iOS检测系统弹窗并自动关闭
2017-05-16 本文已影响353人
西博尔
为了自动点击应用内部的系统级弹窗,比如询问推送, 询问定位等弹窗的自动点击 , 有人会问干什么用, 自动化测试
%hook SBUserNotificationAlert
- (void)willActivate
{
NSLog(@"🐶 ++++++++++++ willActivate 准备 点击了++++++");
%orig;
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
id (*returnSheet)(id,SEL) = (id(*)(id,SEL))objc_msgSend;
id sheet = returnSheet(self,@selector(alertSheet));
void (*clickButton)(id,SEL,int,_Bool) = (void(*)(id,SEL,int,_Bool))objc_msgSend;
clickButton(sheet,@selector(dismissWithClickedButtonIndex:animated:),1,1);
void (*alertButton)(id,SEL,id,_Bool) = (void(*)(id,SEL,id,_Bool))objc_msgSend;
alertButton(self,@selector(alertView:clickedButtonAtIndex:),sheet,1);
void (*cancelSend)(id,SEL) = (void(*)(id,SEL))objc_msgSend;
cancelSend(self,@selector(cancel));
});
}
%end
1.延时是因为如果在检测到弹窗的瞬间点击 , 因为窗口还没有弹出, 所以会失败 , 也可以给你留出
2. willActivate是弹框将要出现的回调方法
3. SBUserNotificationAlert这个是我综合考虑了一下之后决定hook的类, 能检测到弹窗的有SBAlertItem, SpringBoard等都有回调方法,
4.objc_msgSend方法为什么写成了这样? 因为闪退, 如果用objc_msgSend调用alertView:clickedButtonAtIndex:会闪退, 这也是困扰了我好几天的问题 , 在Cycript中直接调用这三个方法测试没问题, 写在tweak中就闪退, 找了下原因
apple在文档(64-Bit Transition Guide for Cocoa Touch中有)中也有提到
Dispatch Objective-C Messages Using the Method Function’s Prototype
An exception to the casting rule described above is when you are calling the objc_msgSend function or any other similar functions in the Objective-C runtime that send messages. Although the prototype for the message functions has a variadic form, the method function that is called by the Objective-C runtime does not share the same prototype. The Objective-C runtime directly dispatches to the function that implements the method, so the calling conventions are mismatched, as described previously. Therefore you must cast the objc_msgSend function to a prototype that matches the method function being called.
Listing 2-14 shows the proper form for dispatching a message to an object using the low-level message functions. In this example, the doSomething: method takes a single parameter and does not have a variadic form. It casts the objc_msgSend function using the prototype of the method function. Note that a method function always takes an id variable and a selector as its first two parameters. After the objc_msgSend function is cast to a function pointer, the call is dispatched through that same function pointer.
- (int) doSomething:(int) x { ... }
- (void) doSomethingElse {
int (*action)(id, SEL, int) = (int (*)(id, SEL, int)) objc_msgSend;
action(self, @selector(doSomething:), 0);
}
最终简化之后64位调用:
((void(*)(id, SEL,int))objc_msgSend)(self, @selector(doSomething:), 0);
就不闪退了 ,随便下载个新应用, 打开 ,弹出是否允许使用位置, 等待一秒钟, 自动点击是 . 大功告成.
