I am examining the private c++ function hooking code snippet from mobilesubstrate and see

Question

0

Asked: May 30, 20262026-05-30T23:45:45+00:00 2026-05-30T23:45:45+00:00

I am examining the private c++ function hooking code snippet from mobilesubstrate and see

0

I am examining the private c++ function hooking code snippet from mobilesubstrate and see that the WebCore example seems to be hooking onto 2 (possibly) undocumented private functions mangled and buried in WebCore. What strikes me is how saurik deduces the type of return value the target hook function returns??? A mangled function does not leak return type from what I know. I tried disassembling the WebCore framework shared library file in IDA pro and could not see its return type. Any idea anyone? Is full knowledge required of the target function prototype and return type required to successfully hook onto private functions in dylibs?? Thanks!

#define WebKit "/System/Library/PrivateFrameworks/WebKit.framework/WebKit"
#define WebCore "/System/Library/PrivateFrameworks/WebCore.framework/WebCore"
//how to tell its an NSURLRequest* ?
NSURLRequest* (*X_ZNK7WebCore15ResourceRequest12nsURLRequestEv)(void* something);

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T23:45:46+00:00

Editorial Team

2026-05-30T23:45:46+00:00Added an answer on May 30, 2026 at 11:45 pm

As far as I know, you do not need to know the exact return type, for example I was able to hook successfully:

static FILE * close(int arg1),

although close() returns void

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am examining the private c++ function hooking code snippet from mobilesubstrate and see

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply