Code Injection from Scratch

CODE INJECTION FROM SCRATCH TRY! SWIFT - MARCH 5TH 2016
DANIEL HAIGHT - @DANIEL1OF1

class Foo { dynamic //this is suspicious func bar() ->
String { return "try! Swift" } }

class ViewController: UIViewController { ... let textView = UITextView() let
foo = Foo() override func viewDidLoad() { ... self.updateTextViewText() } ... func updateTextViewText() { self.textView.text = self.foo.bar() } }

import ObjectiveC.runtime class Foo { dynamic //we'll address it don't
worry func bar() -> String { return "try! Swift" } }

import ObjectiveC.runtime class Foo { dynamic func bar() -> String
{ return "try! Swift" } dynamic func new_bar() -> String { return "try! ObjC" } func updateMethod() { ... } }

let originalClass = Foo.self let originalSelector = Selector("bar") let originalMethod
= class_getInstanceMethod(originalClass, originalSelector) let types = method_getTypeEncoding(originalMethod) let newMethod = class_getInstanceMethod(originalClass, "new_bar") let newImplementation = method_getImplementation(newMethod) class_replaceMethod(originalClass, originalSelector, newImplementation, types)

foo = Foo() override func viewDidLoad() { ... self.foo.updateMethod() self.updateTextViewText() } ... }

foo = Foo() override func viewDidLoad() { ... self.updateTextViewText() } func updateTextButtonPressed() { self.foo.updateMethod() self.updateTextViewText() } ... }

class Foo { ... func new_bar() -> String { return
"try! ObjC" } ... }

class Foo { ... func new_bar() -> String { return
"try! ObjC from bundle" } ... }

func updateBarMethodFromExternal() { let originalClass = Foo.self let originalSelector =
Selector("bar") let oldMethod = class_getInstanceMethod(Foo.self, originalSelector) let types = method_getTypeEncoding(oldMethod) ...

... let newClass = TrySwiftInjectable.Foo.self let newMethod = class_getInstanceMethod(newClass, "new_bar")
let newImplementation = method_getImplementation(newMethod) class_replaceMethod(originalClass, originalSelector, newImplementation, types) }

func updateBarMethodFromBundle() { NSBundle(path:"/tmp/TrySwiftInjectable.bundle")?.load() self.updateBarMethodFromExternal() }

class ViewController: UIViewController { ... func updateTextButtonPressed() { self.foo.updateBarMethodFromBundle() self.updateTextViewText()
} ... }

func method_list() -> [Method] { var outCount: CUnsignedInt = 0
var injectedMethodsList = class_copyMethodList(ViewController.self, &outCount); var methods = [Method]() for _ in 0..<outCount { methods.append(injectedMethodsList.memory) injectedMethodsList = injectedMethodsList.successor() } return methods }

let classesCount = objc_getClassList(nil, 0) let buffer = UnsafeMutablePointer<AnyClass?> .alloc(Int(classesCount))
let autoreleasingBuffer = AutoreleasingUnsafeMutablePointer<AnyClass?>(buffer) objc_getClassList(autoreleasingBuffer, classesCount) var classes = [AnyClass]() for i in 0 ..< classesCount { if let currentClass: AnyClass = buffer[Int(i)] { classes.append(currentClass) } } buffer.dealloc(Int(classesCount))

func classesFromBundlePath(path:String) -> [AnyClass] { let oldClasses = allClasses() loadBundle()
let newClasses = allClasses() let updatedClasses = newClass.minus(oldClasses) return updatedClasses }

let classes = classesForBundle(bundlePath) classes.forEach(injectNewClass)

func injectNewClass(newClass: AnyClass) { let originalClass = NSClassFromString(class_getName(newClass)) let methods
= method_list(newClass) methods.forEach { method in let newImplementation = method_getImplementation(method) let selector = method_getName(method) let types = method_getTypeEncoding(method) class_replaceMethod(originalClass, originalSelector, newImplementation, types) } }

class Foo { dynamic func bar() -> String { return
"try! Swift" } ... }

class Foo { func bar() -> String { return "try!
Swift" } ... }

WHAT IS dynamic ?

HOW DOES A SWIFT METHOD DISPATCH?

struct almost_swift_class { Class isa; Class superclass; void *cache; //cache_t
uintptr_t data_NEVER_USE; struct swift_data *swiftData; int an_int_we_dont_need_1; int an_int_we_dont_need_2; int an_int_we_dont_need_3; int an_int_we_dont_need_4; int struct_size; int an_int_we_dont_need_5; IMP vtable[20]; }

THIS IS FINE

struct almost_swift_class *newclass = (__bridge struct almost_swift_class *)injectedClass; if (
(uintptr_t)newclass->swiftData & 0x1 ) { struct almost_swift_class *oldclass = (__bridge struct almost_swift_class *)originalClass; size_t bytes = oldclass->struct_size - offsetof(struct almost_swift_class, vtable); memcpy( oldclass->vtable, newclass->vtable, bytes ); }

struct almost_swift_class *newclass = (__bridge struct almost_swift_class *)injectedClass;

size_t bytes = oldclass->struct_size - offsetof(struct almost_swift_class, vtable_start);

memcpy( oldclass->vtable_start, newclass->vtable_start, bytes );

func injectNewClass(newClass: AnyClass) { ... copySwiftVtable() }

LIVE > Trigger for when new methods are available. >
CallBack in code when new methods are available.

var reloadableObjects: [AnyObject]

relaodableObjects.forEach { $0?.injected() }

A COMPLEX THING IS BUILT OUT OF LESS COMPLEX THINGS

THANKS - John Holdsworth - Erica Sadun - Jay Freeman
- Mike Ash - Gwynne Raskind - Gwendolyn Weston - The organisers, Natasha and Translators

THANK YOU

THANK YOU > You're attention

THANK YOU > You're attention > You're Hospitality

THANK YOU > You're attention > You're Hospitality > Naruto
> Nobuo Uematsu

Code Injection from Scratch

Code Injection from Scratch

More Decks by Daniel Haight

Other Decks in Technology

Featured

Transcript