Figure 10- 86 IMChatRegistry.h
According to line 44, we know that IMChatRegistry is a singleton, we can get the registry by
calling [IMChatRegistry sharedInstance]. So easy!
Next question, where does the argument of chatForIMHandle: come from? It definitely
comes from its caller. It’s LLDB’s show time again.
Process 248623 stopped
* thread #1: tid = 0x3cb2f, 0x33236d8c IMCore`___lldb_unnamed_function2054$$IMCore,
queue = 'com.apple.main-thread, stop reason = breakpoint 21.1
frame #0: 0x33236d8c IMCore`___lldb_unnamed_function2054$$IMCore
IMCore`___lldb_unnamed_function2054$$IMCore:
0x33236d8c: push {r4, r5, r6, r7, lr}
0x33236d8e: add r7, sp, #12
0x33236d90: str r11, [sp, #-4]!
0x33236d94: sub sp, #20
(lldb) po $r2
[IMHandle: <[email protected]::cn> (Person: ) (Account:
P:+86PhoneNumber]
(lldb) p/x $lr
(unsigned int) $32 = 0x30a8dca5
LR without offset is 0x30a8dca5 – 0xa1b2000 = 0x268dbca5, which is not located inside