From cc9e3d9fb71f03cd6ba8921d34c69b04685f035e Mon Sep 17 00:00:00 2001
From: iddoeldor <iddo.eldor.work@gmail.com>
Date: Sun, 18 Aug 2019 12:05:00 +0300
Subject: [PATCH] stalker

---
 README.md | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6c94a60..ad9101e 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@
 * [`Intercept entire module`](#intercept-entire-module)
 * [`Dump memory segments`](#dump-memory-segments)
 * [`Memory scan`](#memory-scan)
-
+* [`Stalker`](#stalker)
 
 </details>
 
@@ -1766,6 +1766,47 @@ pattern [ 52 41 4e 44 4f 4d ] {
 <br>[⬆ Back to top](#table-of-contents)
 
 
+
+
+
+
+
+#### Stalker
+
+```js
+  Interceptor.attach(ObjC.classes.CustomClass['- func'].implementation, {
+    onEnter: function (args) {
+      var tid = Process.getCurrentThreadId();
+      this.tid = tid;
+      console.warn(`onEnter [ ${tid} ]`);     
+      Stalker.follow(tid, {
+        transform: function (iterator) {
+          var instruction;
+          while ((instruction = iterator.next()) !== null) {
+            iterator.keep();
+            console.log('\t' + instruction.address, instruction.toString()); // to get offset > save module base & use .sub()
+          }
+        }
+      })
+    },  
+    onLeave: function (retval) {
+      console.log(`onLeave [ ${this.tid} ]`);
+      // cleanup
+      Stalker.unfollow(this.tid);
+      Stalker.garbageCollect();
+    }   
+  })  
+```
+
+<details>
+<summary>Output example</summary>
+TODO
+</details>
+
+<br>[⬆ Back to top](#table-of-contents)
+
+
+
 #### Device properties
 Example of quick&dirty iOS device properties extraction