iMessage
(unsigned int) $19 = 0x28768b33
Process 200596 resuming
Command #3 'c' continued the target.
As we can see, when placeholderText turns to “iMessage”, LR’s value is 0x28768b33.
0x28768b33 - 0x1eac000 = 0x268BCB33, let’s jump to this address, as shown in figure 10-15.
Figure 10- 15 Jump to 0x268BCB33
This address is located in ChatKit. OK, we’ve found the 1st data source of placeholder,
which is the argument of setPlaceholder:, as well got on the way to find the 2nd data source.
What an uneventful achievement, meh.
10.2.4 Find the Nth data source of placeholderText using IDA and
LLDB
I don’t know if you’ve noticed that placeholderText was blank during address editing. Not
until we’ve pressed “return” on the keyword that the placeholderText became “Text Message”
or “iMessage”. In other words, iOS will not detect whether current address supports iMessage
until editing is over; from the perspective of energy saving, this makes sense. Based on this
design, we can firstly edit the recipient’s address, then set a breakpoint and at last press “return”
to finish editing. If the breakpoint gets triggered under such circumstance, we can say that
MobileSMS is stopped during the process of detecting iMessage. Now, let’s search upward from
figure 10-15 to see who is the caller of [CKMessageEntryTextView setPlaceholderText:], as
shown in figure 10-16.
Figure 10- 16 Caller of [CKMessageEntryTextView setPlaceholderText:]
Set placeholder text when updating entry view, this is rather reasonable. However, without