assembly - 如何修补 x64 程序集中的函数以始终返回 true
问题描述
我正在尝试修补 macOS 的 CoreBrightness.framework 中的函数以始终返回 true。经过数小时无望的尝试,我真的需要一些帮助。
函数如下(来自 IDA 7):
__text:0000000000036CFA ; char __cdecl -[KeyboardBrightnessClient isKeyboardBuiltIn:](KeyboardBrightnessClient *self, SEL, unsigned __int64)
__text:0000000000036CFA __KeyboardBrightnessClient_isKeyboardBuiltIn__ proc near
__text:0000000000036CFA ; DATA XREF: __objc_const:0000000000080BE8↓o
// skipped
__text:0000000000036D94
__text:0000000000036D94 loc_36D94: ; CODE XREF: -[KeyboardBrightnessClient isKeyboardBuiltIn:]+81↑j
__text:0000000000036D94 xor ebx, ebx
__text:0000000000036D96
__text:0000000000036D96 loc_36D96: ; CODE XREF: -[KeyboardBrightnessClient isKeyboardBuiltIn:]+98↑j
__text:0000000000036D96 mov rdi, r14
__text:0000000000036D99 call cs:_objc_release_ptr
__text:0000000000036D9F movzx eax, bl
__text:0000000000036DA2 pop rbx
__text:0000000000036DA3 pop r14
__text:0000000000036DA5 pop rbp
__text:0000000000036DA6 retn
__text:0000000000036DA7 ; ---------------------------------------------------------------------------
__text:0000000000036DA7
__text:0000000000036DA7 loc_36DA7: ; CODE XREF: -[KeyboardBrightnessClient isKeyboardBuiltIn:]+57↑j
__text:0000000000036DA7 mov rdi, r14
__text:0000000000036DAA mov rsi, rbx
__text:0000000000036DAD call __KeyboardBrightnessClient_isKeyboardBuiltIn___cold_1 ; -[KeyboardBrightnessClient isKeyboardBuiltIn:].cold.1
__text:0000000000036DB2 jmp short loc_36D53
__text:0000000000036DB2 __KeyboardBrightnessClient_isKeyboardBuiltIn__ endp
解决方案
推荐阅读
- asp.net-mvc - 是否有 Microsoft.AspNetCore.Mvc - ControllerFeatureProvider for rest api(.net 框架)?
- excel - 根据excel电子表格中的条目在word中的照片下插入标题
- javascript - 为什么 IntersectionObserver 不应用这些类?
- docker - 来自守护程序的错误响应:无法识别的卷规格:无法映射文件“\\.\pipe\docker_engine”。此平台只能映射目录
- python - 字典键可以有多个值吗?
- c++ - 如何将向量从 C++ 输出到 R
- wordpress - 使用 phpmyadmin 向用户添加产品
- typescript - Jests 转换器不转换 GraphQL
- java - Java Servlet System.out.print
- php - Docker 映像:无法找到包 php7.2