that’s Cycript. If a function has a return value, Cycript will print its memory address and
description in real time, which is very intuitive. After Cycript executes the above code, a popup
shows on SpringBoard, as shown in figure 4-10.
Figure 4- 10 Code execution in Cycript
If we already know the memory address of an object, we can use “#” operator to access the
object like this:
cy# [[UIAlertView alloc] initWithTitle:@"iOSRE" message:@"snakeninny" delegate:nil
cancelButtonTitle:@"OK" otherButtonTitles:nil]
#"<UIAlertView: 0x166b4fb0; frame = (0 0; 0 0); layer = <CALayer: 0x16615890>>"
cy# [#0x166b4fb0 show]
cy# [#0x166b4fb0 release]If we know an object of a certain class exists in the current process but don’t know its
memory address, we cannot obtain the object with “#”. Under such circumstance, we can try
“choose” out:
cy# choose(SBScreenShotter)
[#"<SBScreenShotter: 0x166e0e20>"]
cy# choose(SBUIController)
[#"<SBUIController: 0x16184bf0>"]“choose” a class, Cycript returns its objects. This command is so convenient that it doesn’t
succeed all the time. When it fails to get you a usable object, you’re on your own. We’ll talk
about how to get our target objects manually in chapter 6, please stay tuned.
When it comes to testing private methods, a combination of the above Cycript commands