Preface
Sometimes if you want to better understand the calling process of other people's apps, you need to dynamically debug when the app is running. Dynamic debugging refers to running the program, viewing parameters, return values, function call flow, etc. by setting breakpoints, printing, etc.
I won't say much below, let's take a look at the detailed introduction with the editor
The principle of dynamic debugging of Xcode
First, let’s learn about the development of Xcode compilation and debugger. The development history of compiler in Xcode: GCC -> LLVM, the development history of debugger: GDB -> LLDB.
The principle of Xcode debugging applications installed on mobile phones: Xcode sends debugging instructions to debugserver on mobile phones through the LLDB debugger, and debugserver then interacts with the corresponding APP to achieve the debugging effect.
debugserver was first stored in Xcode on Mac, with the path:
/Applications//Contents/Developer/Platforms //DeviceSupport /9.1/ /usr/bin/debugserver
When Xcode recognizes a mobile device, Xcode will automatically install debugserver on the mobile phone.
Limitations of Xcode debugging: Generally speaking, you can only debug APPs installed through Xcode, and you cannot debug other APPs.
Give permissions to debugserver
By default /Developer/usr/bin/debugserver lacks certain permissions, and can only debug apps installed through Xcode. If you want to debug other apps, you need to re-sign debugserver. You can debug permissions on other apps.
The two permissions required are: get-task-allow and task_for_pid-allow
The /Developer directory on the iPhone is read-only and cannot directly sign the /Developer/usr/bin/debugserver file. You need to copy the debugserver to your Mac first.
Export the previous signature permissions of the file through the ldid command:
$ ldid -e debugserver >
This file is actually a plist file. After adding the two permissions mentioned above to this file, re-sign the file through the ldid command.
$ ldid - debugserver
Then put the permissions signed in the /usr/bin directory to facilitate the find of the debugserver directive.
Attach debugserver to an APP process
$ debugserver *:Port number -a process
- *: Port number: Use a certain port of iPhone to start debugserver service (not reserved port)
- -aProcess: Enter the process information of the APP (process ID or process name)
Remote connection to debugserver service on iPhone
Start LLDB:
// Enter at the terminal$ lldb
Connect to debugserver service
(lldb) process connect connect://cell phoneIPaddress:debugserverService port number
Use LLDB's c command to keep running first
(lldb) c
At this point, you can remotely debug other people's apps.
Commonly used LLDB instructions
Set breakpoints to the test method of ViewController
breakpoint set -n "-[ViewController test]"
View instructions for users to use help instructions: help breakpoint, etc.
Print thread stack information: thread backtrace
Many commands are not detailed here, please refer to:/
ASLR
Get the offset of the ASLR:
image list -o -f
The address before the second column of the print result is the offset offset of the ASLR we need.
If we want to add a breakpoint to the test method in a certain class, then we can find the first memory address of the method through the Hooper tool. If it is 0x010101, and then the address plus the offset of the ASLR we get is the actual address of the method. Then use this address to set a breakpoint to the method.
breakpoint set -o 0x010101+offset
At this point, a breakpoint is added to the method, and then when the program calls the method, it will stop at the breakpoint.
Conclusion
When practicing various instructions for lldb, it is recommended to practice various usages on Xcode first, because there will be prompts and intuitive output results, which are easier for us to understand.
Summarize
The above is the entire content of this article. I hope that the content of this article has certain reference value for everyone's study or work. If you have any questions, you can leave a message to communicate. Thank you for your support.