IOS Reverse Development – Summary of Terminal Tool Commands (1)
Use LLDB dynamic debugging has been installed on the phone App can not do their own projects in the West Xcode as the arbitrary debugging, record some debugging usage, can help us dynamic debugging without source code installed to the phone project.
Debug the breakpoint
-
You can use help for detailed usage
Help breakpoint
Help breakpoint set
-
Set breakpoints for functions
Breakpoint set -n Specifies the function name
breakpoint set -n test
breakpoint set -n touchesBegan:withEvent:
breakpoint set -n "-[ViewController touchesBegan:withEvent:]"
Breakpoint set -a Function address
Breakpoint set -r Regular expression
Breakpoint set -s Dynamic library -n Specifies the function name
-
Breakpoint list: Lists breakpoints (including breakpoint numbers)
-
Breakpoint disable Breakpoint number: disables breakpoints
-
Breakpoint enable Breakpoint number: enables breakpoints
-
Breakpoint delete Breakpoint number: deletes a breakpoint
-
breakpoint command
-
Breakpoint Command add Breakpoint number
Set executable code or commands for breakpoints in advance, and execute them in sequence when they are triggered
-
Breakpoint Command List Breakpoint number
View the code or command for which a breakpoint has been set
-
Breakpoint Command delete Number of a breakpoint
The code or command to remove breakpoint Settings
-
Debug Express, Call, Print, P, Po
-
In fact, express, call, print, P function is similar, can directly use P
-
Express-o — XXX, like Po, is similar to NSLog printing
So it’s good to know how to use P and Po
(LLDB) p array (__NSArrayI *) $0 = 0x0000600000c86820 @"3 elements" (LLDB) Po array <__NSArrayI 0x600000c86820> dfas, dfdaf, dfadf )Copy the code
Function call stack
Thread backtrace short for bt
Run the thread return command to end the current method by passing all subsequent operations of the method
The frame variable command prints the variable of the current stack frame
The command thread continue, continue program continues, short for C
The command thread step-over and next are run in a single step, and function calls are skipped in one step, abbreviated n
Run the thread step-in and step commands in a single step, and enter the function when the function is called
The thread step-out and finish commands directly execute all the current code and return to the previous function
- Si (Stepi) and Ni (Nexti) are similar to S and N
S and n are source level debugging commands
Si and ni are commands used to debug assembly
Memory breakpoint
-
Triggered when memory data changes
-
watchpoint set variable
watchpoint set variable self->age
-
Watchpoint set expression Address
watchpoint set expression &(self->_age)
-
-
watchpoint list
-
Watchpoint Disable Breakpoint number
-
Watchpoint enable Number of a breakpoint
-
Watchpoint delete Breakpoint number
-
Watchpoint Command add Breakpoint number
-
Watchpoint Command List Breakpoint number
-
Watchpoint Command delete Number of a breakpoint
Module (mirror) lookup
-
The dynamic library of the system and the executable file of App are modules
-
image lookup
-
Image lookup -t Type: searches for information of a certain type
image lookup -t NSArray
-
Image lookup -a Address: searches the location of a module based on the memory address
-
Image lookup -n Symbol or function name: Finds the location of a symbol or function
-
-
Image List: lists information about loaded modules
-
Image list -o-f: displays the offset address and full path of the module
Memory operations
-
Register Read: Reads the value of a register
-
Register Write Register value: Changes the register value
-
Read the value of the corresponding memory address
-
X/Number, format, byte size memory address
X /4xg 0x00001001: Reads four segments of memory data based on the address. The data is in hexadecimal format, and each segment contains eight bytes
X 0x00001001: Reads memory data byte by byte
-
format
Hexadecimal x
Floating point f
D decimal
-
Byte size
B 1 byte
H 2 bytes
W 4 bytes
G 8 bytes
-
-
Memory Write Memory address Value: Modifies the memory value
tip
- According to the
Enter
Key to automatically execute the last command - Use command abbreviations whenever possible