<IMChat 0x1594f7e0> [Identifier: [email protected] GUID:
iMessage;-;[email protected] Persistent ID: [email protected] Account:
26B3EC90-783B-4DEC-82CF-F58FBBB22363 Style: - State: 0 Participants: 1 Room Name:
(null) Display Name: (null) Last Addressed: (null) Group ID: (null) Unread Count: 0
Failure Count: 0]
(lldb) p/x $lr
(unsigned int) $20 = 0x30acf625LR without offset is 0x30acf625 – 0xa1b2000 = 0x2691d625, it’s inside [CKConversation
initWithChat:]. Since IMChat is the argument, to trace its source, we have to find out the
method caller. Repeat the previous operations to recreate a new iMessage, then set a breakpoint
at the beginning of [CKConversation initWithChat:] and trigger it:
Process 248623 stopped
* thread #1: tid = 0x3cb2f, 0x30acf5ec ChatKit`-[CKConversation initWithChat:], queue =
'com.apple.main-thread, stop reason = breakpoint 14.1
frame #0: 0x30acf5ec ChatKit`-[CKConversation initWithChat:]
ChatKit`-[CKConversation initWithChat:]:
0x30acf5ec: push {r4, r5, r6, r7, lr}
0x30acf5ee: add r7, sp, #12
0x30acf5f0: push.w {r8, r10, r11}
0x30acf5f4: sub sp, #8
(lldb) po $r2
<IMChat 0x1470a520> [Identifier: [email protected] GUID:
iMessage;-;[email protected] Persistent ID: [email protected] Account:
26B3EC90-783B-4DEC-82CF-F58FBBB22363 Style: - State: 0 Participants: 1 Room Name:
(null) Display Name: (null) Last Addressed: (null) Group ID: (null) Unread Count: 0
Failure Count: 0]
(lldb) p/x $lr
(unsigned int) $22 = 0x30a8d131
LR without offset is 0x30a8d131 – 0xa1b2000 = 0x268db131, which is inside
[CKConversationList _beginTrackingConversationWithChat:]. Again, it’s the argument, so let’s
continue tracing the method caller:
Process 248623 stopped
* thread #1: tid = 0x3cb2f, 0x30a8d09c ChatKit`-[CKConversationList
_beginTrackingConversationWithChat:], queue = 'com.apple.main-thread, stop reason =
breakpoint 1 5.1
frame #0: 0x30a8d09c ChatKit`-[CKConversationList
_beginTrackingConversationWithChat:]
ChatKit`-[CKConversationList _beginTrackingConversationWithChat:]:
0x30a8d09c: push {r4, r5, r6, r7, lr}
0x30a8d09e: mov r5, r0
0x30a8d0a0: movs r0, #25
0x30a8d0a2: add r7, sp, #12
(lldb) po $r2
<IMChat 0x15a326a0> [Identifier: [email protected] GUID:
iMessage;-;[email protected] Persistent ID: [email protected] Account:
26B3EC90-783B-4DEC-82CF-F58FBBB22363 Style: - State: 0 Participants: 1 Room Name:
(null) Display Name: (null) Last Addressed: (null) Group ID: (null) Unread Count: 0
Failure Count: 0]
(lldb) p/x $lr
(unsigned int) $24 = 0x30a8d4f1
LR without offset is 0x30a8d4f1 – 0xa1b2000 = 0x268db4f1, which is inside