How to check if a class has metaclass definition in mach-o file
So, I'm examining the mach-o.
Now I was able to explain how to map a pointer to a class structure, but I found that if I use otool, sometimes it will print something has a metaclass:
00000001000990d8 0x1000b75c8
isa 0x1000b75f0
superclass 0x0
cache 0x0
vtable 0x0
data 0x1000a5a00 (struct class_ro_t *)
flags 0x184 RO_HAS_CXX_STRUCTORS
instanceStart 8
instanceSize 152
reserved 0x0
ivarLayout 0x10007bb99
layout map: 0x1f 0x02
name 0x10007bb93 AASDK
and after that class_ro_t * there is one section right after it:
Meta Class
isa 0x0
superclass 0x0
cache 0x0
vtable 0x0
data 0x1000a5730 (struct class_ro_t *)
flags 0x185 RO_META RO_HAS_CXX_STRUCTORS
instanceStart 40
instanceSize 40
reserved 0x0
ivarLayout 0x0
name 0x10007bb93 AASDK
baseMethods 0x1000a5698 (struct method_list_t *)
And it looks like the meta-class has methods declared as class methods (marked +
in ObjC code)
The memory layout looks like this:
1000B75C8: F0 75 0B 00 01 00 00 00 00 00 00 00 00 00 00 00
1000B75D8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1000B75E8: 00 5A 0A 00 01 00 00 00 00 00 00 00 00 00 00 00
1000B75F8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1000B7608: 00 00 00 00 00 00 00 00 30 57 0A 00 01 00 00 00
1000B7618: 40 76 0B 00 01 00 00 00 00 00 00 00 00 00 00 00
Obviously we can see what 30 57 0A 00 01 00 00 00
is the metaclass data pointer.
I wonder how to find out if a class has meta information?
I have checked the source code of otool but I cannot read it, it has a lot of computation and offsets. Can anyone help explain how to test it?
source to share
No one has answered this question yet
Check out similar questions: