x20] 0x183ab5d24 <+1144>: stp q0, q1, [x19] 0x183ab5d28 <+1148>: add x0, sp, #0x80 ; =0x80 0x183ab5d2c <+1152>: mov w1, #0x8 0x183ab5d30 <+1156>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5d34 <+1160>: add x0, sp, #0xb0 ; =0xb0 0x183ab5d38 <+1164>: mov w1, #0x8 0x183ab5d3c <+1168>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5d40 <+1172>: sub x0, x29, #0x90 ; =0x90 0x183ab5d44 <+1176>: mov w1, #0x8 0x183ab5d48 <+1180>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5d4c <+1184>: ldur x8, [x29, #-0x48] 0x183ab5d50 <+1188>: adrp x9, 388947 0x183ab5d54 <+1192>: ldr x9, [x9, #0xf20] 0x183ab5d58 <+1196>: ldr x9, [x9] 0x183ab5d5c <+1200>: cmp x9, x8 0x183ab5d60 <+1204>: b.ne 0x183ab5e1c ; <+1392> 0x183ab5d64 <+1208>: ldp x29, x30, [sp, #0x1a0] 0x183ab5d68 <+1212>: ldp x20, x19, [sp, #0x190] 0x183ab5d6c <+1216>: ldp x22, x21, [sp, #0x180] 0x183ab5d70 <+1220>: ldp x24, x23, [sp, #0x170] 0x183ab5d74 <+1224>: ldp x26, x25, [sp, #0x160] 0x183ab5d78 <+1228>: add sp, sp, #0x1b0 ; =0x1b0 0x183ab5d7c <+1232>: retab 0x183ab5d80 <+1236>: sturh wzr, [x29, #-0xc0] 0x183ab5d84 <+1240>: adrp x0, -127 0x183ab5d88 <+1244>: add x0, x0, #0x0 ; =0x0 0x183ab5d8c <+1248>: adrp x3, 1056 0x183ab5d90 <+1252>: add x3, x3, #0xf9f ; =0xf9f 0x183ab5d94 <+1256>: sub x4, x29, #0xc0 ; =0xc0 0x183ab5d98 <+1260>: mov x1, x20 0x183ab5d9c <+1264>: mov w2, #0x2 0x183ab5da0 <+1268>: mov w5, #0x2 0x183ab5da4 <+1272>: bl 0x183c1313c ; symbol stub for: _os_log_debug_impl 0x183ab5da8 <+1276>: ldr x21, [sp, #0xb8] 0x183ab5dac <+1280>: b 0x183ab5ae4 ; <+568> 0x183ab5db0 <+1284>: sturh wzr, [x29, #-0xc0] 0x183ab5db4 <+1288>: adrp x0, -127 0x183ab5db8 <+1292>: add x0, x0, #0x0 ; =0x0 0x183ab5dbc <+1296>: adrp x3, 1056 0x183ab5dc0 <+1300>: add x3, x3, #0xfb0 ; =0xfb0 0x183ab5dc4 <+1304>: sub x4, x29, #0xc0 ; =0xc0 0x183ab5dc8 <+1308>: mov x1, x20 0x183ab5dcc <+1312>: mov w2, #0x2 0x183ab5dd0 <+1316>: mov w5, #0x2 0x183ab5dd4 <+1320>: bl 0x183c1313c ; symbol stub for: _os_log_debug_impl 0x183ab5dd8 <+1324>: ldr x23, [sp, #0x88] 0x183ab5ddc <+1328>: b 0x183ab5b60 ; <+692> 0x183ab5de0 <+1332>: mov x0, x20 0x183ab5de4 <+1336>: bl 0x183c03ef0 ; CFPasteboardCopyData.cold.1 0x183ab5de8 <+1340>: b 0x183ab5be8 ; <+828> 0x183ab5dec <+1344>: sturh wzr, [x29, #-0xc0] 0x183ab5df0 <+1348>: adrp x0, -127 0x183ab5df4 <+1352>: add x0, x0, #0x0 ; =0x0 0x183ab5df8 <+1356>: adrp x3, 1057 0x183ab5dfc <+1360>: add x3, x3, #0x35 ; =0x35 0x183ab5e00 <+1364>: sub x4, x29, #0xc0 ; =0xc0 0x183ab5e04 <+1368>: mov x1, x20 0x183ab5e08 <+1372>: mov w2, #0x10 0x183ab5e0c <+1376>: mov w5, #0x2 0x183ab5e10 <+1380>: bl 0x183c1314c ; symbol stub for: _os_log_error_impl 0x183ab5e14 <+1384>: ldur x23, [x29, #-0x88] 0x183ab5e18 <+1388>: b 0x183ab5ca0 ; <+1012> 0x183ab5e1c <+1392>: bl 0x183c12f3c ; symbol stub for: __stack_chk_fail 0x183ab5e20 <+1396>: mov x1, x0 0x183ab5e24 <+1400>: mov w0, #0x35 0x183ab5e28 <+1404>: bl 0x183c06088 ; _CFAssertMismatchedTypeID 0x183ab5e2c <+1408>: b 0x183ab5e40 ; <+1428> 0x183ab5e30 <+1412>: mov x19, x0 0x183ab5e34 <+1416>: b 0x183ab5e5c ; <+1456> 0x183ab5e38 <+1420>: b 0x183ab5e40 ; <+1428> 0x183ab5e3c <+1424>: b 0x183ab5e40 ; <+1428> 0x183ab5e40 <+1428>: mov x19, x0 0x183ab5e44 <+1432>: add x0, sp, #0x80 ; =0x80 0x183ab5e48 <+1436>: mov w1, #0x8 0x183ab5e4c <+1440>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5e50 <+1444>: add x0, sp, #0xb0 ; =0xb0 0x183ab5e54 <+1448>: mov w1, #0x8 0x183ab5e58 <+1452>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5e5c <+1456>: sub x0, x29, #0x90 ; =0x90 0x183ab5e60 <+1460>: mov w1, #0x8 0x183ab5e64 <+1464>: bl 0x183c12dcc ; symbol stub for: _Block_object_dispose 0x183ab5e68 <+1468>: mov x0, x19 0x183ab5e6c <+1472>: bl 0x183c12e5c ; symbol stub for: _Unwind_Resume 0x183ab5e70 <+1476>: brk #0x1
在 M1 上 hook 系统函数CFPasteboardCopyData会崩溃,其他的函数如CFPasteboardSetData不会。
dobby版本: master分支最新代码
环境: M1 macOS 11.5.2
系统崩溃报告:
代码:
反汇编代码: