lldb命令
常用命令
image list 模块列表
image list -o -f
x 0x1234567 内存
dis -s 0x1234567 反汇编
p/x
p/d
p/c for a character
p/s for a string
register read
br li
br dis 1
br del 1
br s -a 0x104334
b
c
bt
script
pinternals
(lldb) po $x0
(lldb) po $rdi
(lldb) po [0x7f8427d0d040 _ivarDescription]
(lldb) po [self _ivarDescription]
(lldb) po [self _methodDescription]
(lldb) po [self _shortMethodDescription]
Updating the UI(强制断点后)
(lldb) po [[[UIApplication sharedApplication] keyWindow] recursiveDescription]
<UIWindow: 0x7fed606064a0; frame = (0 0; 375 667); autoresize = W+H; gestureRecognizers = <NSArray: 0x6000024da070>; layer = <UIWindowLayer: 0x600002a89fc0>>
| <UIView: 0x7fed60509780; frame = (0 0; 375 667); autoresize = W+H; layer = <CALayer: 0x600002ac8300>>
| | <_UILayoutGuide: 0x7fed6050e0f0; frame = (0 0; 0 20); hidden = YES; layer = <CALayer: 0x600002ac82a0>>
| | <_UILayoutGuide: 0x7fed6050e500; frame = (0 667; 0 0); hidden = YES; layer = <CALayer: 0x600002ac83c0>>
(lldb) e id $myView = (id)0x7fed60509780
(lldb) e (void)[$myView setBackgroundColor:[UIColor greenColor]]
(lldb) e (void)[CATransaction flush]
Pushing a View Controller
(lldb) e id $nvc = [[[UIApplication sharedApplication] keyWindow] rootViewController]
(lldb) e id $vc = [UIViewController new]
(lldb) e (void)[[$vc view] setBackgroundColor:[UIColor yellowColor]]
(lldb) e (void)[$vc setTitle:@"Yay!"]
(lldb) e (void)[$nvc pushViewContoller:$vc animated:YES]
(lldb) e (void)[CATransaction flush]
Observing an Instance Variable Changing
(lldb) p (ptrdiff_t)ivar_getOffset((struct Ivar *)class_getInstanceVariable([MyView class], "_layer"))
(ptrdiff_t) $0 = 8
(lldb) watchpoint set expression -- (int *)$myView + 8
Watchpoint created: Watchpoint 3: addr = 0x7fa554231340 size = 8 state = enabled type = w
new value: 0x0000000000000000
Symbolic Breakpoints on Non-Overridden Methods
(lldb) bmessage -[MyViewController viewDidAppear:]
Setting a breakpoint at -[UIViewController viewDidAppear:] with condition (void*)object_getClass((id)$rdi) == 0x000000010e2f4d28
Breakpoint 1: where = UIKit`-[UIViewController viewDidAppear:], address = 0x000000010e11533c
How debuggers work
- https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-part-1.html
- https://eli.thegreenplace.net/2011/01/27/how-debuggers-work-part-2-breakpoints
- https://eli.thegreenplace.net/2011/02/07/how-debuggers-work-part-3-debugging-information
Dancing in the Debugger — A Waltz with LLDB
- https://www.objc.io/issues/19-debugging/lldb-debugging/
chisel
- https://github.com/facebook/chisel
- http://www.arigrant.com/blog/2014/2/18/chisels-print-invocation-command
- https://www.imooc.com/article/37396
chisel原理
lldb可加载python脚本(配置文件
.lldbinit
配置入口python文件和入口函数
__lldb_init_module
),脚本里有lldb接口可以执行命令串和OC代码,所以脚本可扩展的很复杂。同时,也支持动态库扩展功能函数,比如内存搜索OC对象的
PrintInstances
函数。
others
《Advanced_Apple_Debugging_&_Reverse_Engineering_v1.0》
backboardd
- The render server is actually another process (called backboardd)。
springboard
![吃透MVC,驯服烂代码 吃透MVC,驯服烂代码[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)