The last article has introduced a few tools in general, I believe you are familiar with. Check it out again if you don’t. Ha ha. Without further ado, here is an example of a combination of Hopper, ios-deploy, etc. On the other hand, let us experience the use of LLDB debugging statements such as break
This demo for everyone is through these tools for current application of the corresponding view controller (next looked at are complex, and the entire process is actually the process just display tool use, if you really want to realize this function has a more simple method, we could think of, didn’t think it doesn’t matter, I’m at the end of the article to expose for everyone)
Gets the controller corresponding to the current visible view
- Connect to the real machine, and start LLDB remote debugging
Note Execute the following statement to ensure that the terminal has been CD to weixin. app
Ios – deploy – debug – bundle WeiXin. App
After executing this statement, the APP is installed on the mobile phone and started. The terminal displays the following message starting with (LLDB), indicating successful startup and remote debugging.
- Global breakpoint
br set -n viewWillAppear:
When entering any interface, it will stop and the terminal will display the following information:
The 1 I have indicated in the figure represents the name of the breakpoint used for deletion and other operations
When you operate the APP, it will stop. The terminal is shown as follows:
Now we have the name of the controller that corresponds to the current view. Then type br, dis, press enter, and c to continue the code.
- Gets the current view name
(lldb) po $x0
(lldb) po [(MMUINavigationController*)0x11c1a3c00 viewControllers]
Some tutorials you can see are Po $r0 which is the command for 32-bit machines; Po $x0 is the corresponding 64-bit command
This is a breakpoint to get the name of the current view controller, and I’m going to show you another way
The second:
(lldb) e UIApplication *$app = [UIApplication sharedApplication](lldb) e UIWindow *$keyWindow = $app.keyWindow(lldb) po $keyWindow.rootViewController<MMTabBarController: 0x138947000>(lldb) e MMTabBarController *$tab = $keyWindow.rootViewController(lldb) po $tab.viewControllers<__NSArrayM 0x139775c50>(<MMUINavigationController: 0x1380a2a00>,<MMUINavigationController: 0x138938a00>,<MMUINavigationController: 0x13893d600>,<MMUINavigationController: 0x138943600>)(lldb)e MMUINavigationController *$navi2 = $tab.viewControllers[2](lldb) po $navi2.visibleViewController(SeePeopleNearbyViewController *) $8 = 0x00000001398f55c0
The e syntax in LLDB remote debugging enables the execution of any OC statement similar to Cycript
The third:
Simply open Xcode’s View Debug Hierarchy. 😁 😁
Interrupt point debugging by memory address
First of all, we should popularize a few knowledge, and then do it may be handy.
Base address after module offset = ASLR offset + base address before module offset
-
The offset base address of the module: this address is the real address of the object, and it is the address we use during debugging.
-
Base address before module offset: This is actually the address Hopper resolves to show in our application
-
ASLR(Address Space Layout Randomization) offset: This is a memory Address randomly generated by ASLR. As a security measure, the base address of the module before the offset can be easily obtained by any assembly tool, but it is not so easy to obtain the ASLR offset.
ASLR offset
Image list-o-f “WeChat”
0x0000000000300000 is the OFFSET of ASLR offset
Gets the base address before module offset
Drag the. App file into the Hopper app. Be sure to select the wrong 64-bit uncountable address that matches the number of digits on your phone. The process may be busy. Be patient
Take intercepting messages as an example: search for the name of a function in Hopper
0x00000001029C2964 is the pre-offset base address of the module we are looking for
So let’s get a calculator and this is a hexadecimal calculator and just add it up.
0x102cc2964
Breaking point
br a -s 0x102cc2964
Next you can look for a beauty to send a message to see. Ha ha
ni
(lldb) po $x0