- Launch the program under the conditions you specify;^
- Stop the program under the conditions you specify;^
- Inspect the internal status of a program when it stops;^
-^ Modify the program when it stops, and observe the modification of its execution flow.^
LLDB is a command line tool, it does not have a graphical interface. Its mass output in
Terminal scares off beginners easily, but once you master the basic commands of LLDB, you’ll
be surprised by its formidable combination with IDA. LLDB runs in OSX, so to debug iOS, we
need another tool’s assistance on iOS, which is debugserver.
4.3.2 Introduction to debugserver
debugserver runs on iOS. As its name suggests, it plays the role of a server and executes the
commands from LLDB (as a client), then returns the results to LLDB to show to the user. This
working mode is called “remote debugging”. By default, debugserver is not installed on iOS. We
need to connect the device to Xcode, configure it to enable debugging in menu Window→
Devices, then debugserver will be installed to “/Developer/usr/bin/” on iOS.
However, because of the lack of task_for_pid permission, the raw debugserver installed by
Xcode can only debug our own Apps. Debugging our own Apps is no mystery in App
development, and since we have our own Apps’ source code, there is no need to reverse them.
It’ d only be cool if we can debug other Apps. No worry, here comes the solution. With a little
hacking, debugserver and LLDB can be used to debug other Apps, maximizing their power.
4.3.3 Configure debugserver
- Help debugserver lose some weight
Find the corresponding ARM type of your device according to table 4-1.
Name ARM
iPhone 4s armv7
iPhone 5 armv7s
iPhone 5c armv7s
iPhone 5s arm64
iPhone 6 Plus arm64
iPhone 6 arm64