以调试设备界面为例,改变背景颜色、获取VPN界面UISwitch控件响应事件.
Mac通过ssh连接越狱设备,默认密码alpine
Nelson:~ Nelson$ ssh [email protected]
启动Preferences进程,开启1234端口,等待任意IP地址的lldb接入
# debugserver -x backboard *:1234 /Applications/Preferences.app/Preferences
Nelson-iPad:~ root# debugserver -x backboard *:1234 /Applications/Preferences.app/Preferences
debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-340.3.51.1
for arm64.
Listening to port 1234 for a connection from *...
Mac启动新窗口终端,进入Xcode的lldb调试模式
# /Applications/Xcode.app/Contents/Developer/usr/bin/lldb
Nelson:~ Nelson$ /Applications/Xcode.app/Contents/Developer/usr/bin/lldb
(lldb)
连接正在等待的debugserver
# process connect connect://192.168.xx.xxx:1234
(lldb) process connect connect://192.168.xx.xxx:1234
Process 6529 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
frame #0: 0x00000001819f54bc libsystem_kernel.dylib`mach_msg_trap + 8
libsystem_kernel.dylib`mach_msg_trap:
-> 0x1819f54bc <+8>: ret
libsystem_kernel.dylib`mach_msg_overwrite_trap:
0x1819f54c0 <+0>: mov x16, #-0x20
0x1819f54c4 <+4>: svc #0x80
0x1819f54c8 <+8>: ret
(lldb)
打印所有界面层次
(lldb) po [[[UIApplication sharedApplication] keyWindow] recursiveDescription]
recursiveDescription
搜索UITableView:获取内存地址为0x13e051800
8EAB695B-6F43-4475-B7A8-FE6138BB3AB2.jpeg
修改UITableView(0x13e051800)的背景颜色为yellowColor
(lldb) po [(UITableView*)0x13e051800 setBackgroundColor:[UIColor yellowColor]]
现在界面处理调试状态,需要手动刷新下界面
(lldb) e (void)[CATransaction flush]
IMG_0142.PNG
修改另外一个UITableView(0x13e8ac400)的背景颜色
(lldb) po [(UITableView*)0x13e8ac400 setBackgroundColor:[UIColor greenColor]]
(lldb) e (void)[CATransaction flush]
IMG_0144.PNG
获取VPN界面的UISwitch的allTargets
IMG_0144.PNG
(lldb) po [(UISwitch *)0x13f263980 allTargets]
(lldb) po [(UISwitch *)0x13f263980 allTargets]
{(
>
)}
(lldb)
此处的Target为上一步获取到的VPNToggleCell(0x13e0c3400)
(lldb) po [(UISwitch *)0x13f263980 actionsForTarget:(id)0x13e0c3400 forControlEvent:0]
(lldb) po [(UISwitch *)0x13f263980 actionsForTarget:(id)0x13e0c3400 forControlEvent:0]
<__NSArrayM 0x13ddd9ca0>(
controlChanged:
)
(lldb)
获取到了UISwitch的响应方法为controlChanged:,接下来为UISwitch的点击添加断点
(lldb) br set -n "-[VPNToggleCell controlChanged:]"
Breakpoint 1: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
添加断点失败了,也就是说明controlChanged:这个方法不属于VPNToggleCell这个类,于是查找Runtime Header,找到了PSControlTableCell这个类
PSControlTableCell.h
412C86A5-F95D-40CF-9D6B-B82D15FED827.png
(lldb) br set -n "-[PSControlTableCell controlChanged:]"
(lldb) br set -n "-[PSControlTableCell controlChanged:]"
Breakpoint 3: where = Preferences`-[PSControlTableCell controlChanged:], address = 0x0000000189488618
(lldb)
断点添加成功了,查看下所有的断点列表
(lldb) br list
(lldb) br list
Current breakpoints:
3: name = '-[PSControlTableCell controlChanged:]', locations = 1, resolved = 1, hit count = 0
3.1: where = Preferences`-[PSControlTableCell controlChanged:], address = 0x0000000189488618, resolved, hit count = 0
(lldb)
按需求可以对断点进行以下操作:
3针对以上的断点序号
禁用断点:(lldb) br dis 3
启用断点:(lldb) br en 3
删除断点:(lldb) br del 3
退出调试状态
(lldb) c
此时界面可以进行操作了,点击VPN界面的UISwitch执行了断点操作,再次进入了调试模式
(lldb) c
Process 6529 resuming
Process 6529 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 3.1
frame #0: 0x0000000189488618 Preferences`-[PSControlTableCell controlChanged:]
Preferences`-[PSControlTableCell controlChanged:]:
-> 0x189488618 <+0>: stp x24, x23, [sp, #-0x40]!
0x18948861c <+4>: stp x22, x21, [sp, #0x10]
0x189488620 <+8>: stp x20, x19, [sp, #0x20]
0x189488624 <+12>: stp x29, x30, [sp, #0x30]
(lldb)
执行c、s进行下一步操作
(lldb) c
(lldb) n
进入调试模式
(lldb) process interrupt
lldb其他指令
| 指令 | 指令说明 |
|---|---|
thread list |
线程列表 |
image list -o -f |
进程列表 |
frame info |
查看当前代码 |