iOS Safari分析过程分享

　　96 -> 0x6d38 (0x6f9d): -[AddressView _layoutReloadButtonForProgressViewFrame:forEditing:textField:showInactiveFieldWhileEditing:]

　　257 -> 0x126a4 (0x1288a): -[AddressView layoutReaderButton]

　　3482 -> 0xa3927 (0xa3caf): -[TabDocument _didDetectReaderAvailability:]

　　3485 -> 0xa3e3f (0xa3e6b): (MEM:didDetectReaderAvailability)

　　-[AddressViewaccessibility(SafeCategory) layoutReaderButton]

　　6. (FAILED)

　　根据WebKit Objective-C Programming Guide, 获取JS数据需要先获取window对象:

　　id win = [webview windowScriptObject];

　　前且所有的JS对象是使用WebScriptObject包装起来的。

　　Summary: WebCore`-[WebScriptObject valueForKey:] Address: WebCore[0x00d35b30] (WebCore.__TEXT.__text + 13843984)

　　(lldb) b WebCore`-[WebScriptObject valueForKey:]

　　Breakpoint 14: where = WebCore`-[WebScriptObject valueForKey:], address = 0x03581700

　　7.

　　TabDocument::

　　- (void)_detectReaderAvailabilityNow; // IMP=0x000a3f56

　　- (void)_detectReaderAvailabilityOnWebThread; // IMP=0x000a3d15

　　- (void)_didDetectReaderAvailability:(BOOL)arg1; // IMP=0x000a3927

　　8.

　　var ReaderArticleFinderJS = new ReaderArticleFinder(document);

　　

　　6fdc8(6fe24) -> 1b3ba(1b3d6) -> isReaderModeAvailable

　　9. break at JSObjectGetProperty

　　(lldb) p/x `*(int*)($ebp+16)`

　　(int) $33 = 0x000debdf

　　(lldb) mem read `$33`

　　0x000debdf: 69 73 52 65 61 64 65 72 4d 6f 64 65 41 76 61 69 isReaderModeAvai

　　0x000debef: 6c 61 62 6c 65 00 70 72 65 70 61 72 65 54 6f 54 lable.prepareToT

　　10. 还需要再获取对象

　　

　　450 -> 0x1b774(0x1b777) -> return ReaderArticleFinderJS

　　1656 -> 0x5a70c (0x5a76e) ->

　　2193 -> 0x70224 (0x70315) ->

　　2186 -> 0x6fdc8 (0x6fe19) ->

　　2185 ->0x6fd9a(0x6fdb5) -> XREF:-[ReaderTestProcessor _processReaderTestResult:tabDocument:] & -[ReaderContext isReaderAvailable]

　　2125 ->0x6eac5(0x6eae5) -> -[ReaderContext isReaderAvailable]

　　3484 -> 0xa3d84(0xa3dd3) -> XREF:-[TabDocument _detectReaderAvailabilityOnWebThread]

　　11. click the "Reader" button