case, because there is already one recipient, MobileSMS will probably branch left. It’s very
simple to verify our assumption: input “[email protected]” in the address entry, then set a
breakpoint on any instruction in the right branch and at last press “return” to finish editing. We
can see that the breakpoint is not triggered; as a result, we can confirm that R5 comes from [$r8
__ck_displayName] in the left branch. In other words, [$r8 __ck_displayName] is the 3rd data
source. Where does R8 come from? Scroll up in IDA, we can find that R8 is from [[self
conversation] sendingService] at the beginning of [CKMessageEntryView updateEntryView], as
shown in figure 10-19.
Figure 10- 19 Look for 4th data source
Therefore, [[self conversation] sendingService] is the 4th data source. Let’s verify our
analysis so far with LLDB: input “[email protected]” in the address entry, then set a
breakpoint on “MOV R8, R0” in figure 10-19 and at last press “return” to finish editing. Execute
“po [$r0 __ck_displayName]” when the breakpoint gets triggered and then see whether LLDB
outputs “iMessage”:
(lldb) br s -a 0x28768962
Breakpoint 14: where = ChatKit`-[CKMessageEntryView updateEntryView] + 54, address =
0x28768962
(lldb) br com add 14
Enter your debugger command(s). Type 'DONE' to end.
> po [$r0 __ck_displayName]
> c
> DONE
Text Message
Process 200596 resuming
Command #2 'c' continued the target.
iMessage
Process 200596 resuming
Command #2 'c' continued the target.From the output, we know that the breakpoint has been triggered twice, and iMessage