Process 97048 resuming
__NSArrayM
(char *) $11 = 0x26c6bbc3 "count"
Process 97048 resuming
Command #3 'c' continued the target.“br com add” is often used to automatically obverse the changes in the context of a
breakpoint when it is hit, which often implies valuable reverse engineering clues. We’ll see how
to use this command in the latter half of this book.
Thanks to “print” command, “inspecting the internal status of a program when it stops” is
possible. As its name implies, this command can print the value of a register, variable,
expression, etc. Again, let’s illustrate the use of “print” with “-[SpringBoard
_menuButtonDown:]”, as shown in figure 4-18.
Figure 4- 18 [SpringBoard _menuButtonDown:]
The base address with offset of “MOVS R6, #0” is known to be 0xE37DE, let’s set a
breakpoint on it and print R6’s value when we hit the breakpoint:
(lldb) br s - a 0xE37DE
Breakpoint 2: where = SpringBoard`___lldb_unnamed_function299$$SpringBoard + 174,
address = 0x000e37de
Process 99787 stopped
* thread #1: tid = 0x185cb, 0x000e37de
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 174, queue = 'com.apple.main-
thread, stop reason = breakpoint 2.1
frame #0: 0x000e37de SpringBoard`___lldb_unnamed_function299$$SpringBoard + 174
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 174:
0xe37de: movs r6, #0
0xe37e0: movt r0, #75
0xe37e4: movs r1, #1
0xe37e6: add r0, pc
(lldb) p $r6
(unsigned int) $1 = 364526080
After this instruction is executed, R6 should be set to 0. Input “ni” to execute this instruction