_shortMethodDescription 은 LLDB 의 중단점에 사용

전언
https://medium.com/flawless-a...
_shortMethodDescription 은 LLDB 의 브레이크를 수행하는 데 사용되는 단계입니다.

LLDB 연결 프로그램

CMessageMgr과 같은 중단점이 필요한 클래스를 찾은 다음 LLDB 명령줄에 po [className shortMethodDescription]를 입력합니다.

이전의 주소 계산을 피하기 위해 메모리 주소를 찾으십시오.
테스트 환경

아이폰5

사용
주로 CPU가 32비트, 32비트arm 어셈블리이기 때문이다.IDA 무료 버전 64비트 어셈블러 불가
debugserver 열기 및 LLDB 연결

devzkndeMacBook-Pro:doc devzkn$ sshusb
iPhone:~ root# debugserver *:12345 -a "WeChat"
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process WeChat...
Listening to port 12345 for a connection from *...

devzkndeMacBook-Pro:python-client devzkn$ python tcprelay.py -t 12345:12345
devzkndeMacBook-Pro:demo devzkn$ relay12345
Forwarding local port 12345 to remote port 12345

Mac측 LLDB 액세스

포트 전송을 진행한 후, 우리는 lldb 모드에 들어가서 debugserver 연결을 진행합니다.먼저terminal에 lldb 명령을 입력한 다음 아래의 주소를 입력하여 연결합니다.usbmuxd를 사용하여 포트를 전송했기 때문에 로컬 순환 테스트 주소를 사용하여 debugserver 연결을 할 수 있습니다.

process connect connect://127.0.0.1:12345

(lldb) process connect connect://127.0.0.1:12345

(lldb) 
error: Process 347 is currently being debugged, kill the process before connecting.
Process 347 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x373e9e90 libobjc.A.dylib`(anonymous namespace)::AutoreleasePoolPage::AutoreleasePoolPage((anonymous namespace)::AutoreleasePoolPage*) + 4
libobjc.A.dylib`(anonymous namespace)::AutoreleasePoolPage::AutoreleasePoolPage:
->  0x373e9e90 :  add    r12, pc, r12
    0x373e9e94 :  ldr    pc, [r12]
    0x373e9e98 : sbceq  r3, r9, #16, #8

libobjc.A.dylib`defaultBadAllocHandler:
    0x373e9e9c :  ldr    r12, [pc, #0x4]           ; 
Target 0: (WeChat) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x373e9e90 libobjc.A.dylib`(anonymous namespace)::AutoreleasePoolPage::AutoreleasePoolPage((anonymous namespace)::AutoreleasePoolPage*) + 4
    frame #1: 0x373e7daa libobjc.A.dylib`objc_object::sidetable_clearDeallocating() + 46
    frame #2: 0x373d6606 libobjc.A.dylib`objc_destructInstance + 50
    frame #3: 0x29b2a012 CoreFoundation`CFRelease + 1038
    frame #4: 0x373e81a8 libobjc.A.dylib`(anonymous namespace)::AutoreleasePoolPage::pop(void*) + 404
    frame #5: 0x29b34f98 CoreFoundation`_CFAutoreleasePoolPop + 16
    frame #6: 0x2a866dc8 Foundation`-[NSAutoreleasePool release] + 120
    frame #7: 0x2d146380 UIKit`-[UIApplication _run] + 448
    frame #8: 0x2d1411d0 UIKit`UIApplicationMain + 1440
    frame #9: 0x001cacac WeChat`_mh_execute_header + 859308
    frame #10: 0x3794daae libdyld.dylib`start + 2

register read --all
General Purpose Registers:
        r0 = 0x3a086600  libobjc.A.dylib`(anonymous namespace)::SideTable::table_buf
        r1 = 0x00000380
        r2 = 0x182f5214
        r3 = 0x00000000
        r4 = 0x182f5210

(lldb) c
Process 347 resuming
(lldb) 

(lldb) po [CMessageMgr _shortMethodDescription]

(lldb) po [CMessageMgr _shortMethodDescription]
error: Process is running.  Use 'process interrupt' to pause execution.
(lldb) process interrupt
Process 347 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x37a004f0 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x37a004f0 : pop    {r4, r5, r6, r8}
    0x37a004f4 : bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x37a004f8 :  mov    r12, sp
    0x37a004fc :  push   {r4, r5, r6, r8}
Target 0: (WeChat) stopped.

(lldb) po [CMessageMgr _shortMethodDescription]
error: libarclite_iphoneos.a(arclite.o) failed to load objfile for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/arc/libarclite_iphoneos.a
error: libarclite_iphoneos.a(arclite.o) failed to load objfile for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/arc/libarclite_iphoneos.a
error: libarclite_iphoneos.a(arclite.o) failed to load objfile for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/arc/libarclite_iphoneos.a
error: libarclite_iphoneos.a(arclite.o) failed to load objfile for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/arc/libarclite_iphoneos.a
:
in CMessageMgr:
    Class Methods:
        + (void) csendMsg:(id)arg1 toContactUsrName:(id)arg2; (0x522b0e5)
        + (void) modifyUsrInfo:(id)arg1; (0x522ad45)
        + (id) getUserImgUrl; (0x522a2dd)
        + (id) getUserm_taskDataDic; (0x522a0a1)
        + (id) getm_nsNickName; (0x5229481)
        + (void) uploadHDHeadImgWithUrl:(id)arg1; (0x52291a1)
        + (void) sendMsg:(id)arg1 toContactUsrName:(id)arg2; (0x5228c41)
        + (id) GetPathOfOpenUploadFile; (0x263ede3)
        + (id) GetPathOfOpenUploadCDNFile; (0x263ee4d)
    Properties:
        @property (retain, nonatomic) NSString* playingVideoPath;  (@synthesize playingVideoPath = _playingVideoPath;)
        @property (readonly) unsigned int hash;
        @property (readonly) Class superclass;
        @property (readonly, copy) NSString* description;
        @property (readonly, copy) NSString* debugDescription;
    Instance Methods:
        - (void) sendMsg:(id)arg1 toContactUsrName:(id)arg2; (0x52286e1)
        - (void) REQUEST_TYPE_MAKE_FRIENDS:(id)arg1; (0x5227fc1)
        - (void) setupREQUEST_TYPE_MAKE_FRIENDS:(id)arg1 m_nsFromUsrCContact:(id)arg2; (0x5227da1)
        - (void) addAutoVerifyWithArray:(id)arg1 arrayType:(unsigned int)arg2; (0x52274c9)
        - (void) addAutoVerifyWithMessageInfo:(id)arg1; (0x5227301)
        - (void) deleteFriendList:(id)arg1; (0x522708d)
        - (void) setupzombiepowderWithwrap:(id)arg1; (0x5226e49)
        - (void) ShowInContactBookWithchatroomId:(id)arg1; (0x5226ad1)
        - (void) reportchatroomInfoWithWrap:(id)arg1; (0x5226915)
        - (void) reportRESPONSE_TYPE_COLLECT_FRIENDS; (0x5224a05)
        - (void) reportRESPONSE_TYPE_INSPECT_FRIENDS:(id)arg1; (0x5223fc9)
        - (void) reportRESPONSE_TYPE_MAKE_FRIENDS:(id)arg1; (0x5223a85)
        - (BOOL) SetChatRoomDesc:(id)arg1 Desc:(id)arg2; (0x52238bd)
        - (BOOL) SetGroupTopic:(id)arg1 withTopic:(id)arg2; (0x52236fd)
        - (void) setupUPDATE_ROOM:(int)arg1 RoomGuid:(id)arg2 NewValue:(id)arg3; (0x5223375)
        - (void) setupRESPONSE_TYPE:(id)arg1; (0x5222dd1)
        - (void) setupRESPONSE_TYPENOTIFY:(id)arg1; (0x5222c65)
        - (void) AddMsg:(id)arg1 MsgWrap:(id)arg2; (0x26337fd)
        - (void) StartDownloadShortVideo:(id)arg1; (0x26391a7)
        - (void) MessageReturn:(id)arg1 Event:(unsigned long)arg2; (0x263cd5d)
//        

    - (id) GetImgNextMsg:(id)arg1 FromID:(unsigned long)arg2 CreateTime:(unsigned long)arg3; (0x263e0a5)
        - (id) GetImgLastMsg:(id)arg1 FromID:(unsigned long)arg2 CreateTime:(unsigned long)arg3; (0x263e105)
        - (BOOL) runTransaction:(^block)arg1 event:(^block)arg2; (0x263eed5)
        - (void) onServiceInit; (0x263dfbf)
        - (void) onServiceReloadData; (0x263e095)
        - (void) onServiceEnterBackground; (0x263e085)
        - (BOOL) onServiceMemoryWarning; (0x263e063)
        - (void) onServiceClearData; (0x263e067)
        - (BOOL) runTransaction:(^block)arg1; (0x263eeb7)
        - (void) enterBackground; (0x2640827)
        - (void) dealloc; (0x52223d9)
        - (id) init; (0x5222549)
        - (void) .cxx_destruct; (0x26416dd)
(MMService ...)

MessageReturn:MessageInfo:Event: 중단점

        - (void) MessageReturn:(id)arg1 Event:(unsigned long)arg2; (0x263cd5d)

        - (void) MessageReturn:(unsigned long)arg1 MessageInfo:(id)arg2 Event:(unsigned long)arg3; (0x52260f9)

(lldb) b 0x52260f9
Breakpoint 2: where = wlentrust.dylib`_logos_method$_ungrouped$CMessageMgr$MessageReturn$MessageInfo$Event$(CMessageMgr*, objc_selector*, unsigned int, NSDictionary*, unsigned int) + 1 at wlentrust.xm:785, address = 0x052260f9

resuming Process

(lldb) c
Process 347 resuming
Process 347 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
    frame #0: 0x052260f8 wlentrust.dylib`_logos_method$_ungrouped$CMessageMgr$MessageReturn$MessageInfo$Event$(self=0x18261030, _cmd="\x18", arg1=55569772, info=0xb06c2007, arg3=973629440) at wlentrust.xm:785
   782     
   783     #pragma mark - ********      
   784     
-> 785     - (void)MessageReturn:(unsigned int)arg1 MessageInfo:(NSDictionary *)info Event:(unsigned int)arg3 {
   786         
   787         %log();
   788         %orig;
Target 0: (WeChat) stopped.

(lldb) po $r0


(lldb) po $r1
43804954

(lldb) po (char *)$r1
"MessageReturn:MessageInfo:Event:"

(lldb) register read --all
General Purpose Registers:
        r0 = 0x1814e890
        r1 = 0x029c691a  "MessageReturn:MessageInfo:Event:"
        r2 = 0x000000e3
        r3 = 0x184b8350
        r4 = 0x1814e890
        r5 = 0x00000001
        r6 = 0x2d8b00ba  "observer"
        r7 = 0x03b0aae8
        r8 = 0x00000001
        r9 = 0x00000000
       r10 = 0x00000000
       r11 = 0x029c691a  "MessageReturn:MessageInfo:Event:"
       r12 = 0x052260f9  wlentrust.dylib`_logos_method$_ungrouped$CMessageMgr$MessageReturn$MessageInfo$Event$(CMessageMgr*, objc_selector*, unsigned int, NSDictionary*, unsigned int) + 1 at wlentrust.xm:785
        sp = 0x03b0a9e0
        lr = 0x015ff591  WeChat`__cxa_throw + 14624329
        pc = 0x052260f8  wlentrust.dylib`_logos_method$_ungrouped$CMessageMgr$MessageReturn$MessageInfo$Event$(CMessageMgr*, objc_selector*, unsigned int, NSDictionary*, unsigned int) at wlentrust.xm:785
      cpsr = 0x60000030

Floating Point Registers:
        s0 = 0
        s1 = 0

보태다
데이터 모델 내용을 인쇄하는 데 유용한 사유 함수 방법 [모델 대상 ivarDescription];더 많은 흑과학 기술 사유 함수,
일반 명령

(lldb) breakpoint delete
About to delete all breakpoints, do you want to do that?: [Y/n] y
All breakpoints removed. (2 breakpoints)

(lldb) exit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n] y