actually verifies whether an NSString object has a certain prefix. Isn’t it easy to understand?
Logos syntax, which we’ve introduced in chapter 3, is actually an encapsulation of
MSHookMessageEx. Although Logos is clean and elegant, while making it easy to write
Objective-C hooks, it’s still based on MSHookMessageEx. For Objective-C hooks, we
recommend using Logos instead of MSHookMessageEx. If you are interested in the use of
MSHookMessageEx, you can take a look at its official document, or Google “cydiasubstrate
fuchsiaexample”, the link starting with “http://www.cydiasubstrate.com“ is what you are
looking for.
MSHookFunction is used for C/C++ hooks, and works in assembly level. Conceptually,
when the process is about to call “function”, MSHookFunction makes it execute “replacement”
instead, and allocate some memory to store the original “function” and its return address,
making it possible for the process to execute “function” optionally, and guarantees the process
can run as usual after executing “replacement”.
Maybe it’s hard to understand the above paragraph, so here comes an example. Let’s take a
look at figure 4-2.
Figure 4- 2 Normal execution flow of a process
As shown in figure 4-2, a process executes some instructions, then calls function A, and
afterward executes the remaining instructions. If we hook function A and replace it with
function B, then this process’ execution flow changes to figure 4-3.