%hookf can be confusing at first, but it is pretty easy to understand once you get into it.
While %hook is used to hook Objective-C classes, %hookf is used to hook C functions. Its syntax is also different from %hook.
%hookf(return_type, symbol_name, arguments...) {...}return_type- The return type of the function.symbol_name- This is the name of the function being hooked.arguments- These are the arguments that are passed into the function.
Let's say we want to hook CGFontRef CGFontCreateWithFontName(CFStringRef name);. This would be done like so:
%hookf(CGFontRef, CGFontCreateWithFontName, CFStringRef name) {
// code
return %orig;
}Below is the Substrate version of the above code, if needed.
static CGFontRef (*CGFontCreateWithFontName_orig)(CFStringRef) = NULL;
static CGFontRef CGFontCreateWithFontName_hook(CFStringRef name) {
return CGFontCreateWithFontName_orig(name);
}
__attribute__((constructor)) static void initialize() {
MSHookFunction(dlsym(RTLD_DEFAULT, "CGFontCreateWithFontName"), (void *)CGFontCreateWithFontName_hook, (void **)&CGFontCreateWithFontName_orig);
}If we are not able to directly link with the binary, we can dynamically look up the symbol. Logos has syntax for doing this:
%hookf(CGFontRef, CGFontCreateWithFontName, CFStringRef name) {
// code
return %orig;
}
%ctor {
%init(CGFontCreateWithFontName=dlsym(RTLD_DEFAULT, "CGFontCreateWithFontName"));
}For non-exported symbols, we can use MSFindSymbol instead of dlsym. Do note that we will need an extra _ at the beginning of the symbol if we're using MSFindSymbol.
For further information about %hookf, please go here.