and reprint the value of R6:
(lldb) ni
Process 99787 stopped
* thread #1: tid = 0x185cb, 0x000e37e0
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 176, queue = 'com.apple.main-
thread, stop reason = instruction step over
frame #0: 0x000e37e0 SpringBoard`___lldb_unnamed_function299$$SpringBoard + 176
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 176:
0xe37e0: movt r0, #75
0xe37e4: movs r1, #1
0xe37e6: add r0, pc
0xe37e8: cmp r5, #0
(lldb) p $r6
(unsigned int) $2 = 0
(lldb) c
Process 99787 resuming
As we can see, command “p” has printed the value of R6 correctly.
In Objective-C, the implementation of [someObject someMethod] is actually
objc_msgSend(someObject, someMethod), among which the first argument is an Objective-C
object, and the latter can be casted to a string (we will explain this in detail in chapter 6). As
shown in figure 4-19, “BLX _objc_msgSend” executes [SBTelephonyManager
sharedTelephonyManager].
Figure 4- 19 objc_msgSend([SBTelephonyManager class], @selector(sharedTelephonyManager))
The address with offset of “BLX _objc_msgSend” is known to be 0xCC8A2. Set a breakpoint
on it and print the arguments of “objc_msgSend” when we hit this breakpoint:
(lldb) br s -a 0xCC8A2
Breakpoint 1: where = SpringBoard`___lldb_unnamed_function299$$SpringBoard + 370,
address = 0x000cc8a2
Process 103706 stopped
* thread #1: tid = 0x1951a, 0x000cc8a2
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 370, queue = 'com.apple.main-
thread, stop reason = breakpoint 1.1
frame #0: 0x000cc8a2 SpringBoard`___lldb_unnamed_function299$$SpringBoard + 370
SpringBoard`___lldb_unnamed_function299$$SpringBoard + 370:
0xcc8a2: blx 0x3e3798 ; symbol stub for: objc_msgSend
0xcc8a6: mov r6, r0
0xcc8a8: movw r0, #31088
0xcc8ac: movt r0, #74
(lldb) po [$r0 class]
SBTelephonyManager
(lldb) po $r0
SBTelephonyManager
(lldb) p (char )$r1
(char ) $2 = 0x0042eee6 "sharedTelephonyManager"
(lldb) c