upon it. Now that both branches contain “MOVS R5, #1”, which is the actual one?
Reinput the address and set breakpoints on both branches. Then press “return” to see which
breakpoint will be triggered, that’s our answer. Here, I’ll leave the LLDB operation to you,
please finish it independently. After you’ve done, you will have a deeper understanding and find
that the left branch is the actual one MobileSMS chose, as shown in figure 10-43.
Figure 10- 43 The left branch
Now, we have found the 13th data source, it’s a constant with value 1. You may wonder, if
13th data source is a constant, does 14th data source still exist? The data source clues seem to be
interrupted, what should we to do next? Good point.
In the previous figures, there’re several “MOVS R5, #0”. Although the 13th data source
comes from “MOVS R5, #1”, which seems to be a constant, according to programmatic
paradigm, there should be a conditional branch to determine whether “MOVS R5, #0” or
“MOVS R5, #1” gets executed, just like the pseudo code below.
if (iMessageIsAvailable) R5 = 1;
else R5 = 0;To represent in our familiar IDA graph view, it looks like figure 10-44.