Add build modes and dev hooks, improve injection and docs

Introduces build mode options (rmfakecloud, qmldiff, dev, all) to CMake and build scripts, enabling selective compilation of hooks for cloud redirection, Qt resource hooking, and reverse engineering. Adds new hooks and memory logging for dev mode, updates injection script to handle libzstd.1.dylib dependency, and documents build modes in README.
2026-01-10 22:48:13 +00:00 · 2025-11-29 14:34:07 +01:00
parent 18abae42b7
commit 1619fda631
11 changed files with 356 additions and 18 deletions
--- a/src/reMarkable/reMarkable.m
+++ b/src/reMarkable/reMarkable.m
@@ -214,18 +214,21 @@ static inline QString QStringFromNSStringSafe(NSString *string) {
    reMarkableDylib *dylib = [[reMarkableDylib alloc] init];
    [dylib hook];
    
+#ifdef BUILD_MODE_RMFAKECLOUD
    // Add custom Help menu entry to open config file
    NSString *configPath = ReMarkableConfigFilePath();
    NSString *fileURL = [NSString stringWithFormat:@"file://%@", configPath];
    [MenuActionController addCustomHelpMenuEntry:@"Open rmfakecloud config" 
                                         withURL:fileURL 
                                       withDelay:2.0];
+#endif
 }

@end

@implementation reMarkableDylib

+#ifdef BUILD_MODE_RMFAKECLOUD
 static QNetworkReply *(*original_qNetworkAccessManager_createRequest)(
    QNetworkAccessManager *self,
    QNetworkAccessManager::Operation op,
@@ -235,13 +238,69 @@ static QNetworkReply *(*original_qNetworkAccessManager_createRequest)(
 static void (*original_qWebSocket_open)(
    QWebSocket *self,
    const QNetworkRequest &request) = NULL;
+#endif

+#ifdef BUILD_MODE_QMLDIFF
 static int (*original_qRegisterResourceData)(
    int,
    const unsigned char *,
    const unsigned char *,
    const unsigned char *) = NULL;
+#endif

+#ifdef BUILD_MODE_DEV
+static ssize_t (*original_qIODevice_write)(
+    QIODevice *self,
+    const char *data,
+    qint64 maxSize) = NULL;
+
+// Hook for function at 0x10016D520
+static int64_t (*original_function_at_0x10016D520)(int64_t a1, int64_t *a2, unsigned int a3, int64_t a4) = NULL;
+
+// Hook for function at 0x1001B6EE0
+static void (*original_function_at_0x1001B6EE0)(int64_t a1, int64_t *a2, unsigned int a3) = NULL;
+#endif
+
+#if defined(BUILD_MODE_DEV)
+// Memory logging helper function
+static void logMemory(const char *label, void *address, size_t length) {
+    if (!address) {
+        NSLogger(@"[reMarkable]   %s: (null)", label);
+        return;
+    }
+    
+    unsigned char *ptr = (unsigned char *)address;
+    NSMutableString *hexLine = [NSMutableString stringWithFormat:@"[reMarkable]   %s: ", label];
+    
+    for (size_t i = 0; i < length; i++) {
+        [hexLine appendFormat:@"%02x ", ptr[i]];
+        if ((i + 1) % 16 == 0 && i < length - 1) {
+            NSLogger(@"%@", hexLine);
+            hexLine = [NSMutableString stringWithString:@"[reMarkable]                    "];
+        }
+    }
+    
+    // Log remaining bytes if any
+    if ([hexLine length] > 28) {  // More than just the prefix
+        NSLogger(@"%@", hexLine);
+    }
+}
+
+// Stack trace logging helper function
+static void logStackTrace(const char *label) {
+    NSLogger(@"[reMarkable] %s - Stack trace:", label);
+    NSArray<NSString *> *callStack = [NSThread callStackSymbols];
+    NSUInteger count = [callStack count];
+    
+    // Skip first 2 frames (this function and the immediate caller's logging statement)
+    for (NSUInteger i = 0; i < count; i++) {
+        NSString *frame = callStack[i];
+        NSLogger(@"[reMarkable]   #%lu: %@", (unsigned long)i, frame);
+    }
+}
+#endif
+
+#ifdef BUILD_MODE_RMFAKECLOUD
 static inline bool shouldPatchURL(const QString &host) {
    if (host.isEmpty()) {
        return false;
@@ -264,10 +323,13 @@ static inline bool shouldPatchURL(const QString &host) {
    )""")
        .contains(host, Qt::CaseInsensitive);
 }
+#endif

 - (BOOL)hook {
    NSLogger(@"[reMarkable] Starting hooks...");

+#ifdef BUILD_MODE_RMFAKECLOUD
+    NSLogger(@"[reMarkable] Build mode: rmfakecloud");
    ReMarkableLoadOrCreateConfig();
    NSLogger(@"[reMarkable] Using override host %@ and port %@", gConfiguredHost, gConfiguredPort);

@@ -282,17 +344,44 @@ static inline bool shouldPatchURL(const QString &host) {
                      hookFunction:(void *)hooked_qWebSocket_open
                  originalFunction:(void **)&original_qWebSocket_open
                         logPrefix:@"[reMarkable]"];
+#endif

-    // WIP: Implement resource data registration hooking
-    // [MemoryUtils hookSymbol:@"QtCore"
-    //                     symbolName:@"__Z21qRegisterResourceDataiPKhS0_S0_"
-    //                   hookFunction:(void *)hooked_qRegisterResourceData
-    //               originalFunction:(void **)&original_qRegisterResourceData
-    //                      logPrefix:@"[reMarkable]"];
+#ifdef BUILD_MODE_QMLDIFF
+    NSLogger(@"[reMarkable] Build mode: qmldiff");
+    [MemoryUtils hookSymbol:@"QtCore"
+                        symbolName:@"__Z21qRegisterResourceDataiPKhS0_S0_"
+                      hookFunction:(void *)hooked_qRegisterResourceData
+                  originalFunction:(void **)&original_qRegisterResourceData
+                         logPrefix:@"[reMarkable]"];
+#endif
+
+#ifdef BUILD_MODE_DEV
+    NSLogger(@"[reMarkable] Build mode: dev/reverse engineering");
+    [MemoryUtils hookSymbol:@"QtCore"
+                    symbolName:@"__ZN9QIODevice5writeEPKcx"
+                  hookFunction:(void *)hooked_qIODevice_write
+              originalFunction:(void **)&original_qIODevice_write
+                     logPrefix:@"[reMarkable]"];
+
+    // Hook function at address 0x10016D520
+    [MemoryUtils hookAddress:@"reMarkable"
+               staticAddress:0x10016D520
+                hookFunction:(void *)hooked_function_at_0x10016D520
+            originalFunction:(void **)&original_function_at_0x10016D520
+                   logPrefix:@"[reMarkable]"];
+
+    // Hook function at address 0x1001B6EE0
+    [MemoryUtils hookAddress:@"reMarkable"
+               staticAddress:0x1001B6EE0
+                hookFunction:(void *)hooked_function_at_0x1001B6EE0
+            originalFunction:(void **)&original_function_at_0x1001B6EE0
+                   logPrefix:@"[reMarkable]"];
+#endif

    return YES;
 }

+#ifdef BUILD_MODE_RMFAKECLOUD
 extern "C" QNetworkReply* hooked_qNetworkAccessManager_createRequest(
    QNetworkAccessManager* self,
    QNetworkAccessManager::Operation op,
@@ -345,7 +434,9 @@ extern "C" void hooked_qWebSocket_open(

    original_qWebSocket_open(self, req);
 }
+#endif // BUILD_MODE_RMFAKECLOUD

+#ifdef BUILD_MODE_QMLDIFF
 extern "C" int hooked_qRegisterResourceData(
    int version,
    const unsigned char *tree,
@@ -386,5 +477,108 @@ extern "C" int hooked_qRegisterResourceData(
    }
    return status;
 }
+#endif // BUILD_MODE_QMLDIFF
+
+#ifdef BUILD_MODE_DEV
+extern "C" ssize_t hooked_qIODevice_write(
+    QIODevice *self,
+    const char *data,
+    qint64 maxSize) {
+    NSLogger(@"[reMarkable] QIODevice::write called with maxSize: %lld", (long long)maxSize);
+    
+    // Log the call stack
+    logStackTrace("QIODevice::write call stack");
+    
+    // Log the data to write
+    logMemory("Data to write", (void *)data, (size_t)(maxSize < 64 ? maxSize : 64));
+    
+    if (original_qIODevice_write) {
+        ssize_t result = original_qIODevice_write(self, data, maxSize);
+        NSLogger(@"[reMarkable] QIODevice::write result: %zd", result);
+        return result;
+    }
+    NSLogger(@"[reMarkable] WARNING: Original QIODevice::write not available, returning 0");
+    return 0;
+}
+
+extern "C" int64_t hooked_function_at_0x10016D520(int64_t a1, int64_t *a2, unsigned int a3, int64_t a4) {
+    NSLogger(@"[reMarkable] Hook at 0x10016D520 called!");
+    NSLogger(@"[reMarkable]   a1 = 0x%llx", (unsigned long long)a1);
+    NSLogger(@"[reMarkable]   a2 = %p", a2);
+    if (a2) {
+        NSLogger(@"[reMarkable]   *a2 = 0x%llx", (unsigned long long)*a2);
+    }
+    NSLogger(@"[reMarkable]   a3 = %u (0x%x)", a3, a3);
+    NSLogger(@"[reMarkable]   a4 = 0x%llx", (unsigned long long)a4);
+    
+    // Log memory contents using helper function
+    logMemory("Memory at a1", (void *)a1, 64);
+    logMemory("Memory at a2", (void *)a2, 64);
+    
+    if (a2 && *a2 != 0) {
+        logMemory("Memory at *a2", (void *)*a2, 64);
+    }
+    
+    logMemory("Memory at a4", (void *)a4, 64);
+    
+    if (original_function_at_0x10016D520) {
+        int64_t result = original_function_at_0x10016D520(a1, a2, a3, a4);
+        NSLogger(@"[reMarkable]   result = 0x%llx", (unsigned long long)result);
+        return result;
+    }
+    
+    NSLogger(@"[reMarkable] WARNING: Original function not available, returning 0");
+    return 0;
+}
+
+extern "C" void hooked_function_at_0x1001B6EE0(int64_t a1, int64_t *a2, unsigned int a3) {
+    NSLogger(@"[reMarkable] Hook at 0x1001B6EE0 called!");
+    NSLogger(@"[reMarkable]   a1 = 0x%llx", (unsigned long long)a1);
+    
+    // At a1 (PdfExporter object at 0x7ff4c17391e0):
+    // +0x10   0x000600043EC10    QString (likely document name)
+    NSLogger(@"[reMarkable] Reading QString at a1+0x10:");
+    logMemory("a1 + 0x10 (raw)", (void *)(a1 + 0x10), 64);
+
+    void **qstrPtr = (void **)(a1 + 0x10);
+    void *dataPtr = *qstrPtr;
+
+    if (!dataPtr) {
+        NSLogger(@"[reMarkable] QString has null data pointer");
+        return;
+    }
+
+    // try reading potential size fields near dataPtr
+    int32_t size = 0;
+    for (int delta = 4; delta <= 32; delta += 4) {
+        int32_t candidate = *(int32_t *)((char *)dataPtr - delta);
+        if (candidate > 0 && candidate < 10000) {
+            size = candidate;
+            NSLogger(@"[reMarkable] QString plausible size=%d (found at -%d)", size, delta);
+            break;
+        }
+    }
+
+    if (size > 0) {
+        NSString *qstringValue = [[NSString alloc] initWithCharacters:(unichar *)dataPtr length:size];
+        NSLogger(@"[reMarkable] QString value: \"%@\"", qstringValue);
+    } else {
+        NSLogger(@"[reMarkable] QString: could not find valid size");
+    }
+    
+    NSLogger(@"[reMarkable]   a2 = %p", a2);
+    if (a2) {
+        NSLogger(@"[reMarkable]   *a2 = 0x%llx", (unsigned long long)*a2);
+    }
+    NSLogger(@"[reMarkable]   a3 = %u (0x%x)", a3, a3);
+    
+    if (original_function_at_0x1001B6EE0) {
+        original_function_at_0x1001B6EE0(a1, a2, a3);
+        NSLogger(@"[reMarkable] Original function at 0x1001B6EE0 executed");
+    } else {
+        NSLogger(@"[reMarkable] WARNING: Original function not available");
+    }
+}
+#endif // BUILD_MODE_DEV

@end