11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
* Public License, either version 2 or 3, which can be found in the file
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#include "config.h"
.intel_syntax noprefix
.globl _of_forward
.globl _of_forward_stret
.section __TEXT, __cstring, cstring_literals
Lstr_forwardingTargetForSelector_:
.asciz "forwardingTargetForSelector:"
.section __OBJC, __message_refs, literal_pointers, no_dead_strip
Lsel_forwardingTargetForSelector_:
.long Lstr_forwardingTargetForSelector_
.section __OBJC, __image_info
.long 0, 0
.section __TEXT, __text, regular, pure_instructions
_of_forward:
push ebp
mov ebp, esp
push ebx
sub esp, 20
call get_eip
0:
mov eax, [ebp+8]
mov [esp], eax
call _object_getClass
mov [esp], eax
.att_syntax /* Next line is broken in Intel syntax */
movl Lsel_forwardingTargetForSelector_-0b(%ebx), %eax
.intel_syntax noprefix
mov [esp+4], eax
call _class_respondsToSelector
test eax, eax
jz 0f
mov eax, [ebp+8]
mov [esp], eax
.att_syntax /* Next line is broken in Intel syntax */
movl Lsel_forwardingTargetForSelector_-0b(%ebx), %eax
.intel_syntax noprefix
mov [esp+4], eax
mov eax, [ebp+12]
mov [esp+8], eax
call _objc_msgSend
test eax, eax
jz 0f
cmp eax, [ebp+8]
je 0f
mov [ebp+8], eax
add esp, 20
pop ebx
pop ebp
jmp _objc_msgSend
0:
add esp, 20
pop ebx
pop ebp
jmp _of_method_not_found
_of_forward_stret:
push ebp
mov ebp, esp
push ebx
sub esp, 20
call get_eip
0:
mov eax, [ebp+12]
mov [esp], eax
call _object_getClass
mov [esp], eax
.att_syntax /* Next line is broken in Intel syntax */
movl Lsel_forwardingTargetForSelector_-0b(%ebx), %eax
.intel_syntax noprefix
mov [esp+4], eax
call _class_respondsToSelector
test eax, eax
jz 0f
mov eax, [ebp+12]
mov [esp], eax
.att_syntax /* Next line is broken in Intel syntax */
movl Lsel_forwardingTargetForSelector_-0b(%ebx), %eax
.intel_syntax noprefix
mov [esp+4], eax
mov eax, [ebp+16]
mov [esp+8], eax
call _objc_msgSend
test eax, eax
jz 0f
cmp eax, [ebp+12]
je 0f
mov [ebp+12], eax
add esp, 20
pop ebx
pop ebp
jmp _objc_msgSend_stret
0:
add esp, 20
pop ebx
pop ebp
jmp _of_method_not_found_stret
get_eip:
mov ebx, [esp]
ret
|
<
<
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
<
|
|
|
|
<
|
|
|
|
<
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<
|
<
|
|
|
|
<
|
>
>
>
>
<
<
<
<
<
|
|
|
|
|
|
|
|
|
|
|
|
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
* Public License, either version 2 or 3, which can be found in the file
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#include "config.h"
.globl _OFForward
.globl _OFForward_stret
.section __TEXT, __cstring, cstring_literals
str_forwardingTargetForSelector_:
.asciz "forwardingTargetForSelector:"
.section __OBJC, __message_refs, literal_pointers, no_dead_strip
sel_forwardingTargetForSelector_:
.long str_forwardingTargetForSelector_
.section __OBJC, __image_info
.long 0, 0
.section __TEXT, __text, regular, pure_instructions
_OFForward:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $20, %esp
call get_eip
0:
movl 8(%ebp), %eax
movl %eax, (%esp)
call _object_getClass
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz 0f
movl 8(%ebp), %eax
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
movl 12(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz 0f
cmpl 8(%ebp), %eax
je 0f
movl %eax, 8(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend
0:
addl $20, %esp
popl %ebx
popl %ebp
jmp _OFMethodNotFound
_OFForward_stret:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $20, %esp
call get_eip
0:
movl 12(%ebp), %eax
movl %eax, (%esp)
call _object_getClass
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz 0f
movl 12(%ebp), %eax
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
movl 16(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz 0f
cmpl 12(%ebp), %eax
je 0f
movl %eax, 12(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend_stret
0:
addl $20, %esp
popl %ebx
popl %ebp
jmp _OFMethodNotFound_stret
get_eip:
movl (%esp), %ebx
ret
|