09---LLDB
2020-03-12 本文已影响0人
清风烈酒2157
[TOC]
LLDB(Low Lever Debug):
默认内置于Xcode中的动态调试工具。标准的 LLDB 提供了一组广泛的命令.
断点设置:
- 设置断点 $breakpoint set -n XXX set 是子命令 -n 是选项 是--name 的缩写!
- 查看断点列表 $breakpoint list
- 删除 $breakpoint delete 组号 (不能禁用单个)
- 删一组 禁用/启用
- $breakpoint disable 禁用
- $breakpoint enable 启用
- 遍历整个项目中满足Game:这个字符的所有方法 $breakpoint set -r Game:
🌰代码:
1️⃣
(lldb) breakpoint set -n save:
Breakpoint 1: 6 locations.
2️⃣
(lldb) breakpoint list
Current breakpoints:
1: name = 'save:', locations = 6, resolved = 6, hit count = 1
1.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, resolved, hit count = 1
1.2: where = CoreData`-[NSManagedObjectContext save:], address = 0x00000001180eb3c0, resolved, hit count = 0
1.3: where = CoreData`-[NSAtomicStore save:], address = 0x000000011815a8c7, resolved, hit count = 0
1.4: where = CoreData`-[NSCloudKitMirroringDelegatePreJazzkonMetadata save:], address = 0x00000001181b2da2, resolved, hit count = 0
1.5: where = AppleAccount`-[AALoginContextTransientStorage save:], address = 0x0000000118e1e446, resolved, hit count = 0
1.6: where = AccountsDaemon`-[ACDKeychainItem save:], address = 0x00000001195d8d5a, resolved, hit count = 0
3️⃣
(lldb) breakpoint delete 1
1 breakpoints deleted; 0 breakpoint locations disabled.
(lldb) breakpoint list
No breakpoints currently set.
(lldb)
4️⃣
(lldb) breakpoint set -n "[ViewController save:]" -n "[ViewController pauseGame:]" -n "[ViewController continueGame:]"
Breakpoint 4: 3 locations.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3, resolved = 3, hit count = 0
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, resolved, hit count = 0
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, resolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, resolved, hit count = 0
5️⃣
1.
(lldb) breakpoint disable 4.1
1 breakpoints disabled.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3, resolved = 2, hit count = 0
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, unresolved, hit count = 0 Options: disabled
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, resolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, resolved, hit count = 0
2.
breakpoint disable 4
1 breakpoints disabled.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3 Options: disabled
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, unresolved, hit count = 0 Options: disabled
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, unresolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, unresolved, hit count = 0
3.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3, resolved = 2, hit count = 0
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, unresolved, hit count = 0 Options: disabled
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, resolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, resolved, hit count = 0
4.
(lldb) breakpoint enable 4.1
1 breakpoints enabled.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3, resolved = 3, hit count = 0
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, resolved, hit count = 0
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, resolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, resolved, hit count = 0
6️⃣ 查询
(lldb) help
Debugger commands:
apropos -- List debugger commands related to a word or subject.
breakpoint -- Commands for operating on breakpoints (see 'help b' for
shorthand.)
bugreport -- Commands for creating domain-specific bug reports.
command -- Commands for managing custom LLDB commands.
disassemble -- Disassemble specified instructions in the current
target. Defaults to the current function for the
current thread and stack frame.
expression -- Evaluate an expression on the current thread. Displays
any returned value with LLDB's default formatting.
7️⃣ 查找方法
(lldb) breakpoint set --selector touchesBegan:withEvent:
Breakpoint 5: 95 locations.
(lldb) breakpoint list
Current breakpoints:
4: names = {'[ViewController save:]', '[ViewController save:]', '[ViewController pauseGame:]', '[ViewController pauseGame:]', '[ViewController continueGame:]', '[ViewController continueGame:]'}, locations = 3, resolved = 3, hit count = 0
4.1: where = 001--LLDB调试`-[ViewController save:] + 43 at ViewController.m:33:5, address = 0x000000010318bcdb, resolved, hit count = 0
4.2: where = 001--LLDB调试`-[ViewController pauseGame:] + 43 at ViewController.m:36:5, address = 0x000000010318bd2b, resolved, hit count = 0
4.3: where = 001--LLDB调试`-[ViewController continueGame:] + 43 at ViewController.m:39:5, address = 0x000000010318bd7b, resolved, hit count = 0
5: name = 'touchesBegan:withEvent:', locations = 95, resolved = 95, hit count = 0
8️⃣ 删除断点
(lldb) breakpoint dele
About to delete all breakpoints, do you want to do that?: [Y/n] y
All breakpoints removed. (2 breakpoints)
(lldb) breakpoint list
No breakpoints currently set.
(lldb)
9️⃣ breakpoint set -r game 查找有包含game
(lldb) breakpoint set -r game
Breakpoint 6: 40 locations.
(lldb) breakpoint list
Current breakpoints:
6: regex = 'game', locations = 40, resolved = 40, hit count = 0
6.1: where = Foundation`+[NSUnitArea squareMegameters], address = 0x000000010360d7bd, resolved, hit count = 0
1️⃣0️⃣ breakpoint set --file xxxxxxxx.m -r game 在某个文件中查找
(lldb) breakpoint set --file ViewController.m -r game
Breakpoint 7: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
(lldb) breakpoint list
Current breakpoints:
6: regex = 'game', locations = 40, resolved = 40, hit count = 0
6.1: where = Foundation`+[NSUnitArea squareMegameters], address = 0x000000010360d7bd, resolved, hit count = 0
6.2: where = Foundation`+[NSUnitLength megameters], address = 0x000000010360ed88, resolved, hit count = 0
6.3: where = CoreServices`-[LSApplicationProxy gameCenterEverEnabled], address = 0x0000000104cc31c3, resolved, hit count = 0
6.4: where = MobileInstallation`-[MIStoreMetadata gameCenterEverEnabled], address = 0x0000000104fd250c, resolved, hit count = 0
简写:
b "[]"
b -file ViewController.m -r xxxx
break li
break dis xxx
break en xxx
po
(lldb) expression self.view
(UIView *) $0 = 0x00007fdea140ccd0
(lldb) p self.view 打印对象指针
(UIView *) $1 = 0x00007fdea140ccd0
(lldb) po self.view 打印对象本事
<UIView: 0x7fdea140ccd0; frame = (0 0; 414 896); autoresize = W+H; layer = <CALayer: 0x600000356b20>>
(lldb) help p
'p' is an abbreviation for 'expression --'
(lldb) help po
Evaluate an expression on the current thread. Displays any returned value
'po' is an abbreviation for 'expression -O --'
(lldb) help expression //description方法
-O ( --object-description )
Display using a language-specific description API, if possible.
🌰
(lldb) break set -n "[ViewController touchesBegan:withEvent:]"
Breakpoint 2: where = 001--LLDB调试`-[ViewController touchesBegan:withEvent:] + 77 at ViewController.m:89:6, address = 0x000000010b02e29d
(lldb) c
Process 881 resuming
(lldb) p self.models.lastObject
(Person *) $0 = 0x00006000037f5f40
(lldb) p [(Person*)$0 setValue:@"123" forKey:@"name"]
(lldb) p self.models.lastObject
(Person *) $1 = 0x00006000037f5f40
(lldb) po (Person *) $1
<Person: 0x6000037f5f40>
(lldb) p (Person *) $1
(Person *) $3 = 0x00006000037f5f40
(lldb) p $3.name
(NSTaggedPointerString *) $4 = 0x985581b6bcce9f02 @"123"
(lldb) p $3.name = @"12234"
(NSTaggedPointerString *) $5 = 0x985582f58cde9f04 @"12234"
(lldb)
(lldb) p Person *p = [[Person alloc] init]; p.name = @"test"; p.age = 12; [self.models addObject:p];
(lldb) p self.models
(__NSArrayM *) $7 = 0x00006000039b1f80 @"4 elements"
(lldb)
(lldb) po self.models
<__NSArrayM 0x6000039b1f80>(
<Person: 0x6000037f5fa0>,
<Person: 0x6000037f5f60>,
<Person: 0x6000037f5f40>,
<Person: 0x6000037a48a0>
)
lldm 主要用于动态调试
要知道你所调试model的属性
查看函数调用栈
bt指令
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
* frame #0: 0x000000010b02e29d 001--LLDB调试`-[ViewController touchesBegan:withEvent:](self=0x00007fc0d0405410, _cmd="touchesBegan:withEvent:", touches=1 element, event=0x00006000006ec640) at ViewController.m:89:6
frame #1: 0x000000010efd9863 UIKitCore`forwardTouchMethod + 340
frame #2: 0x000000010efd96fe UIKitCore`-[UIResponder touchesBegan:withEvent:] + 49
frame #3: 0x000000010efe88de UIKitCore`-[UIWindow _sendTouchesForEvent:] + 1867
frame #4: 0x000000010efea4c6 UIKitCore`-[UIWindow sendEvent:] + 4596
frame #5: 0x000000010efc553b UIKitCore`-[UIApplication sendEvent:] + 356
frame #6: 0x000000010f04671a UIKitCore`__dispatchPreprocessedEventFromEventQueue + 6847
frame #7: 0x000000010f0491e0 UIKitCore`__handleEventQueueInternal + 5980
frame #8: 0x000000010ba47471 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #9: 0x000000010ba4739c CoreFoundation`__CFRunLoopDoSource0 + 76
frame #10: 0x000000010ba46b74 CoreFoundation`__CFRunLoopDoSources0 + 180
frame #11: 0x000000010ba4187f CoreFoundation`__CFRunLoopRun + 1263
frame #12: 0x000000010ba41066 CoreFoundation`CFRunLoopRunSpecific + 438
frame #13: 0x0000000115062bb0 GraphicsServices`GSEventRunModal + 65
frame #14: 0x000000010efacd4d UIKitCore`UIApplicationMain + 1621
frame #15: 0x000000010b02e3d0 001--LLDB调试`main(argc=1, argv=0x00007ffee4bd0d08) at main.m:14:16
frame #16: 0x000000010d3a3c25 libdyld.dylib`start + 1
frame #17: 0x000000010d3a3c25 libdyld.dylib`start + 1 //第一个调用
如果是别人的代码可能是汇编
up 查看上一个调用
down 查看下一个
Frame
frame select 编号
frame variable 查看当前方法局部变量
(lldb) frame select 0
frame #0: 0x000000010b02e29d 001--LLDB调试`-[ViewController touchesBegan:withEvent:](self=0x00007fc0d0405410, _cmd="touchesBegan:withEvent:", touches=1 element, event=0x00006000006ec640) at ViewController.m:89:6
86 -(void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event
87 {
88 // [self eatWithObject:@"汉堡"];
-> 89 [self hankTest1];
^
90 }
91
92 @end
(lldb) frame variable
(ViewController *) self = 0x00007fc0d0405410
(SEL) _cmd = "touchesBegan:withEvent:"
(__NSSetM *) touches = 0x00006000037f6600 1 element
(UITouchesEvent *) event = 0x00006000006ec640
(lldb)
修改
2020-03-10 22:11:31.452222+0800 001--LLDB调试[1163:66582] 123
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
* frame #0: 0x0000000102521fce 001--LLDB调试`-[ViewController hankTest4WithStr:](self=0x00007fde65e05600, _cmd="hankTest4WithStr:", str=@"123") at ViewController.m:62:21
frame #1: 0x0000000102521f72 001--LLDB调试`-[ViewController hankTest3WithStr:](self=0x00007fde65e05600, _cmd="hankTest3WithStr:", str=@"123") at ViewController.m:57:5
frame #2: 0x0000000102521f07 001--LLDB调试`-[ViewController hankTest2WithStr:](self=0x00007fde65e05600, _cmd="hankTest2WithStr:", str=@"123") at ViewController.m:53:5
frame #3: 0x0000000102521e96 001--LLDB调试`-[ViewController hankTest1](self=0x00007fde65e05600, _cmd="hankTest1") at ViewController.m:48:5
frame #4: 0x00000001025222ba 001--LLDB调试`-[ViewController touchesBegan:withEvent:](self=0x00007fde65e05600, _cmd="touchesBegan:withEvent:", touches=1 element, event=0x000060000044cbe0) at ViewController.m:89:5
frame #5: 0x0000000106295863 UIKitCore`forwardTouchMethod + 340
frame #6: 0x00000001062956fe UIKitCore`-[UIResponder touchesBegan:withEvent:] + 49
frame #7: 0x00000001062a48de UIKitCore`-[UIWindow _sendTouchesForEvent:] + 1867
frame #8: 0x00000001062a64c6 UIKitCore`-[UIWindow sendEvent:] + 4596
frame #9: 0x000000010628153b UIKitCore`-[UIApplication sendEvent:] + 356
frame #10: 0x000000010630271a UIKitCore`__dispatchPreprocessedEventFromEventQueue + 6847
frame #11: 0x00000001063051e0 UIKitCore`__handleEventQueueInternal + 5980
frame #12: 0x0000000102f3b471 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #13: 0x0000000102f3b39c CoreFoundation`__CFRunLoopDoSource0 + 76
frame #14: 0x0000000102f3ab74 CoreFoundation`__CFRunLoopDoSources0 + 180
frame #15: 0x0000000102f3587f CoreFoundation`__CFRunLoopRun + 1263
frame #16: 0x0000000102f35066 CoreFoundation`CFRunLoopRunSpecific + 438
frame #17: 0x000000010aeb7bb0 GraphicsServices`GSEventRunModal + 65
frame #18: 0x0000000106268d4d UIKitCore`UIApplicationMain + 1621
frame #19: 0x00000001025223d0 001--LLDB调试`main(argc=1, argv=0x00007ffeed6dcd08) at main.m:14:16
frame #20: 0x0000000104897c25 libdyld.dylib`start + 1
frame #21: 0x0000000104897c25 libdyld.dylib`start + 1
(lldb) frame select 0
frame #0: 0x0000000102521fce 001--LLDB调试`-[ViewController hankTest4WithStr:](self=0x00007fde65e05600, _cmd="hankTest4WithStr:", str=@"123") at ViewController.m:62:21
59 }
60
61 -(void)hankTest4WithStr:(NSString *)str{
-> 62 NSLog(@"4---%@",str);
^
63 }
64
65
(lldb) frame variable
(ViewController *) self = 0x00007fde65e05600
(SEL) _cmd = "hankTest4WithStr:"
(__NSCFConstantString *) str = 0x0000000102524120 @"123"
(lldb) p str = @"222"
(NSTaggedPointerString *) $0 = 0x8abcea3a7c8cb7a5 @"222"
(lldb) c
Process 1163 resuming
2020-03-10 22:11:54.054134+0800 001--LLDB调试[1163:66582] 4---222
2020-03-10 22:11:54.054140+0800 001--LLDB调试[1163:67097] XPC connection interrupted
2020-03-10 22:11:54.054315+0800 001--LLDB调试[1163:66582] 3---123
以上修改是不改变最后结果
thread return 代码回滚
(lldb) thread return
(lldb) thread return
(lldb) frame variable
(ViewController *) self = 0x00007fb9c74005a0
(SEL) _cmd = "hankTest2WithStr:” //当前代码执行完{} return
(__NSCFConstantString *) str = 0x000000010d0ab120 @"123"
(lldb) p str = @"222"
(NSTaggedPointerString *) $0 = 0xd5f3597c17b80c9a @"222"
(lldb) c
Process 1362 resuming
2020-03-10 22:31:47.354611+0800 001--LLDB调试[1362:82027] XPC connection interrupted
2020-03-10 22:31:47.354659+0800 001--LLDB调试[1362:81564] 2---222
上面还需要练习
以上在逆向中无效! 逆向只有macho文件.
内存断点
(lldb) watchpoint set variable p1->_name
Watchpoint created: Watchpoint 1: addr = 0x600003fd9290 size = 8 state = enabled type = w
declare @ '/Volumes/吕亚洲/iOS应用安全/20191023-应用安全-第九讲-LLDB/009--LLDB/代码/001--LLDB调试/001--LLDB调试/ViewController.m:70'
watchpoint spec = 'p1->_name'
new value: 0x000000010ad001a0
(lldb) c
Process 1519 resuming
2020-03-10 22:50:23.951974+0800 001--LLDB调试[1519:95673] 4---123
2020-03-10 22:50:23.952217+0800 001--LLDB调试[1519:95673] 3---123
2020-03-10 22:50:23.952331+0800 001--LLDB调试[1519:95673] 2---123
Watchpoint 1 hit:
old value: 0x000000010ad001a0
new value: 0x000000010ad001e0
(lldb) po 0x000000010ad001a0
one
(lldb) po 0x000000010ad001e0
new
command指令
(lldb) b hankTest4WithStr:
Breakpoint 1: where = 001--LLDB调试`-[ViewController hankTest4WithStr:] + 46 at ViewController.m:62:21, address = 0x0000000101b52f2e
(lldb) breakpoint list
Current breakpoints:
1: name = 'hankTest4WithStr:', locations = 1, resolved = 1, hit count = 0
1.1: where = 001--LLDB调试`-[ViewController hankTest4WithStr:] + 46 at ViewController.m:62:21, address = 0x0000000101b52f2e, resolved, hit count = 0
2: name = 'l', locations = 0 (pending)
3: name = 'li', locations = 0 (pending)
breakpoint command
(lldb) breakpoint command add 1
Enter your debugger command(s). Type 'DONE' to end.
> p self
> p self.view
> DONE
(lldb) c
Process 1583 resuming
p self
(ViewController *) $0 = 0x00007ffbd050bb00
p self.view
(UIView *) $1 = 0x00007ffbd04087e0
(lldb) breakpoint command delete 1
(lldb) breakpoint command list 1
Breakpoint 1 does not have an associated command.
只能断一组
target-stop-hook
(lldb) target stop-hook add -o "frame variable"
Stop hook #1 added.
(lldb) c
Process 7855 resuming
(ViewController *) self = 0x00007fafc2e05da0
(SEL) _cmd = "touchesBegan:withEvent:"
(__NSSetM *) touches = 0x0000600001ea33e0 1 element
(UITouchesEvent *) event = 0x0000600002fb0a00
(__NSSetM *) p1 = 0x0000600001ea33e0 1 element
(lldb) target stop-hook list
Hook: 1
State: enabled
Commands:
frame variable
(lldb) target stop-hook delete //undisplay 编号
Delete all stop hooks?: [Y/n] y
(lldb) target stop-hook list
No stop hooks.
(lldb)
终端:
Last login: Wed Mar 11 12:12:13 on ttys004
lvasia@lvAsiadeMacBook-Pro ~ pwd
/Users/lvasia
lvasia@lvAsiadeMacBook-Pro ~ vi .lldbinit
lvasia@lvAsiadeMacBook-Pro ~
ASLR
待定
