LLDB、cycript

2019-08-04  本文已影响0人  喵喵粉

1. LLDB设置断点

//单个断点
(lldb) breakpoint set -n demoMethod1

//断点设置在一个组内
(lldb) breakpoint set -n "-[ViewController method5]" -n "-[ViewController method4]" -n "-[ViewController method3]"

//1 禁用/激活全部断点
(lldb) breakpoint disable 
(lldb) breakpoint enable

//2 禁用/激活该组内的断点
(lldb) breakpoint disable 2     
(lldb) breakpoint enable 2
 
//3 禁用/激活组内断点              简写
(lldb) breakpoint disable 2.2    break dis 2.2
(lldb) breakpoint enable 2.2     break en 2.2
注意:3设置的断点状态是独立的,不受1、2设置影响

//删除断点
(lldb) breakpoint delete //删除所有的断点
(lldb) breakpoint delete 2 //删除组2所有的断点
(lldb) breakpoint delete 2.2 2.3 2.4 //禁用2.2 2.3 2.4 断点

//给方法加断点
(lldb) breakpoint set -selector method3

//通过方法地址下断点
(lldb) b -a 0x12345

//在Person.m文件eat方法下断点
(lldb) breakpoint set --file Person.m --selector eat

//将包含zzdemo的方法循环设置断点
(lldb) breakpoint set -r zzdemo
Breakpoint 2: 5 locations.
(lldb) breakpoint list 
Current breakpoints:
2: regex = 'zzdemo', locations = 5, resolved = 5, hit count = 6
  2.1: where = demo1`-[ViewController zzdemo2] + 12 at ViewController.m:24:37, address = 0x00000001008764cc, resolved, hit count = 1 
  2.2: where = demo1`-[ViewController zzdemo5] + 36 at ViewController.m:28:17, address = 0x000000010087652c, resolved, hit count = 1 
  2.3: where = demo1`-[ViewController zzdemo1] + 12 at ViewController.m:23:37, address = 0x00000001008764b4, resolved, hit count = 2 
  2.4: where = demo1`-[ViewController zzdemo3] + 12 at ViewController.m:25:37, address = 0x00000001008764e4, resolved, hit count = 1 
  2.5: where = demo1`-[ViewController zzdemo4] + 12 at ViewController.m:26:37, address = 0x00000001008764fc, resolved, hit count = 1 

(lldb) break en 2.2
(lldb) break dis 2.2
(lldb) b -f Person.m -r eat
(lldb) b -f ViewController.m -r demo //.m文件包含demo的所有方法下断点
(lldb) b -n zzdemo1 -n zzdemo2  //设置1组多个方法
(lldb) b zzdemo1
(lldb) break li 
Current breakpoints:
3: regex = 'eat', locations = 1, resolved = 1, hit count = 0
  3.1: where = demo1`-[Person eat] + 20 at Person.m:14:5, address = 0x0000000100876780, resolved, hit count = 0 

5: regex = 'demo', locations = 5, resolved = 5, hit count = 0
  5.1: where = demo1`-[ViewController zzdemo2] + 12 at ViewController.m:24:37, address = 0x00000001008764cc, resolved, hit count = 0 
  5.2: where = demo1`-[ViewController zzdemo5] + 36 at ViewController.m:28:17, address = 0x000000010087652c, resolved, hit count = 0 
  5.3: where = demo1`-[ViewController zzdemo1] + 12 at ViewController.m:23:37, address = 0x00000001008764b4, resolved, hit count = 0 
  5.4: where = demo1`-[ViewController zzdemo3] + 12 at ViewController.m:25:37, address = 0x00000001008764e4, resolved, hit count = 0 
  5.5: where = demo1`-[ViewController zzdemo4] + 12 at ViewController.m:26:37, address = 0x00000001008764fc, resolved, hit count = 0 

(lldb) breakpoint set -n "-[ViewController method5]" -n "-[ViewController method4]" -n "-[ViewController method3]"
Breakpoint 2: 3 locations.
(lldb) breakpoint list
Current breakpoints:
1: file = '/Users/zz/Projects/code/OCPj/demo1/demo1/ViewController.m', line = 42, exact_match = 0, locations = 1, resolved = 1, hit count = 1

  1.1: where = demo1`-[ViewController touchesBegan:withEvent:] + 72 at ViewController.m:43:6, address = 0x000000010477e658, resolved, hit count = 1 

2: names = {'-[ViewController method5]', '-[ViewController method4]', '-[ViewController method3]'}, locations = 3, resolved = 3, hit count = 0
  2.1: where = demo1`-[ViewController method5] + 20 at ViewController.m:39:5, address = 0x000000010477e5e8, resolved, hit count = 0 
  2.2: where = demo1`-[ViewController method4] + 20 at ViewController.m:35:5, address = 0x000000010477e5ac, resolved, hit count = 0 
  2.3: where = demo1`-[ViewController method3] + 20 at ViewController.m:31:5, address = 0x000000010477e570, resolved, hit count = 0 


(lldb) p self.view.backgroundColor = [UIColor redColor];

(lldb) target stop-hook add -o "frame variable"

(lldb) fv vname         ->得到0x12345
(lldb) methods 0x12345  ->该view包含的属性、方法列表,方法名后面带有方法的地址(0x45678)
(lldb) b -a 0x45678     ->通过方法地址下断点
点击按钮触发方法进入断点,通过bt命令查看函数调用栈
若没有恢复符号就用sbt命令

2. LLDB的插件

/usr/local/opt/chisel
/opt/LLDB/lldb_commands

//LLDB默认加载.lldbinit文件
open ~/.lldbinit 

//配置 Chisel
command script import /usr/local/opt/chisel/libexec/fblldb.py
//配置 LLDB
command script import /opt/LLDB/lldb_commands/dslldb.py
cmd 用途
pviews 打印视图层级
pvc vc层级关系
fvc 知道控制器的名称 fvc -n HomeVC
知道控制器的地址 fvc -v 0x12345
fv 类似fvc
presponder 0x1234 查看对象的响应链
taplog 点击按钮后会打印响应者的info
flicker 0x1234 视图隐藏再显示,闪烁效果
vs 0x1234 视图背景呈现红色
pactions 0x1234 查看对象的action、target
pmethods 0x1234 查看类的方法
pinternals 0x1234 查看类的属性、成员变量
methods 0x1234 查看对象的属性和方法(带有地址)
sbt 恢复符号表,查看方法调用栈
search Person 查找Person类型的对象

3. cycript脚本

LLDB 会断住程序
cycript 附加到进程,动态调试,不用断住程序
运行monkey工程

/opt/cycript

open ~/.zshrc

//添加CY变量
export CY=/opt/cycript
export PATH=$CY/:$PATH
cmd 用途
UIApp application
UIWindow.keywindow() <UIWindow: 0x13f0ed300 对象
pviews () 视图层级
choose (UIButton) 打印所有的UIButton类型的对象
.. ..
cy103.sh

配置环境变量

open ~/.zshrc

//添加ZZSHELL目录
export ZZSHELL=/Users/zz/ZZShell
export PATH=$ZZSHELL|$PATH
image.png

给Person类的某个响应方法下断点

  • 通过viewdebug或者lldb找到方法名
  • 下断点 b [Person eat] ,符号未恢复可能不成功
  • fv Person 查看Person类的地址0x1234
  • methods 0x1234 查看类的方法列表,找到eat方法的地址0x3456
  • b -a 0x3456 //eat下断点
  • 点击触发eat事件,xcode进入断点
  • sbt 尝试恢复符号表且查看方法调用栈

4. 封装cy文件

cy文件可以封装常用的变量、方法
用的时候@import cyfilename
cy代码不能用tab键
添加cy文件有2种方式

  • 1)Xcode添加
  • 2)iFunBox手机文件窗口添加,存放路径:/usr/lib/cycript0.9/
hf.cy copy files iFunBox管理cy文件 使用cy文件 com/zz/test.cy

4. 补充

执行cycript 附加进程有2种情景
1.运行monkey工程,在Mac路径下 cycript -r ip:端口
2.在iPhone路径下执行 cycript -p 进程ID

第一种情景:Mac、iPhone需要在同一局域网,需要用xcode运行monkey项目,执行脚本完成附加

sh cy103.sh
image.png

第二种情景:Mac、iPhone用usb线连接,不用运行Xcode,直接启动APP。配置USB端口映射,通过ssh登录iPhone 5s,在5s路径下执行 cycript -p 进程ID

映射Mac12345端口-iPhone22端口 ssh登录 image.png 
cycript -p PUClient
cycript -p 11173
附加进程
上一篇 下一篇

猜你喜欢

热点阅读