IDA反汇编/反编译静态分析iOS模拟器程序（四）反汇编的符号信息与改名

首先看看windows IDA和xcode的反汇编有什么不同。因为不确定直接分析UIKit的代码会不会有法律问题，还是自己写个例子吧。分析UIKit的时候因为没有完整的debugging symbols，所以得到的反汇编信息会比自己写的代码较少。

一个在命名空间ANameSpace的类DataInternal，一个DataModel的C++类，一个继承自UIButton的TestButton。演示的是TestButton的printLog函数。

这是源码：

namespace ANameSpace
{
    class DataInternal
    {
        int m_sample;
    public:
        void add();
    };
}

class DataModel {
    int m_count;
    int m_index;
    float m_number;
    std::vector<long> m_longData;
    double m_value;
    char m_name[10];
    ANameSpace::DataInternal m_internal;
    static DataModel* s_sharedInstance;
    DataModel();
public:
    int count();
    int index() { return m_index; }
    float number();
    static DataModel *sharedInstance();
    double getValueAfterAddedNumber(double number);
    void addLongData(long data);
};

class DataModel;

@interface TestButton : UIButton
{
    DataModel *m_model;
    NSString *m_printLog;
}

- (bool)inWindow;
@property (nonatomic, assign) DataModel *model;

@end

@interface TestButton (Construct)

+ (TestButton*)createAButton;
- (id)initWithNothing:(id)nilPointer;

@end

@interface TestButton (Test)

- (void)setParam1:(CGRect)p1 para2:(CGFloat)p2;
- (NSString*)printLog;

@end

- (NSString*)printLog
{
    if (m_model->count() == 0)
    {
        if (m_printLog)
            return m_printLog;
        else
            return @"ok";
    }
    else if (m_model->count() == 1)
    {
        if ([self model])
            return @"fine";
        else
            return @"error";
    }
    else
        return m_printLog;
}

这是IDA得到的反汇编：

__text:000026B5 ; =============== S U B R O U T I N E =======================================
__text:000026B5
__text:000026B5 ; Attributes: bp-based frame
__text:000026B5
__text:000026B5 __TestButton_Test__printLog_ proc near
__text:000026B5
__text:000026B5 arg_0           = dword ptr  8
__text:000026B5
__text:000026B5                 push    ebp
__text:000026B6                 mov     ebp, esp
__text:000026B8                 push    ebx
__text:000026B9                 push    edi
__text:000026BA                 push    esi
__text:000026BB                 sub     esp, 0Ch
__text:000026BE                 call    $+5
__text:000026C3                 pop     esi
__text:000026C4                 mov     ebx, ds:(_OBJC_IVAR_$_TestButton_m_model - 26C3h)[esi]
__text:000026CA                 mov     edi, [ebp+arg_0]
__text:000026CD                 mov     eax, [edi+ebx]
__text:000026D0                 mov     [esp], eax
__text:000026D3                 call    __ZN9DataModel5countEv ; DataModel::count(void)
__text:000026D8                 test    eax, eax
__text:000026DA                 jz      short loc_2713
__text:000026DC                 mov     eax, [edi+ebx]
__text:000026DF                 mov     [esp], eax
__text:000026E2                 call    __ZN9DataModel5countEv ; DataModel::count(void)
__text:000026E7                 cmp     eax, 1
__text:000026EA                 jnz     short loc_2729
__text:000026EC                 mov     eax, ds:(off_57FC - 26C3h)[esi]
__text:000026F2                 mov     [esp+4], eax
__text:000026F6                 mov     [esp], edi
__text:000026F9                 call    _objc_msgSend
__text:000026FE                 mov     ecx, eax
__text:00002700                 lea     edx, (cfstr_Error.isa - 26C3h)[esi] ; "error"
__text:00002706                 lea     eax, (cfstr_Fine.isa - 26C3h)[esi] ; "fine"
__text:0000270C                 test    ecx, ecx
__text:0000270E                 cmovz   eax, edx
__text:00002711                 jmp     short loc_2732
__text:00002713 ; ---------------------------------------------------------------------------
__text:00002713
__text:00002713 loc_2713:                               ; CODE XREF: __TestButton_Test__printLog_+25