A simple suggestion to work around this issue
Why not read a class name from memory directly? Let’s start from class_getName().
Class_getName() calls _class_getName() with the parameter “Class”. _class_getName changes its parameter “Class” to “class_t *” and calls getName() to get a class name. Let’s take a look at the structures used here.
We are ready to check if we can use this data in gdb. Load Safari and set a bp at objc_msgSend().
The first parameter of objc_msgSend() is id.
We can get Class from the first parameter (r0).
As Class is changed to class_t, we need to access 0x3a2927b3 with the class_t structure data. Find the value of data (class_rw_t) in the class_t.
A class_rw_t structure resides at 0x1cd286c0. Its offset 8 has “const class_ro_t *ro”.
const class_ro_t has char * for a class name at offset 16.
Let’s see how it works with a gdb script.
Please note that this approach just deals with one of the two cases to get a class name. A little more work is required for a complete solution. Refer to the getName() code for this.
OS: iOS 6.01
Device: jailbroken iPod 4G