使用LLDB在剥离的二进制文件中设置断点

时间:2017-01-14 03:05:59

标签: macos frameworks lldb

我正在尝试使用macOS上的闭源命令行工具来调试一个模糊的问题,并且(通过一些反汇编)看起来该错误存在于它正在使用的框架中。我想确认一下这个问题,所以我启动了LLDB并试图在框架中的一个方法中设置一个断点 - 但是,我不确定如何(当我告诉时,LLDB找不到方法)它打破了,我不能停在内存位置)。任何人都可以指出我如何让​​LLDB调试框架的代码?

编辑:似乎问题不在于框架,而在于它被剥离的事实。请参阅下面的答案。

1 个答案:

答案 0 :(得分:2)

所以,我终于意识到我正在使用的框架没有调试符号(doh!),这就是为什么LLDB找不到任何东西。使用剥离的二进制文件需要更多的工作,Apple Technical Note 2239使用Objective-C运行时来设置断点。以下是我能尽力转换为LLDB的示例代码:

$ lldb /Applications/TextEdit.app
(lldb) target create "/Applications/TextEdit.app"
Current executable set to '/Applications/TextEdit.app' (x86_64).
(lldb) r
Process 2463 launched: '/Applications/TextEdit.app/Contents/MacOS/TextEdit' (x86_64)
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10, stop reason = signal SIGSTOP
    frame #0: 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10
libsystem_kernel.dylib`mach_msg_trap:
->  0x7fffea1603ba <+10>: ret
    0x7fffea1603bb <+11>: nop

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x7fffea1603bc <+0>:  mov    r10, rcx
    0x7fffea1603bf <+3>:  mov    eax, 0x1000020
(lldb) # Try to find the
(lldb) # -[DocumentController openUntitledDocumentAndDisplay:error:] 
(lldb) # symbol.
(lldb) break set -S openUntitledDocumentAndDisplay:error:
Breakpoint 1: where = AppKit`-[NSDocumentController openUntitledDocumentAndDisplay:error:], address = 0x00007fffd21d244f
(lldb) # These are not the droids we're looking for. It turns out that 
(lldb) # TextEdit ships with its symbols stripped, so we'll have to do 
(lldb) # this the hard way.
(lldb) #
(lldb) # Get the Class object for the DocumentController class.
(lldb) expr -- void *$class = (void *)objc_getClass("DocumentController")
(lldb) # Get the SEL object for the "openUntitledDocumentAndDisplay:error:" method.
(lldb) expr -- void *$sel=(void *)sel_getUid("openUntitledDocumentAndDisplay:error:")
(lldb) # Get a pointer to the method implementation.
(lldb) po (void*)class_getMethodImplementation($class, $sel)
0x0000000100006df4
(lldb) # Set a breakpoint on the method.
(lldb) b 0x0000000100006df4
Breakpoint 2: where = TextEdit`___lldb_unnamed_symbol74$$TextEdit, address = 0x0000000100006df4
(lldb) # Resume execution, and then create a new, untitled document.
(lldb) c
Process 2463 resuming
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
    frame #0: 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit
TextEdit`___lldb_unnamed_symbol74$$TextEdit:
->  0x100006df4 <+0>: push   rbp
    0x100006df5 <+1>: mov    rbp, rsp
    0x100006df8 <+4>: push   r15
    0x100006dfa <+6>: push   r14
相关问题
最新问题