iOS9 class dump header

獲取系統私有API，網上有很多資料總結了一下就三種方式：

• 使用class-dump可以提取系統私有API列表
• 使用class-dump+DumpFrameworks.pl，這個可以一次性提取所有系統Framework與PrivateFrameworks的API列表
• 直接使用已經提取好的API列表github地址

DumpFrameworks.pl代碼如下：

#!/usr/bin/perl
#
# 24 November 2008
# Framework Dumping utility; requires class-dump
#

use strict;

use Cwd;
use File::Path;

my $HOME = (getpwuid($<))[7] || $ENV{'HOME'} 
  or die "Could not find your home directory!";

# This command must be in your path.
# http://www.codethecode.com/projects/class-dump/
my $CLASS_DUMP = 'class-dump'; 

# Public Frameworks  /xcode4/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk////Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.2.sdk/System/Library
# /Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator4.2.sdk/System/Library/Frameworks  /xcode4/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.0.sdk/System/Library
dump_frameworks('/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator9.2.sdk/System/Library/Frameworks',
                'Frameworks');

# Private Frameworks
dump_frameworks('/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator9.2.sdk/System/Library/PrivateFrameworks',
                'PrivateFrameworks');

sub dump_frameworks
{
  my($dir, $subdir) = @_;

  opendir(my $dirh, $dir) or die "Could not opendir($dir) - $!";

  # Iterate through each framework found in the directory
  foreach my $file (grep { /\.framework$/ } readdir($dirh))
  {
    # Extract the framework name
    (my $fname = $file) =~ s/\.framework$//;
    print "Framework: $fname\n";

    my $headers_dir = "$HOME/Headers/$subdir/$fname";

    # Create the folder to store the headers
    mkpath($headers_dir);

    # Perform the class-dump
    my $cwd = cwd();
    chdir($headers_dir) or die "Could not chdir($headers_dir) - $!";

    system($CLASS_DUMP, '-H', "$dir/$file");

   if($? == -1)
    {
      die "Could not execute $CLASS_DUMP - $!\n";
    }
#
#    elsif($? & 127)
#    {
#      printf("$CLASS_DUMP died with signal %d, %s coredump\n",
#             ($? & 127),  ($? & 128) ? 'with' : 'without');
#      exit;
#    }
#    
#    elsif(my $ret = $? >> 8)
#    {
#      die "The command '$CLASS_DUMP -H $dir/$file' failed, returning $ret\n";
#    }
#*/    
    chdir($cwd) or die "Could not chdir($cwd) - $!";
  }
}

注意使用DumpFrameworks.pl時要更改系統庫的路徑爲你自己的路徑。

---

但是從class-dump官網下載的最新版本class-dump-3.5.dmg卻不能獲取iOS9以後版本的API列表。報錯信息：

Warning: This file does not contain any Objective-C runtime information.

具體原因Google了一下：

class-dump依賴於__DATA段下的幾個sect裏的數據。
iOS9 dyld解包的生成macho不在標準__DATA段，導致某些classdump無法識別

原答案地址

然後我從github上獲取class-dump開源代碼重新編譯class-dump的可執行文件，並把這個可執行文件導出重新dump成功獲取iOS9以後的系統私有API。具體方法如下：

1.打開class-dump並在TARGETS選中class-dump可執行文件

2.Xcode->Perferences->Locations

3.Advanced->Custom

不要更改任何路徑選擇後編譯該項目。

編譯成功後在~Library/Developer/Xcode/DerivedData/Build/Products可以找到這個可執行文件然後用這文件獲取系統私有API。