越狱第一步：导出私有framework的头文件及共有framework中没有暴露的头文件

工具：class-dump 这是一个用于导出frameWork文件中私有头文件的工具
      下载地址http://www.codethecode.com/projects/class-dump/
DumpFrameworks.pl是一个脚本，会在你的主目录下生成private的.h文件
内容如下：
#!/usr/bin/perl
#
# 24 November 2008
# Framework Dumping utility; requires class-dump
#

use strict;

use Cwd;
use File::Path;

my $HOME = (getpwuid($<))[7] || $ENV{'HOME'}
or die "Could not find your home directory!";

# This command must be in your path.
# http://www.codethecode.com/projects/class-dump/
my $CLASS_DUMP = '/Users/whe/Desktop/yueyu/class-dump'; #class-dump工具（命令）所在的目录

# Public Frameworks /xcode4/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk////Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.2.sdk/System/Library
# /Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator4.2.sdk/System/Library/Frameworks /xcode4/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.0.sdk/System/Library
#导出公有framework中没有暴露的头文件，注意是真机版的还是模拟器版的地址
dump_frameworks('/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS7.0.sdk/System/Library/Frameworks',
'Frameworks');

# Private Frameworks
#导出私有framework中的头文件，注意是真机版的还是模拟器版的地址
dump_frameworks('/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS7.0.sdk/System/Library/PrivateFrameworks',
'PrivateFrameworks');

sub dump_frameworks
{
    my($dir, $subdir) = @_;
   
    opendir(my $dirh, $dir) or die "Could not opendir($dir) - $!";
   
    # Iterate through each framework found in the directory
    foreach my $file (grep { /\.framework$/ } readdir($dirh))
    {
        # Extract the framework name
        (my $fname = $file) =~ s/\.framework$//;
        print "Framework: $fname\n";
       
        my $headers_dir = "$HOME/Headers/$subdir/$fname";#头文件导出来之后存放的目录，此处在主目录下，即用户名whe下
       
        # Create the folder to store the headers
        mkpath($headers_dir);
       
        # Perform the class-dump
        my $cwd = cwd();
        chdir($headers_dir) or die "Could not chdir($headers_dir) - $!";
       
        system($CLASS_DUMP, '-H', "$dir/$file");
       
        if($? == -1)
        {
            die "Could not execute $CLASS_DUMP - $!\n";
        }
        #
        # elsif($? & 127)
        # {
        # printf("$CLASS_DUMP died with signal %d, %s coredump\n",
        # ($? & 127), ($? & 128) ? 'with' : 'without');
        # exit;
        # }
        #
        # elsif(my $ret = $? >> 8)
        # {
        # die "The command '$CLASS_DUMP -H $dir/$file' failed, returning $ret\n";
        # }
        #*/
        chdir($cwd) or die "Could not chdir($cwd) - $!";
    }
}

注意：class-dump工具和DumpFrameworks.pl脚本文件都需要更改执行的权限：chmod 777 class-dump 和 chmod 777 DumpFrameworks.pl  最后在终端中执行：./DumpFrameworks.pl  则会在DumpFrameworks.pl中指定的目录下生成所有的头文件，文件比较多，一次导出完毕 方便以后使用