14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
* file.
*/
.globl _of_forward
.globl _of_forward_stret
.section __TEXT, __cstring, cstring_literals
L_str_forwardingTargetForSelector_:
L_sel_forwardingTargetForSelector_:
.long L_str_forwardingTargetForSelector_
.L0:
movl L_sel_forwardingTargetForSelector_-.L0(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz fail
movl 8(%ebp), %eax
movl %eax, (%esp)
movl L_sel_forwardingTargetForSelector_-.L0(%ebx), %eax
movl %eax, 4(%esp)
movl 12(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz fail
cmpl 8(%ebp), %eax
je fail
movl %eax, 8(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend
fail:
.L1:
movl L_sel_forwardingTargetForSelector_-.L1(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz fail_stret
movl 12(%ebp), %eax
movl %eax, (%esp)
movl L_sel_forwardingTargetForSelector_-.L1(%ebx), %eax
movl %eax, 4(%esp)
movl 16(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz fail_stret
cmpl 12(%ebp), %eax
je fail_stret
movl %eax, 12(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend_stret
fail_stret:
|
|
|
|
|
|
|
|
|
|
<
>
<
>
|
|
|
|
|
<
>
|
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
* file.
*/
.globl _of_forward
.globl _of_forward_stret
.section __TEXT, __cstring, cstring_literals
str_forwardingTargetForSelector_:
.asciz "forwardingTargetForSelector:"
.section __OBJC, __message_refs, literal_pointers, no_dead_strip
sel_forwardingTargetForSelector_:
.long str_forwardingTargetForSelector_
.section __OBJC, __image_info
.long 0, 0
.section __TEXT, __text, regular, pure_instructions
_of_forward:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $20, %esp
call get_eip
0:
movl 8(%ebp), %eax
movl %eax, (%esp)
call _object_getClass
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz 0f
movl 8(%ebp), %eax
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
movl 12(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz 0f
cmpl 8(%ebp), %eax
je 0f
movl %eax, 8(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend
0:
addl $20, %esp
popl %ebx
popl %ebp
jmp _of_method_not_found
_of_forward_stret:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $20, %esp
call get_eip
0:
movl 12(%ebp), %eax
movl %eax, (%esp)
call _object_getClass
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
call _class_respondsToSelector
testl %eax, %eax
jz 0f
movl 12(%ebp), %eax
movl %eax, (%esp)
movl sel_forwardingTargetForSelector_-0b(%ebx), %eax
movl %eax, 4(%esp)
movl 16(%ebp), %eax
movl %eax, 8(%esp)
call _objc_msgSend
testl %eax, %eax
jz 0f
cmpl 12(%ebp), %eax
je 0f
movl %eax, 12(%ebp)
addl $20, %esp
popl %ebx
popl %ebp
jmp _objc_msgSend_stret
0:
addl $20, %esp
popl %ebx
popl %ebp
jmp _of_method_not_found_stret
get_eip:
movl (%esp), %ebx
ret
|