ios: Add ObjC.getInstanceVariable

unidbg-ios/src/main/java/com/github/unidbg/ios/objc/ObjC.java

@@ -31,6 +31,8 @@ public static ObjC getInstance(Emulator<?> emulator) {
 
     public abstract void setInstanceVariable(Emulator<?> emulator, ObjcObject obj, String name, Object value);
 
+    public abstract UnidbgPointer getInstanceVariable(Emulator<?> emulator, ObjcObject obj, String name);
+
     public abstract boolean respondsToSelector(ObjcClass objcClass, String selectorName);
 
     public abstract NSString newString(String str);

unidbg-ios/src/main/java/com/github/unidbg/ios/objc/ObjcImpl.java

@@ -5,6 +5,7 @@
 import com.github.unidbg.Symbol;
 import com.github.unidbg.ios.struct.objc.ObjcClass;
 import com.github.unidbg.ios.struct.objc.ObjcObject;
+import com.github.unidbg.memory.MemoryBlock;
 import com.github.unidbg.pointer.UnidbgPointer;
 import com.sun.jna.Pointer;
 
@@ -24,6 +25,7 @@ class ObjcImpl extends ObjC {
     private final Symbol _class_getMethodImplementation;
     private final Symbol _class_respondsToSelector;
     private final Symbol _object_setInstanceVariable;
+    private final Symbol _object_getInstanceVariable;
 
     public ObjcImpl(Emulator<?> emulator) {
         this.emulator = emulator;
@@ -71,6 +73,10 @@ public ObjcImpl(Emulator<?> emulator) {
         if (_object_setInstanceVariable == null) {
             throw new IllegalStateException("_object_setInstanceVariable is null");
         }
+        _object_getInstanceVariable = module.findSymbolByName("_object_getInstanceVariable", false);
+        if (_object_getInstanceVariable == null) {
+            throw new IllegalStateException("_object_getInstanceVariable is null");
+        }
     }
 
     @Override
@@ -93,6 +99,21 @@ public void setInstanceVariable(Emulator<?> emulator, ObjcObject obj, String nam
         _object_setInstanceVariable.call(emulator, obj, name, value);
     }
 
+    @Override
+    public UnidbgPointer getInstanceVariable(Emulator<?> emulator, ObjcObject obj, String name) {
+        MemoryBlock block = null;
+        try {
+            block = emulator.getMemory().malloc(16, true);
+            UnidbgPointer pointer = block.getPointer();
+            _object_getInstanceVariable.call(emulator, obj, name, pointer);
+            return pointer.getPointer(0);
+        } finally {
+            if (block != null) {
+                block.free();
+            }
+        }
+    }
+
     @Override
     public ObjcClass getMetaClass(String className) {
         Number number = _objc_getMetaClass.call(emulator, className);

unidbg-ios/src/main/java/com/github/unidbg/ios/struct/objc/ObjcObject.java

@@ -49,6 +49,11 @@ public void setInstanceVariable(String name, Object value) {
         objc.setInstanceVariable(emulator, this, name, value);
     }
 
+    public UnidbgPointer getInstanceVariable(String name) {
+        ObjC objc = ObjC.getInstance(emulator);
+        return objc.getInstanceVariable(emulator, this, name);
+    }
+
     public UnidbgPointer call(String selectorName, Object... args) {
         ObjC objc = ObjC.getInstance(emulator);
         Pointer selector = objc.registerName(selectorName);