一些用于调试iOS应用的lldb命令。Some very useful lldb commands for iOS debugging.
* baf - break all functions in module
* bdc - breakpoint disable current
* symbolic
* commads to get common directory
* ls
* find_el - find endless loop
* thread_eb - extended backtrace of thread
* entitlements - dump entitlements
* main
* executable - print main executable name
* appdelegate
* classes - print class names
* image_list
* patch
* bda - breakpoint disable at class
* bdr - breakpoint disable in range
* dapp - dump App
* ufile - upload local file to device
* rm - remove file
* blocks - find global blocks
* bblocks - break global blocks
* initfunc - print mod init func
* binitfunc - break mod init func
* bmain - break main function
* func_starts - function starts
* lazy_sym - print __la_symbol_ptr section
* read_mem_as_addr
* read_cstring - read memory as c style string
- Clone this repo
- Open up (or create) ~/.lldbinit
- Add the following command to your ~/.lldbinit file:
command script import /path/to/YJLLDB/src/yjlldb.py
Set breakpoints at the specified bytes in user modules.
// for example, break at ret
(lldb) bab c0 03 5f d6
Breakpoint 1: where = LLDBCode`-[ViewController viewDidLoad] + 240 at ViewController.m:29:1, address = 0x1029b3008
...
set 728 breakpoints
(lldb) x 0x1029b3008
0x1029b3008: c0 03 5f d6 ff 03 03 d1 fd 7b 0b a9 fd c3 02 91 .._......{......
0x1029b3018: e8 03 01 aa e1 03 02 aa e3 0f 00 f9 a0 83 1f f8 ................
(lldb) dis -s 0x1029b3008 -c 1
LLDBCode`-[ViewController viewDidLoad]:
0x1029b3008 <+240>: ret
Break all functions and methods in the specified module.
For example,break UIKit:
(lldb) baf UIKit
-----break functions in UIKit-----
will set breakpoint for 76987 names
Breakpoint 3: 75016 locations
Disable current breakpoint and continue.
(lldb) thread info
thread #1: tid = 0x2cb739, 0x000000018354f950 libsystem_kernel.dylib`open, queue = 'com.apple.main-thread', stop reason = breakpoint 5.13
(lldb) bdc
disable breakpoint 5.13 [0x18354f950]libsystem_kernel.dylib`open
and continue
Symbolic address list.
(lldb) symbolic (0x1845aed8c 0x1837685ec 0x18450a448 0x104360f78 0x18e4fd83c 0x18e3a3760 0x18e39d7c8 0x18e392890 0x18e3911d0 0x18eb72d1c 0x18eb752c8 0x18eb6e368 0x184557404 0x184556c2c 0x18455479c 0x184474da8 0x186459020 0x18e491758 0x104361da0 0x183f05fc0)
backtrace:
frame #0: 0x1845aed8c CoreFoundation`__exceptionPreprocess + 228
frame #1: 0x1837685ec libobjc.A.dylib`objc_exception_throw + 56
frame #2: 0x18450a448 CoreFoundation`-[__NSArray0 objectEnumerator] + 0
frame #3: 0x104360f78 Interlock`-[ViewController touchesBegan:withEvent:] + at ViewController.m:51:5
...
or
(lldb) symbolic 0x1845aed8c 0x1837685ec 0x18450a448 0x104360f78 0x18e4fd83c 0x18e3a3760 0x18e39d7c8 0x18e392890 0x18e3911d0 0x18eb72d1c 0x18eb752c8 0x18eb6e368 0x184557404 0x184556c2c 0x18455479c 0x184474da8 0x186459020 0x18e491758 0x104361da0 0x183f05fc0
backtrace:
frame #0: 0x1845aed8c CoreFoundation`__exceptionPreprocess + 228
frame #1: 0x1837685ec libobjc.A.dylib`objc_exception_throw + 56
frame #2: 0x18450a448 CoreFoundation`-[__NSArray0 objectEnumerator] + 0
frame #3: 0x104360f78 Interlock`-[ViewController touchesBegan:withEvent:] + at ViewController.m:51:5
...
(lldb) bundle_dir
/var/containers/Bundle/Application/63954B0E-79FA-42F2-A7EA-3568026008A1/Interlock.app
(lldb) home_dir
/var/mobile/Containers/Data/Application/1161FDFD-5D69-47CD-B5C6-C2724B8E2F28
(lldb) doc_dir
/var/mobile/Containers/Data/Application/1161FDFD-5D69-47CD-B5C6-C2724B8E2F28/Documents
(lldb) caches_dir
/var/mobile/Containers/Data/Application/1161FDFD-5D69-47CD-B5C6-C2724B8E2F28/Library/Caches
(lldb) lib_dir
/var/mobile/Containers/Data/Application/1161FDFD-5D69-47CD-B5C6-C2724B8E2F28/Library
(lldb) tmp_dir
/var/mobile/Containers/Data/Application/1161FDFD-5D69-47CD-B5C6-C2724B8E2F28/tmp
(lldb) group_dir
/private/var/mobile/Containers/Shared/AppGroup/9460EA21-AE6A-4220-9BB3-6EC8B971CDAE
List directory contents, just like ls -lh
on Mac.
(lldb) ls bu
/var/containers/Bundle/Application/D0419A6E-053C-4E35-B422-7C0FD6CAB060/Interlock.app
drwxr-xr-x 128B 1970-01-01 00:00:00 +0000 Base.lproj
drwxr-xr-x 96B 1970-01-01 00:00:00 +0000 _CodeSignature
drwxr-xr-x 64B 1970-01-01 00:00:00 +0000 META-INF
-rw-r--r-- 1.5K 2023-05-16 03:17:32 +0000 Info.plist
-rwxr-xr-x 103.0K 2023-05-19 11:07:02 +0000 Interlock
-rw-r--r-- 8B 2023-05-16 03:17:32 +0000 PkgInfo
-rw-r--r-- 194.7K 2023-05-16 03:17:31 +0000 embedded.mobileprovision
(lldb) ls home
/var/mobile/Containers/Data/Application/09E63130-623F-4124-BCBB-59E20BD28964
drwxr-xr-x 96B 2023-05-19 07:28:01 +0000 Documents
drwxr-xr-x 128B 2023-05-16 04:51:14 +0000 Library
drwxr-xr-x 64B 1970-01-01 00:00:00 +0000 SystemData
drwxr-xr-x 64B 2023-05-16 04:51:14 +0000 tmp
(lldb) ls /var/mobile/Containers/Data/Application/09E63130-623F-4124-BCBB-59E20BD28964/Documents
-rw-r--r-- 18B 2023-05-16 05:36:05 +0000 report.txt
Detects endless loop in all threads at this point.
- (void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event {
int a = 1;
NSLog(@"%s", __PRETTY_FUNCTION__);
while (a) {
a++;
}
}
# touch device screen
2023-05-20 12:29:52.604910+0800 Interlock[56660:1841567] -[ViewController touchesBegan:withEvent:]
# pause program execution, then execute find_el in lldb
(lldb) find_el
Breakpoint 1: where = Interlock`-[ViewController touchesBegan:withEvent:] + 136 at ViewController.mm:34:5, address = 0x109dd8d48
Breakpoint 2: where = Interlock`main + 110 at main.m:17:5, address = 0x109dd911e
delete breakpoint 2
call Interlock`-[ViewController touchesBegan:withEvent:] + 136 at ViewController.m:34:5, 22 times per second, hit_count: 100
...
Get extended backtrace of thread.
(lldb) bt
* thread #2, queue = 'com.apple.root.default-qos', stop reason = breakpoint 6.1
* frame #0: 0x0000000104ab58f8 Concurrency`__41-[ViewController touchesBegan:withEvent:]_block_invoke(.block_descriptor=0x0000000104ab80f8) at ViewController.m:29:13
frame #1: 0x0000000104df51dc libdispatch.dylib`_dispatch_call_block_and_release + 24
frame #2: 0x0000000104df519c libdispatch.dylib`_dispatch_client_callout + 16
frame #3: 0x0000000104e01200 libdispatch.dylib`_dispatch_queue_override_invoke + 968
frame #4: 0x0000000104e067c8 libdispatch.dylib`_dispatch_root_queue_drain + 604
frame #5: 0x0000000104e06500 libdispatch.dylib`_dispatch_worker_thread3 + 136
frame #6: 0x0000000181fc3fac libsystem_pthread.dylib`_pthread_wqthread + 1176
frame #7: 0x0000000181fc3b08 libsystem_pthread.dylib`start_wqthread + 4
(lldb) thread_eb
thread #4294967295: tid = 0x190c, 0x0000000104e907cc libdispatch.dylib`_dispatch_root_queue_push_override + 160, queue = 'com.apple.main-thread'
frame #0: 0x0000000104e907cc libdispatch.dylib`_dispatch_root_queue_push_override + 160
frame #1: 0x0000000104ded884 Concurrency`-[ViewController touchesBegan:withEvent:](self=<unavailable>, _cmd=<unavailable>, touches=<unavailable>, event=<unavailable>) at ViewController.m:25:5
frame #2: 0x000000018bb1583c UIKit`forwardTouchMethod + 340
frame #3: 0x000000018b9bb760 UIKit`-[UIResponder touchesBegan:withEvent:] + 60
...
Dump codesign entitlements of the specified module if any.
(lldb) ent
Interlock:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>XXXX.com.xxx.Interlock</string>
<key>com.apple.developer.team-identifier</key>
<string>XXXX</string>
<key>com.apple.security.application-groups</key>
<array/>
<key>get-task-allow</key>
<true/>
</dict>
</plist>
(lldb) ent UIKit
UIKit apparently does not contain code signature
Print segments and section info of macho.
(lldb) segments LLDBCode
[0x4e90000-0x104e90000) 0x100000000 __PAGEZERO ---/---
[0x104e90000-0x104ea0000) 0x10000 __TEXT r-x/r-x
[0x104e968bc-0x104e9cfb8) 0x66fc __text
[0x104e9cfb8-0x104e9d210) 0x258 __stubs
[0x104e9d210-0x104e9d480) 0x270 __stub_helper
[0x104e9d480-0x104e9db20) 0x6a0 __objc_stubs
[0x104e9db20-0x104e9edaa) 0x128a __objc_methname
[0x104e9edaa-0x104e9f2d8) 0x52e __cstring
[0x104e9f2d8-0x104e9f354) 0x7c __objc_classname__TEXT
[0x104e9f354-0x104e9fe8e) 0xb3a __objc_methtype
[0x104e9fe90-0x104e9fe98) 0x8 __const
[0x104e9fe98-0x104e9ff40) 0xa8 __gcc_except_tab__TEXT
[0x104e9ff40-0x104e9fff0) 0xb0 __unwind_info
[0x104ea0000-0x104ea4000) 0x4000 __DATA rw-/rw-
[0x104ea0000-0x104ea0070) 0x70 __got
[0x104ea0070-0x104ea0200) 0x190 __la_symbol_ptr
[0x104ea0200-0x104ea0420) 0x220 __const
[0x104ea0420-0x104ea0ba0) 0x780 __cfstring
[0x104ea0ba0-0x104ea0bc8) 0x28 __objc_classlist__DATA
[0x104ea0bc8-0x104ea0be8) 0x20 __objc_protolist__DATA
[0x104ea0be8-0x104ea0bf0) 0x8 __objc_imageinfo__DATA
[0x104ea0bf0-0x104ea1f28) 0x1338 __objc_const
[0x104ea1f28-0x104ea20d8) 0x1b0 __objc_selrefs
[0x104ea20d8-0x104ea2148) 0x70 __objc_classrefs__DATA
[0x104ea2148-0x104ea2150) 0x8 __objc_superrefs__DATA
[0x104ea2150-0x104ea2158) 0x8 __objc_ivar
[0x104ea2158-0x104ea22e8) 0x190 __objc_data
[0x104ea22e8-0x104ea2488) 0x1a0 __data
[0x104ea4000-0x104eb0000) 0xc000 __LINKEDIT r--/r--
[0x104eaa510-0x104eaf3e0) 0x4ed0 Code Signature
Print the address of main function.
(lldb) main
function main at 0x102911b70(fileoff: 0x5b70)
Print main executable name.
(lldb) executable
LLDBCode
Find the class that conforms to the UIApplicationDelegate protocol.
(lldb) appdelegate
AppDelegate
Print class names in the specified module.
(lldb) classes
AppDelegate <0x10468e378>
SceneDelegate <0x10468e418>
ViewController <0x10468e260>
List current executable and dependent shared library images, sorted by load address.
(lldb) image_list
index load addr(slide) vmsize path
--------------------------------------------------------
[ 0] 0x1022e4000(0x0022e4000) 81.9K /var/containers/Bundle/Application/C134E909-CC52-4A93-9557-37BA808854D3/LLDBCode.app/LLDBCode
[ 1] 0x1022f8000(0x1022f8000) 524.3K /usr/lib/system/introspection/libdispatch.dylib
...
Lookup the specified string, between start addr and end addr.
(lldb) image_list -c 8
index load addr(slide) vmsize path
--------------------------------------------------------
[ 0] 0x1022e4000(0x0022e4000) 81.9K /var/containers/Bundle/Application/C134E909-CC52-4A93-9557-37BA808854D3/LLDBCode.app/LLDBCode
...
[ 6] 0x18406f000(0x004044000) 8.7K /usr/lib/libSystem.B.dylib
[ 7] 0x184071000(0x004044000) 394.1K /usr/lib/libc++.1.dylib
(lldb) slookup PROGRAM 0x18406f000 0x184071000
found at 0x184070f7c where = [0x000000018002cf78-0x000000018002cfb8) libSystem.B.dylib.__TEXT.__const
1 locations found
(lldb) x 0x184070f7c -c 64
0x184070f7c: 50 52 4f 47 52 41 4d 3a 53 79 73 74 65 6d 2e 42 PROGRAM:System.B
0x184070f8c: 20 20 50 52 4f 4a 45 43 54 3a 4c 69 62 73 79 73 PROJECT:Libsys
0x184070f9c: 74 65 6d 2d 31 32 35 32 2e 35 30 2e 34 0a 00 00 tem-1252.50.4...
0x184070fac: 00 00 00 00 00 00 00 00 00 92 93 40 01 00 00 00 ...........@....
Lookup the specified bytes in user modules.
(lldb) blookup c0 03 5f d6
-----try to lookup bytes in LLDBCode-----
0x104961018
...
0x104969ab8
32 locations found
Patch bytes in user modules.
(lldb) patch c0 03 5f d6
-----try to patch bytes in LLDBCode-----
patch 32 locations
Trace all functions in the specified module. By default, only OC methods are traced. To trace swift module, you need to add the -a option.
// begin trace
(lldb) mtrace LLDBCode
-----trace functions in LLDBCode-----
will trace 35 names
begin trace with Breakpoint 1: 35 locations
(lldb) c
// trace log
frame #0: 0x0000000102dd2fb8 LLDBCode`-[ViewController touchesBegan:withEvent:](self=0x00000001d4108040, _cmd="touchesBegan:withEvent:", touches=0x000000015fd0fff0, event=1 element) at ViewController.m:35
...
frame #0: 0x0000000102dd318c LLDBCode`__41-[ViewController touchesBegan:withEvent:]_block_invoke(.block_descriptor=0x0000000102ec1500) at ViewController.m:45
Disable breakpoint(s) at the specified class.
(lldb) bda -i ViewController
disable breakpoint 1.8: where = LLDBCode`__41-[ViewController touchesBegan:withEvent:]_block_invoke_4 at ViewController.m:57, address = 0x00000001040e32f8, unresolved, hit count = 1 Options: disabled
...
disable breakpoint 1.27: where = LLDBCode`__41-[ViewController touchesBegan:withEvent:]_block_invoke at ViewController.m:45, address = 0x00000001040e318c, unresolved, hit count = 1 Options: disabled
(lldb) bda -i ViewController(extension)
disable breakpoint 1.23: where = LLDBCode`-[ViewController(extension) test] at ViewController.m:20, address = 0x0000000102ec2e7c, unresolved, hit count = 0 Options: disabled
Disable breakpoint(s) in the specified range.
(lldb) bdr 980~992
disable breakpoint 980.1: where = LLDBCode`-[Test .cxx_destruct] at Test.m:22, address = 0x00000001049fa1b0, unresolved, hit count = 0 Options: disabled
...
disable breakpoint 991.1: where = LLDBCode`func1 at Test.m:42, address = 0x00000001049faaf8, unresolved, hit count = 0 Options: disabled
Dump the specified module from memory.
(lldb) dmodule UIKit
dumping UIKit, this may take a while
ignore __DATA.__bss
ignore __DATA.__common
ignore __DATA_DIRTY.__bss
ignore __DATA_DIRTY.__common
924057600 bytes dump to ~/lldb_dump_macho/UIKit/macho_UIKit
注意:加载时被修改的数据未恢复
Dump current iOS App (arm64 only). Typically, dump decrypted ipa from jailbreak device.
(lldb) dapp
dumping JITDemo, this may take a while
copy file JITDemo.app/Base.lproj/LaunchScreen.storyboardc/01J-lp-oVM-view-Ze5-6b-2t3.nib
...
copy file JITDemo.app/embedded.mobileprovision
no file need patch
Generating "JITDemo.ipa"
dump success, ipa path: /Users/xxx/lldb_dump_macho/JITDemo/JITDemo.ipa
Download file from home, bundle or group path.
(lldb) dfile /var/containers/Bundle/Application/7099B2B8-39BE-4204-9BEB-5DF6A75BAA29/JITDemo.app/Info.plist
dumping Info.plist, this may take a while
1464 bytes written to '/Users/xxx/Info.plist'
Download dir from home, bundle or group path.
(lldb) ddir /var/containers/Bundle/Application/7099B2B8-39BE-4204-9BEB-5DF6A75BAA29/JITDemo.app
dumping JITDemo.app, this may take a while
1197 bytes written to '/Users/xxx/JITDemo.app/Base.lproj/LaunchScreen.storyboardc/01J-lp-oVM-view-Ze5-6b-2t3.nib'
...
8 bytes written to '/Users/xxx/JITDemo.app/PkgInfo'
196731 bytes written to '/Users/xxx/JITDemo.app/embedded.mobileprovision'
Upload local file to the specified directory or path on device.
(lldb) doc
/var/mobile/Containers/Data/Application/1171F451-C2DC-47E6-B6E3-74A0FE5A6572/Documents
(lldb) ufile /Users/xxx/uploadfile /var/mobile/Containers/Data/Application/1171F451-C2DC-47E6-B6E3-74A0FE5A6572/Documents
uploading uploadfile, this may take a while
upload success
(lldb) ufile /Users/xxx/uploadfile /var/mobile/Containers/Data/Application/1171F451-C2DC-47E6-B6E3-74A0FE5A6572/Documents/test
uploading uploadfile, this may take a while
upload success
(lldb) ls doc
/var/mobile/Containers/Data/Application/1171F451-C2DC-47E6-B6E3-74A0FE5A6572/Documents
-rw-r--r-- 12.1K 2023-08-10 07:11:29 +0000 test
-rw-r--r-- 12.1K 2023-08-10 07:11:22 +0000 uploadfile
Remove file or directory on remote device.
(lldb) ls doc
/var/mobile/Containers/Data/Application/B142040E-B1A0-4E97-8E76-03357585BFF8/Documents
-rw-r--r-- 12.1K 2023-08-10 07:32:05 +0000 test
-rw-r--r-- 12.1K 2023-08-10 08:22:40 +0000 uploadfile
(lldb) rm /var/mobile/Containers/Data/Application/B142040E-B1A0-4E97-8E76-03357585BFF8/Documents/uploadfile
remove success
(lldb) ls doc
/var/mobile/Containers/Data/Application/B142040E-B1A0-4E97-8E76-03357585BFF8/Documents
-rw-r--r-- 12.1K 2023-08-10 07:32:05 +0000 test
Find the specified block(s) in user modules.
(lldb) po $x0
<__NSGlobalBlock__: 0x100f18210>
(lldb) x/4g 0x100f18210
0x100f18210: 0x00000001b57df288 0x0000000050000000
0x100f18220: 0x00000001043b9724 0x00000001043bc1f0
(lldb) info 0x00000001043b9724
0x00000001043b9724, ___lldb_unnamed_symbol77 <+0> `JITDemo`__TEXT.__text + 0x290
(lldb) fblock 0x100f18210
-----try to lookup block in JITDemo-----
find a block: 0x100f18210 in JITDemo`-[ViewController touchesBegan:withEvent:]
1 block(s) resolved
Find blocks in user modules and save block symbols to block_symbol.json
(lldb) blocks
-----try to lookup block in JITDemo-----
* using global block var: 0x104a78150 in JITDemo`-[ViewController viewDidLoad] at ViewController.m:39:5
find a block: 0x104a78190 in JITDemo`-[ViewController viewDidLoad] at ViewController.m:0:0
...
find a stack block @0x104a74e7c in JITDemo`__41-[ViewController touchesBegan:withEvent:]_block_invoke_3 at ViewController.m:0:0
stack block func addr 0x104a74f08 JITDemo`__41-[ViewController touchesBegan:withEvent:]_block_invoke_4 at ViewController.m:75:0
...
-----try to lookup block in LLDBJIT-----
find a block: 0x104b341c0 in LLDBJIT`+[MachoTool findMacho] at MachoTool.m:0:0
...
find a stack block @0x104b32080 in LLDBJIT`+[Image getBlocksInfo:] at Image.m:0:0
stack block func addr 0x104b34d40 LLDBJIT`None
85 block(s) resolved
Break all blocks in user modules
(lldb) bblocks
-----try to lookup block in JITDemo-----
break block: 0x104a78150 with Breakpoint 4: JITDemo`globalBlock_block_invoke at ViewController.m:16:0, address = 0x104a74990
...
break stack block with Breakpoint 9: JITDemo`__41-[ViewController touchesBegan:withEvent:]_block_invoke_4 at ViewController.m:75:0, address = 0x104a74f08
...
-----try to lookup block in LLDBJIT-----
break block: 0x104b341c0 with Breakpoint 82: LLDBJIT`__22+[MachoTool findMacho]_block_invoke at MachoTool.m:110:0, address = 0x104b2b130
...
find a stack block @0x104b32080 in LLDBJIT`+[Image getBlocksInfo:] at Image.m:0:0
break stack block with Breakpoint 88: LLDBJIT`None, address = 0x104b34d40
set 85 breakpoints
(lldb)
or
(lldb) bblocks JITDemo
-----try to lookup block in JITDemo-----
break block: 0x1026ac140 with Breakpoint 87: JITDemo`___lldb_unnamed_symbol75, address = 0x1026a92f4
...
find a stack block @0x1026a9694 in JITDemo`___lldb_unnamed_symbol82
break stack block with Breakpoint 93: JITDemo`___lldb_unnamed_symbol83, address = 0x1026a9700
set 7 breakpoints
Dump module init function(s) in user modules.
(lldb) initfunc
-----try to lookup init function in JITDemo-----
address = 0x100e08cb0 JITDemo`entry1 at main.m:708:0
address = 0x100e0960c JITDemo`entry2 at main.m:740:0
Break module init function(s) in user modules.
(lldb) binitfunc
-----try to lookup init function in JITDemo-----
Breakpoint 6: JITDemo`entry1 at main.m:708:0, address = 0x100e08cb0
Breakpoint 7: JITDemo`entry2 at main.m:740:0, address = 0x100e0960c
Break the specified method(s) in user modules
(lldb) bmethod load
-----try to method in JITDemo-----
Breakpoint 3: JITDemo`+[ViewController load] at ViewController.m:26:0, address = 0x1024f89bc
Breakpoint 4: JITDemo`+[AppDelegate load] at AppDelegate.m:16:0, address = 0x1024f96a4
-----try to method in LLDBJIT-----
set 2 breakpoints
(lldb) bmain
Breakpoint 9: BasicSyntax`___lldb_unnamed_symbol266, address = 0x10017c3fc
Print function starts
(lldb) func_starts
-----parsing module JITDemo-----
address = 0x1021bc5c8 where = JITDemo`globalBlock_block_invoke at ViewController.m:17
address = 0x1021bc608 where = JITDemo`+[ViewController load] at ViewController.m:27
...
address = 0x1021bdae0 where = JITDemo`-[SceneDelegate .cxx_destruct] at SceneDelegate.m:14
(lldb)
(lldb) got
-----parsing module JITDemo-----
address = 0x1ac734ce0 where = Foundation`NSFileModificationDate
...
address = 0x180d44900 where = libobjc.A.dylib`objc_msgSend
address = 0x1814ce1c0 where = libdyld.dylib`dyld_stub_binder
13 location(s) found
(lldb) lazy_sym
-----parsing module JITDemo-----
address = 0x104c7fe14 where = JITDemo`my_NSHomeDirectory at ViewController.m:63 -> NSHomeDirectory
...
address = 0x1815fb950 where = libsystem_kernel.dylib`open -> open
36 location(s) found
(lldb) seg
...
------------------------------------------------------------
[0x102ee0000-0x102ee4000) 0x4000 __DATA
[0x102ee0000-0x102ee0068) 0x68 __got
...
[0x102ee02e0-0x102ee0560) 0x280 __cfstring
...
// read __got section
(lldb) read_mem_as_addr 0x102ee0000 0x102ee0068
0x102ee0000: 0x00000001ac734ce0 Foundation`NSFileModificationDate
...
0x102ee0058: 0x0000000180d44900 libobjc.A.dylib`objc_msgSend
0x102ee0060: 0x00000001814ce1c0 libdyld.dylib`dyld_stub_binder
// read __cfstring section
(lldb) read_mem_as_addr 0x102ee02e0 0x102ee0560
0x102ee02e0: 0x00000001b40b2610 (void *)0x00000001b40b25c0: __NSCFConstantString
0x102ee02e8: 0x00000000000007c8
0x102ee02f0: 0x0000000102ede156 "%s"
0x102ee02f8: 0x0000000000000002
...
0x102ee0540: 0x00000001b40b2610 (void *)0x00000001b40b25c0: __NSCFConstantString
0x102ee0548: 0x00000000000007c8
0x102ee0550: 0x0000000102ede2cc "Default Configuration"
0x102ee0558: 0x0000000000000015
(lldb) seg
...
[0x10077b3ae-0x10077b424) 0x76 __objc_classname
....
[0x100782898-0x1007857f0) 0x2f58 String Table
...
// read __TEXT.__objc_classname
(lldb) read_cstring 0x10077b3ae 0x10077b424
0x10077b3ae: "ViewController"
...
0x10077b414: "UISceneDelegate"
9 locations found
// read String Table
(lldb) read_cstring 0x100782898 0x1007857f0
0x100782898: " "
0x10078289a: "_JITDemoVersionNumber"
...
0x1007857c8: "__OBJC_PROTOCOL_$_UIWindowSceneDelegate"
338 locations found
https://github.com/DerekSelander/LLDB
https://github.com/facebook/chisel
https://github.com/aaronst/macholibre
YJLLDB is released under the Apache License 2.0. See LICENSE file for details.