Skip to content

Syntax

Jump to bottom
uroboro edited this page Aug 30, 2018 · 13 revisions

Logos is a component of the Theos development suite that allows method hooking code to be written easily and clearly, using a set of special preprocessor directives.

Top Level

The directives in this category should not exist within a group/hook/subclass block. An exception is %hookf which can exist in a %group block.

%config

%config(Key=Value);

Set a logos configuration flag.

Configuration Flags

Key Values Notes
generator MobileSubstrate generate code that uses MobileSubstrate for hooking.
internal generate code that uses only internal Objective-C runtime methods for hooking.
warnings none suppress all warnings
default non-fatal warnings
error make all warnings fatal
dump yaml dump the internal parse tree in YAML format

%hookf

%hookf(rtype, symbolName, args...) { /* body */ }

Generate a function hook for the function named symbolName. Use a string literal in place of symbolName if the symbol should be dynamically looked up.

// Given the function prototype (only add it yourself if it's not declared in an included/imported header)
FILE *fopen(const char *path, const char *mode);

// The hook is thus made
%hookf(FILE *, fopen, const char *path, const char *mode) {
    puts("Hey, we're hooking fopen to deny relative paths!");
    if (path[0] != '/') {
        return NULL;
    }
    return %orig; // Call the original implementation of this function
}

// functions can also be looked up at runtime, if, for example, the function is in a private framework
%hookf(BOOL, "_MGGetBoolAnswer", CFStringRef string) {
    if (CFEqual(string, CFSTR("StarkCapability"))) {
        return YES;
    }
    return %orig;
}

%ctor

%ctor { /* body */ }

Generate an anonymous constructor (of default priority). This function is executed after the binary is loaded into memory. argc, argv, and envp are implicit arguments so they can be used as they would be in a main function.

%dtor

%dtor { /* body */ }

Generate an anonymous deconstructor (of default priority). This function is executed before the binary is unloaded from memory. argc, argv, and envp are implicit arguments so they can be used as they would be in a main function.

Block level

The directives in this category open a block of code which must be closed by an %end directive (shown below). These should not exist within functions or methods.

%group

%group Groupname

Begin a hook group (for conditional initialization or code organization) with the name Groupname. All ungrouped hooks are in the implicit "_ungrouped" group.

Cannot be inside another %group block.

Grouping can be used to manage backwards compatibility with older code:

%group iOS8
%hook IOS8_SPECIFIC_CLASS
    // your code here
%end // end hook
%end // end group ios8

%group iOS9
%hook IOS9_SPECIFIC_CLASS
    // your code here
%end // end hook
%end // end group ios9

%ctor {
    if (kCFCoreFoundationVersionNumber > 1200) {
        %init(iOS9);
    } else {
        %init(iOS8);
    }
}

%hook

%hook Classname

Open a hook block for the class named Classname.

Can be inside a %group block.

Here's a trivial example:

%hook SBApplicationController
- (void)uninstallApplication:(SBApplication *)application {
    NSLog(@"Hey, we're hooking uninstallApplication:!");
    %orig; // Call the original implementation of this method
}
%end

%new

%new
%new(signature)

Add a new method to a hooked class or subclass by adding this directive above the method definition. signature is the Objective-C type encoding for the new method; if it is omitted, one will be generated.

Must be inside a %hook or %group block.

Here's a common example:

%new
- (void)handleTapGesture:(UITapGestureRecognizer *)gestureRecognizer {
    NSLog(@"Recieved tap: %@", gestureRecognizer);
}

%subclass

%subclass Classname: Superclass <Protocol list>

Subclass block - the class is created at runtime and populated with methods. ivars are not yet supported (use associated objects). The %new specifier is needed for a method that doesn't exist in the superclass. To instantiate an object of the new class, you can use the %c operator.

Can be inside a %group block.

Here's an example:

%subclass MyObject : NSObject

- (id)init {
    if ((self = %orig)) {
        [self setSomeValue:@"value"];
    }
    return self;
}

//the following two new methods act as `@property (nonatomic, retain) id someValue;`
%new
- (id)someValue {
    return objc_getAssociatedObject(self, @selector(someValue));
}

%new
- (void)setSomeValue:(id)value {
    objc_setAssociatedObject(self, @selector(someValue), value, OBJC_ASSOCIATION_RETAIN_NONATOMIC);
}

%end

%ctor {
    MyObject *myObject = [[%c(MyObject) alloc] init];
    NSLog(@"myObject: %@", [myObject someValue]);
}

%property

%property (nonatomic|assign|retain|copy|weak|strong|getter|setter) Type name;

Add a property to a %subclass just like you would with @property to a normal Objective-C subclass as well as adding new properties to existing classes within %hook.

Must be inside a %subclass or %hook block.

%end

%end

Close a group/hook/subclass block.

Function level

The directives in this category should only exist within a function block.

%init

%init;
%init([<class>=<expr>, …]);
%init(Group[, [+|-]<class>=<expr>, …]);

Initialize a group (or the default group). Passing no group name will initialize "_ungrouped", and passing class=expr arguments will substitute the given expressions for those classes at initialization time. The + sigil (as in class methods in Objective-C) can be prepended to the classname to substitute an expression for the metaclass. If not specified, the sigil defaults to -, to substitute the class itself. If not specified, the metaclass is derived from the class. The class name replacement is specially useful for classes that contain characters that can't be used as the class name token for the %hook directive, such as spaces and dots.

Example:

%hook SomeClass
- (id)init {
    return %orig;
}
%end

%ctor {
    %init(SomeClass=objc_getClass("class with spaces in the name"));
}

%c

%c([+|-]Class)

Evaluates to Class at runtime. If the + sigil is specified, it evaluates to MetaClass instead of Class. If not specified, the sigil defaults to -, evaluating to Class.

%orig

%orig
%orig(args, …)

Call the original hooked method. Doesn't function in a %new'd method. Works in subclasses, strangely enough, because MobileSubstrate will generate a super-call closure at hook time. (If the hooked method doesn't exist in the class we're hooking, it creates a stub that just calls the superclass implementation.) args is passed to the original function - don't include self and _cmd, Logos does this for you.

%log

%log;
%log([(<type>)<expr>, …]);

Dump the method arguments to syslog. Typed arguments included in %log will be logged as well.

Clone this wiki locally