issuhub.com

Microsoft Word - iOSAppReverseEngineering.docx

(Romina) #1

menu. You can fix the issue by re-enabling development mode on this device.


When you exit debugserver, the process being debugged also exits. The configuration of


debugserver is over for now, the following operation are performed on LLDB.


4.3.5 Use LLDB


Before introducing LLDB, we need to know a big bug in the latest LLDB: LLDB (version


320.x.xx) in Xcode 6 sometimes messes up ARM with THUMB instructions on armv7 and


armv7s devices, making it impossible to debug. Before the publishing of this book, the bug has


not been fixed yet. A temporary solution is to download and install Xcode 5.0.x from


https://developer.apple.com/downloads/index.action, their built-in LLDB (version 300.x.xx)


works fine on armv7 and armv7s devices. When you’re installing the old version of Xcode,


make sure you install it in a different path from the current Xcode, say


“/Applications/OldXcode.app”, thus it won’t affect the current Xcode. To launch the old LLDB,


you need to specify the full path:


snakeninnysiMac:~ snakeninny$ /Applications/OldXcode.app/Contents/Developer/usr/bin/lldb

Then the old LLDB will launch and you can connect it to the waiting debugserver:


(lldb) process connect connect://iOSIP:1234

Process 790987 stopped

* thread #1: tid = 0xc11cb, 0x3995b4f0 libsystem_kernel.dylib`mach_msg_trap + 20, queue

= 'com.apple.main-thread, stop reason = signal SIGSTOP

frame #0: 0x3995b4f0 libsystem_kernel.dylib`mach_msg_trap + 20

libsystem_kernel.dylib`mach_msg_trap + 20:




  • 0x3995b4f0: pop {r4, r5, r6, r8}
    0x3995b4f4: bx lr





libsystem_kernel.dylib`mach_msg_overwrite_trap:

0x3995b4f8: mov r12, sp

0x3995b4fc: push {r4, r5, r6, r8}

Note, the execution of “process connect connect://iOSIP:1234” will take a rather long time


(approximately more than 3 minutes in a WiFi environment) to connect to debugserver, please


be patient. In section 4.6, there will be an introduction to connecting to debugserver through


USB, which will save a lot of time. When the process is stopped by debugserver, we can start


debugging. Let’s have a look at the commonly used commands in LLDB.



  1. image list


“image list” is similar to “info shared” in GDB, which is used to list the main executable and


all dependent libraries (hereinafter referred to as images) in the debugged process. Because of


ASLR (Address Space Layout Randomization, see http://theiphonewiki.com/wiki/ASLR),,)

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.