汇编代码:

; 状态:R0 = imageFileName, R1 = mainBundle, R2 = isRetina

PUSH    {R4-R7,LR} ; R0 = imageFileName, R1 = mainBundle, R2 = isRetina

ADD      R7, SP, #0xC

PUSH.W  {R8,R10,R11}

STR.W    R2, [SP,#0x18+var_1C]!

MOV      R4, R0  ; R4 = R0 = imageFileName

MOV      R0, #(selRef_length - 0x17BB0) ; selRef_length

MOV      R10, R1 ; R10 = R1 = mainBundle

ADD      R0, PC ; selRef_length

LDR      R1, [R0] ; "length"

MOV      R0, R4  ; R0 = R4 = imageFileName

BLX.W    _objc_msgSend ; [imageFileName length]

MOVS     R6, #0  ; R6 = 0

CMP      R0, #0  ; check if R0 is 0

BEQ.W    loc_17D1C ; if R0 is 0, goto the label

MOV      R0, R4  ; R0 = R4 = imageFileName

MOV      R1, R10 ; R1 = R10 = mainBundle

BL     __UICacheNameForImageAtPath ; arg_0:imageFileName, arg_1:mainBundle, result:com.proteas.hello_Default.png

MOVW     R8, #(:lower16:(__MergedGlobals_36 - 0x17BD4))

MOV      R5, R0  ; R5 = R0 = imageCacheName

MOVT.W   R8, #(:upper16:(__MergedGlobals_36 - 0x17BD4))

ADD      R8, PC ; __MergedGlobals_36

ADD.W    R11, R8, #0x10 ; R11 = R8 + 16

MOV      R0, R11 ; lock, OSSpinLock*, 访问全局变量,加锁

BLX.W    _OSSpinLockLock ; arg_0: OSSpinLock*

LDR.W    R0, [R8,#(dword_62C524 - 0x62C510)] ; R0 = cachedImageMap, key:imageCacheName, value:UIImageObject

MOVS      R6, #0  ; R6 = 0

CBZ       R0, loc_17BEC ; if cachedImageMap is nil, goto the label

MOV       R1, R5  ; R1 = R5 = imageCacheName

BLX.W _CFDictionaryGetValue ; CFDictionaryGetValue(cachedImageMap, imageCacheName)

MOV       R6, R0  ; R6 = R0 = cachedUIImageObject

loc_17BEC:

MOV       R0, #(selRef_retainCount - 0x17BF8) ; selRef_retainCount

ADD       R0, PC ; selRef_retainCount

LDR       R1, [R0] ; "retainCount"

MOV       R0, R6  ; R0 = R6 = cachedUIImageObject

BLX.W     _objc_msgSend ; [cachedUIImageObject retainCount]

CBNZ     R0, loc_17C08 ; if retainCount of cachedUIImageObject is not 0, goto the label

MOV      R0, R11 ; lock

BLX.W    _OSSpinLockUnlock

B        loc_17C50

loc_17C08:

MOV      R0, #(selRef__isCached - 0x17C14) ; selRef__isCached

ADD      R0, PC ; selRef__isCached

LDR      R1, [R0] ; R1 = "_isCached"

MOV      R0, R6  ; R0 = R6 = cachedUIImageObject

BLX.W    _objc_msgSend ; R0 = isCached

TST.W    R0, #0xFF ; check if R0 is true

BNE      loc_17C46 ; if not cached, goto the label

MOV      R0, #(selRef_retain - 0x17C2C) ; selRef_retain

ADD      R0, PC ; selRef_retain

LDR      R1, [R0] ; "retain"

MOV      R0, R6  ; R0 = R6 = cachedUIImageObject

BLX.W    _objc_msgSend ; [cachedUIImageObject retain]

MOVW     R0, #(:lower16:(selRef__setCached_ - 0x17C40))

MOVS     R2, #1  ; R2 = 1

MOVT.W   R0, #(:upper16:(selRef__setCached_ - 0x17C40))

ADD      R0, PC ; selRef__setCached_

LDR      R1, [R0] ; "_setCached:"

MOV      R0, R6  ; R0 = R6 = cachedUIImageObject

BLX.W    _objc_msgSend ; [cachedUIImageObject _setCached:YES]

loc_17C46:

MOV      R0, R11 ; lock

BLX.W    _OSSpinLockUnlock ; 释放锁

CMP      R6, #0  ; check if cachedUIImageObject is nil

BNE      loc_17D1C ; if not nil, goto the label

loc_17C50:

MOVW     R3, #(:lower16:(_GetImageAtPath+1 - 0x17C60))

MOV      R0, R4  ; R0 = R4 = imageFileName

MOVT.W   R3, #(:upper16:(_GetImageAtPath+1 - 0x17C60))

LDR      R2, [SP,#0x1C+var_1C] ; R2 = isRetina

ADD      R3, PC ; _GetImageAtPath ; R3 = _GetImageAtPath

MOV      R1, R10 ; R1 = R10 = mainBundle

BL    __UIImageCallFunctionForAppropriatePath ; arg_0:imageFileName, arg_1 = mainBundle, arg_2 = isRetina, arg_3 = _GetImageAtPath

MOV      R6, R0  ; R6 = R0 = UIImageObject

CMP      R6, #0  ; check if UIImageObject is nil

BEQ      loc_17D1C ; if failed, goto label

MOV      R0, R11 ; lock

BLX.W    _OSSpinLockLock

LDR.W    R0, [R8,#0x14] ; R0 = pointer to imageCacheMap

CBNZ     R0, loc_17CAE ; R1 = R5 = imageCacheName

MOVW     R0, #(:lower16:(_kCFTypeDictionaryKeyCallBacks_ptr - 0x17C86))

MOVS     R1, #0  ; R1 = capacity = 0

MOVT.W R0, #(:upper16:(_kCFTypeDictionaryKeyCallBacks_ptr - 0x17C86))

MOVS     R3, #0  ; R3 = valueCallBacks = 0

ADD      R0, PC ; _kCFTypeDictionaryKeyCallBacks_ptr

LDR      R2, [R0] ; _kCFTypeDictionaryKeyCallBacks

MOVS     R0, #0  ; R0 = allocator = NULL

BLX.W    _CFDictionaryCreateMutable ; R0 = cachedImageMap

MOVW     R1, #(:lower16:(_kCFTypeDictionaryValueCallBacks_ptr - 0x17C9E))

MOVS     R2, #0  ; R2 = keyCallBacks = NULL

MOVT.W          R1, #(:upper16:(_kCFTypeDictionaryValueCallBacks_ptr - 0x17C9E))

STR.W   R0, [R8,#0x14]

ADD      R1, PC ; _kCFTypeDictionaryValueCallBacks_ptr

MOVS     R0, #0  ; R0 = allocator = NULL

LDR      R3, [R1] ; _kCFTypeDictionaryValueCallBacks

MOVS     R1, #0  ; R1 = capacity = 0

BLX.W    _CFDictionaryCreateMutable

STR.W    R0, [R8,#0x18]

LDR.W    R0, [R8,#0x14]

loc_17CAE:

MOV      R1, R5  ; R1 = R5 = imageCacheName

BLX.W    _CFDictionaryContainsKey

CBNZ     R0, loc_17CF8 ; if has cached, goto the label

MOVW     R0, #(:lower16:(selRef__setNamed_ - 0x17CC4))

MOVS     R2, #1  ; R2 = YES

MOVT.W   R0, #(:upper16:(selRef__setNamed_ - 0x17CC4))

ADD      R0, PC ; selRef__setNamed_

LDR      R1, [R0] ; "_setNamed:"

MOV      R0, R6  ; R0 = R6 = UIImageObject

BLX.W    _objc_msgSend ; [UIImageObject _setNamed:YES]

MOVW     R0, #(:lower16:(selRef__setCached_ - 0x17CD8))

MOVS     R2, #1

MOVT.W   R0, #(:upper16:(selRef__setCached_ - 0x17CD8))

ADD      R0, PC ; selRef__setCached_

LDR      R1, [R0] ; "_setCached:"

MOV      R0, R6

BLX.W   _objc_msgSend ; [UIImageObject _setCached:YES]

LDR.W    R0, [R8,#0x14] ; R0 = cachedImageMap

MOV      R1, R5  ; R1 = R5 = imageCacheName

MOV      R2, R6  ; R2 = R6 = UIImageObject

BLX.W   _CFDictionarySetValue ; arg_0:cachedImageMap, arg_1 = imageCacheName, arg_2 = imageObject

LDR.W    R0, [R8,#0x18]

MOV      R1, R6  ; R1 = R6 = UIImageObject

MOV      R2, R5  ; R2 = R5 = imageCacheName

BLX.W  _CFDictionarySetValue ; arg_0: dictionary, arg_1: imageObject, arg_2 = imageCacheName

B        loc_17D16

loc_17CF8:

MOV     R0, #(selRef_release - 0x17D04) ; selRef_release

ADD     R0, PC ; selRef_release

LDR     R1, [R0] ; "release"

MOV     R0, R6  ; R0 = R6 = UIImageObject

BLX.W  _objc_msgSend ; [UIImageObject release]

LDR.W  R0, [R8,#0x14] ; R0 = cachedImageMap

MOV    R1, R5  ; R1 = R5 = imageCacheName

BLX.W  _CFDictionaryGetValue

MOV    R6, R0  ; R6 = R0 = result UIImage instance

loc_17D16:

MOV    R0, R11 ; lock

BLX.W  _OSSpinLockUnlock ; release spin lock

loc_17D1C:

MOV    R0, R6  ; R0 = R6 = nil

ADD    SP, SP, #4

POP.W  {R8,R10,R11}

POP     {R4-R7,PC}

伪代码:

NSDictionary *gCachedImageMapNameToImage = nil;

NSDictionary *gCachedImageMapImageToName = nil;

_UIImageAtPath(NSString *imageFileName, NSBundle *mainBundle, BOOL isRetina) {

if ([imageFileName length] == 0)

returnnil;

if (gCachedImageMapNameToImage == nil) {

gCachedImageMapNameToImage = [[NSMutableDictionaryalloc] init];

gCachedImageMapImageToName = [[NSMutableDictionaryalloc] init];

}

NSString *imageCacheName = _UICacheNameForImageAtPath(imageFileName, mainBundle);

UIImage *cachedImage = [gCachedImageMapNameToImageobjectForKey:imageCacheName];

if (cachedImage == nil) {

cachedImage = _UIImageCallFunctionForAppropriatePath(imageFileName, mainBundle, isRetina, _UIImageAtPath);

if (cachedImage == nil) {

returnnil;

} else {

[gCachedImageMapNameToImagesetObject:cachedImage forKey:imageCacheName];

[gCachedImageMapImageToNamesetObject:imageCacheName forKey:cachedImage];

[cachedImage _setNamed:YES];

[cachedImage _setCached:YES];

}

} else {

if (![cachedImage _isCached]) {

[cachedImage _setCached:YES];

}

}

return cachedImage;

}

[原]逆向iOS SDK -- _UIImageAtPath 的实现(SDK 6.1)的更多相关文章

  1. [原]逆向iOS SDK -- _UIImageAtPath 的实现(SDK 5.1)

    注释过的反汇编代码:http://pan.baidu.com/share/link?shareid=3491166579&uk=537224442 伪代码(不精确,仅供参考): NSStrin ...

  2. [原]逆向iOS SDK -- “添加本地通知”的流程分析

    观点: 代码面前没有秘密 添加通知的 Demo 代码 - (void)scheduleOneLocalNotification { [[UIApplication sharedApplication] ...

  3. [原]逆向iOS SDK -- +[UIImage imageNamed:] 的实现

    汇编代码: ; Dump of assembler code for function +[UIImage imageNamed:] ; R0 = UIImage, R1 = "imageN ...

  4. [Office][C#] NPOI、OpenXML SDK、OpenOffice.org SDK 写入资料到 EXCEL 档案[转]

    原文地址:http://www.dotblogs.com.tw/chou/archive/2010/04/29/14912.aspx 一.簡介 要將資料寫入 EXCEL 檔案有許多的方法,但假如電腦不 ...

  5. Android SDK Tools和Android SDK Platform-tools

    SDK Platform 可以理解为版本,因此有 SDK Platform 7,SDK Platform 8等等Android SDK Tools 是各个版本都可通用的工具文件夹,里面有draw9pa ...

  6. 阿里云SDK手册之java SDK

    进行阿里云sdk开发的前提是已经购买阿里云的相关服务才能调用阿里的相关接口进行开发.最近公司在做云管控的项目,于是进行下摘录总结. 一. 环境准备 阿里云针对不同的开发语言提供不同的sdk,由于项目用 ...

  7. 打开SDK Manager检查Android SDK下载和更新失败的解决方法

    [故障描述] 打开SDK Manager检查Android  SDK状况,出现以下情况: Failed to fetch URL https://dl-ssl.google.com/android/r ...

  8. “AIR SDK 0.0: AIR SDK location “...\devsdks\AIRSDK\Win” does not exist.”问题解决~

    原文同步至:http://www.waylau.com/air-sdk-0-0-air-sdk-location-does-not-exist-address/ 导入AS3项目时提示“AIR SDK ...

  9. Android sdk platform,sdk tools,sdk Build tools,sdk platform tools 的关系

    1. sdk platform 简单理解为系统版本 最新级别: 28:Android 9 27:Android 8.1 26:Android 8.0 25:Android 7.1 24:Android ...

随机推荐

  1. HDU 1686 Oulipo(kmp)

    Problem Description The French author Georges Perec (1936–1982) once wrote a book, La disparition, w ...

  2. 关于C#操作INI文件的总结

    原文:关于C#操作INI文件的总结   INI文件其实是一种具有特定结构的文本文件,它的构成分为三部分,结构如下: [Section1]key 1 = value2key 1 = value2--[S ...

  3. 针对不同手机系统的LBS地图定位解决方案

    原文:针对不同手机系统的LBS地图定位解决方案 摘要: 针对目前的三种手机系统:Android安卓.S60塞班.IOS苹果,做出的三种不同的手机地图应用解决方案. 查阅了多数地图API对手机的支持情况 ...

  4. 【甘道夫】Ubuntu群集配置 - 免费登陆

    引言 这是几年前写的文章,但一直以来该问题被反复问到.所以我决定将它又一次搬上屏幕. 正文 三个节点:masternode    slavenode1   slavenode2 第一步:全部节点分别生 ...

  5. 第4章3节《MonkeyRunner源码剖析》ADB协议及服务: ADB协议概览SYNC.TXT翻译参考(原创)

    天地会珠海分舵注:本来这一系列是准备出一本书的,详情请见早前博文“寻求合作伙伴编写<深入理解 MonkeyRunner>书籍“.但因为诸多原因,没有如愿.所以这里把草稿分享出来,所以错误在 ...

  6. Codeforces 484B Maximum Value(高效+二分)

    题目链接:Codeforces 484B Maximum Value 题目大意:给定一个序列,找到连个数ai和aj,ai%aj尽量大,而且ai≥aj 解题思路:类似于素数筛选法的方式,每次枚举aj,然 ...

  7. 客户端javascript

    <script> function moveon(){ var answer=confirm("hello,good morning!");//通过弹出对话框询问用户 ...

  8. SSM 使用方法

    System Safety Monitor(以下简称为SSM),它是一款俄罗斯出品的系统监控软件,通过监视系统特定的文件(如注册表等)及应用程序,达到保护系统安全的目的.在某些功能上比Winpatro ...

  9. HBuilder HTML 自定义代码块

    =begin 本文档是HTML代码块的编辑文件.注意不要把其他语言的设置放到html里来. HBuilder可使用ruby脚本来编辑代码块和增强操作命令. 1.编辑代码块 如果要新增一个代码块,复制如 ...

  10. 4GB内存原32位系统(x86)取舍问题,显卡共享内存Win8.1完全不用担心

    情景:集成显卡 配置: 4G显示3.25GB 此时系统自动将用不到的系统完全共享给显卡(768MB而不是256): 看显卡适配器信息,完全共享给了显卡 解说:上图总可用图形内存 = 图2中备用 + 硬 ...