Therefore, if R11 - R8 produces borrow, i.e. R8 is greater than R11, then MobileSMS will branch
right, otherwise it will branch left. So the key here is R8, as shown in figure 10-48.
Figure 10- 48 Where R8 comes
R8 comes from [NSArray countByEnumeratingWithState:objects:count:]. Reinput the
address, set the breakpoint and press “return”, let’s see what NSArray is:
(lldb) br s - a 0x3023089C
Breakpoint 2: where = IMCore`___lldb_unnamed_function425$$IMCore + 120, address =
0x3023089c
Process 102482 stopped
* thread #1: tid = 0x19052, 0x3023089c IMCore`___lldb_unnamed_function425$$IMCore + 120,
queue = 'com.apple.main-thread, stop reason = breakpoint 2.1
frame #0: 0x3023089c IMCore`___lldb_unnamed_function425$$IMCore + 120
IMCore`___lldb_unnamed_function425$$IMCore + 120:
0x3023089c: blx 0x302a03b0 ; symbol stub for: objc_msgSend
0x302308a0: mov r8, r0
0x302308a2: cmp.w r8, #0
0x302308a6: beq.w 0x302309c2 ; _lldb_unnamed_function425$$IMCore +
414
(lldb) p (char )$r1
(char ) $5 = 0x2c8181d9 "countByEnumeratingWithState:objects:count:"
(lldb) po $r0
<NSArrayI 0x178d6b20>(
mailto:[email protected]
)
NSArray is an array of recipients, thus R8 is the recipient count. If there’s more than 1
recipients, then since R11 is 1 when “CMP R11, R8” gets executed for the first time, we can
know that R8 is greater than R11 and MobileSMS will branch right, as shown in figure 10-49.