Last active
February 17, 2022 14:48
-
-
Save samdmarshall/17f4e66b5e2e579fd396 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #include <objc/objc-api.h> | |
| #include <objc/runtime.h> | |
| #include <malloc/malloc.h> | |
| #include <mach/mach.h> | |
| @interface TEST : NSObject | |
| @end | |
| @implementation TEST | |
| @end | |
| @interface lolol : TEST | |
| @end | |
| @implementation lolol | |
| @end | |
| static Class * internalClassList; | |
| static uint64_t classCount; | |
| void CanHasObjects(task_t task, void * context, unsigned type, vm_range_t * addr, unsigned count) { | |
| for (uint64_t index = 0; index < count; index++) { | |
| vm_range_t *range = &addr[index]; | |
| uintptr_t *address = ((uintptr_t *)range->address)[0]; | |
| size_t size = range->size; | |
| if (size >= sizeof(Class) && address != NULL) { | |
| for (uint64_t lookupIndex = 0; lookupIndex < classCount; lookupIndex++) { | |
| Class testClass = (internalClassList[lookupIndex]); | |
| if (address == testClass) { | |
| printf("0x%016x -- Class: %s\n",address, object_getClassName((__bridge id)address)); | |
| break; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| int main(int argc, const char * argv[]) { | |
| TEST *a = [[TEST alloc] init]; | |
| lolol *b = [[lolol alloc] init]; | |
| internalClassList = objc_copyClassList(&classCount); | |
| vm_address_t *zones; | |
| uint64_t count; | |
| kern_return_t error = malloc_get_all_zones(mach_task_self(), NULL, &zones, &count); | |
| if (error == KERN_SUCCESS) { | |
| for (uint64_t index = 0; index < count; index++) { | |
| malloc_zone_t *zone = (malloc_zone_t *)zones[index]; | |
| if (zone != NULL && zone->introspect != NULL) { | |
| zone->introspect->enumerator(mach_task_self(), NULL, MALLOC_PTR_IN_USE_RANGE_TYPE, zone, NULL, &CanHasObjects); | |
| } | |
| } | |
| } | |
| return 0; | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007b64a840 -- Class: __NSPlaceholderArray | |
| 0x000000007b64a750 -- Class: __NSArrayI | |
| 0x000000007d467d80 -- Class: OS_xpc_dictionary | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467990 -- Class: OS_xpc_string | |
| 0x000000007d467ed0 -- Class: OS_xpc_domain | |
| 0x000000007c810a10 -- Class: OS_dispatch_queue | |
| 0x000000007d468170 -- Class: OS_xpc_pipe | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64b060 -- Class: __NSCFType | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64acf0 -- Class: __NSCFDictionary | |
| 0x000000007b64acf0 -- Class: __NSCFDictionary | |
| 0x000000007b64acf0 -- Class: __NSCFDictionary | |
| 0x000000007b64a840 -- Class: __NSPlaceholderArray | |
| 0x000000007b64a390 -- Class: __NSCFString | |
| 0x000000007b64a750 -- Class: __NSArrayI | |
| 0x00000000000011c0 -- Class: TEST | |
| 0x0000000000001210 -- Class: lolol | |
| 0x000000007b64ab38 -- Class: __NSDictionaryM | |
| 0x000000007b64ab10 -- Class: __NSDictionaryI | |
| 0x000000007b413810 -- Class: NSObject | |
| 0x000000007b64ac00 -- Class: __NSPlaceholderDictionary | |
| 0x000000007b64ac00 -- Class: __NSPlaceholderDictionary | |
| 0x000000007cc763a0 -- Class: NSLock | |
| 0x000000007cc763a0 -- Class: NSLock | |
| 0x000000007cc763a0 -- Class: NSLock | |
| 0x000000007cc76440 -- Class: NSRecursiveLock | |
| 0x000000007cc763a0 -- Class: NSLock | |
| 0x000000007cc76440 -- Class: NSRecursiveLock | |
| 0x000000007cc76440 -- Class: NSRecursiveLock | |
| 0x000000007b64acf0 -- Class: __NSCFDictionary | |
| 0x000000007cc79280 -- Class: NSThread | |
| 0x000000007cc79258 -- Class: _NSThreadData | |
| 0x000000007b64af20 -- Class: NSBlockInvocation | |
| Program ended with exit code: 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi!,i read this code ,but "address" is not the name of class but like"0x000020201"this ,so the address == testClass is not real(i use xcode8.1 and command line)