使用 LLDB 在剥离的二进制文件中设置断点
Setting a breakpoint in a stripped binary with LLDB
我正在尝试使用 macOS 上的闭源命令行工具调试一个模糊的问题,并且(通过一些反汇编)该错误似乎存在于它正在使用的框架中。我想确认这个问题,所以我启动了 LLDB 并尝试在框架中的一个方法中设置断点——但是,我不太确定该怎么做(当我告诉 LLDB 找不到方法时它坏了,我也不能停在记忆位置)。谁能给我指出正确的方向,让我知道如何让 LLDB 调试框架的代码?
编辑:问题似乎不在于框架,而在于它被剥离的事实。请参阅下面我的回答。
所以,我终于意识到我正在使用的框架没有调试符号(doh!),这就是 LLDB 找不到任何东西的原因。使用剥离的二进制文件需要更多的工作,Apple Technical Note 2239 使用 Objective-C 运行时来设置断点。这是我尽可能翻译成 LLDB 的示例代码:
$ lldb /Applications/TextEdit.app
(lldb) target create "/Applications/TextEdit.app"
Current executable set to '/Applications/TextEdit.app' (x86_64).
(lldb) r
Process 2463 launched: '/Applications/TextEdit.app/Contents/MacOS/TextEdit' (x86_64)
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10, stop reason = signal SIGSTOP
frame #0: 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10
libsystem_kernel.dylib`mach_msg_trap:
-> 0x7fffea1603ba <+10>: ret
0x7fffea1603bb <+11>: nop
libsystem_kernel.dylib`mach_msg_overwrite_trap:
0x7fffea1603bc <+0>: mov r10, rcx
0x7fffea1603bf <+3>: mov eax, 0x1000020
(lldb) # Try to find the
(lldb) # -[DocumentController openUntitledDocumentAndDisplay:error:]
(lldb) # symbol.
(lldb) break set -S openUntitledDocumentAndDisplay:error:
Breakpoint 1: where = AppKit`-[NSDocumentController openUntitledDocumentAndDisplay:error:], address = 0x00007fffd21d244f
(lldb) # These are not the droids we're looking for. It turns out that
(lldb) # TextEdit ships with its symbols stripped, so we'll have to do
(lldb) # this the hard way.
(lldb) #
(lldb) # Get the Class object for the DocumentController class.
(lldb) expr -- void *$class = (void *)objc_getClass("DocumentController")
(lldb) # Get the SEL object for the "openUntitledDocumentAndDisplay:error:" method.
(lldb) expr -- void *$sel=(void *)sel_getUid("openUntitledDocumentAndDisplay:error:")
(lldb) # Get a pointer to the method implementation.
(lldb) po (void*)class_getMethodImplementation($class, $sel)
0x0000000100006df4
(lldb) # Set a breakpoint on the method.
(lldb) b 0x0000000100006df4
Breakpoint 2: where = TextEdit`___lldb_unnamed_symbol74$$TextEdit, address = 0x0000000100006df4
(lldb) # Resume execution, and then create a new, untitled document.
(lldb) c
Process 2463 resuming
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
frame #0: 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit
TextEdit`___lldb_unnamed_symbol74$$TextEdit:
-> 0x100006df4 <+0>: push rbp
0x100006df5 <+1>: mov rbp, rsp
0x100006df8 <+4>: push r15
0x100006dfa <+6>: push r14
我正在尝试使用 macOS 上的闭源命令行工具调试一个模糊的问题,并且(通过一些反汇编)该错误似乎存在于它正在使用的框架中。我想确认这个问题,所以我启动了 LLDB 并尝试在框架中的一个方法中设置断点——但是,我不太确定该怎么做(当我告诉 LLDB 找不到方法时它坏了,我也不能停在记忆位置)。谁能给我指出正确的方向,让我知道如何让 LLDB 调试框架的代码?
编辑:问题似乎不在于框架,而在于它被剥离的事实。请参阅下面我的回答。
所以,我终于意识到我正在使用的框架没有调试符号(doh!),这就是 LLDB 找不到任何东西的原因。使用剥离的二进制文件需要更多的工作,Apple Technical Note 2239 使用 Objective-C 运行时来设置断点。这是我尽可能翻译成 LLDB 的示例代码:
$ lldb /Applications/TextEdit.app
(lldb) target create "/Applications/TextEdit.app"
Current executable set to '/Applications/TextEdit.app' (x86_64).
(lldb) r
Process 2463 launched: '/Applications/TextEdit.app/Contents/MacOS/TextEdit' (x86_64)
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10, stop reason = signal SIGSTOP
frame #0: 0x00007fffea1603ba libsystem_kernel.dylib`mach_msg_trap + 10
libsystem_kernel.dylib`mach_msg_trap:
-> 0x7fffea1603ba <+10>: ret
0x7fffea1603bb <+11>: nop
libsystem_kernel.dylib`mach_msg_overwrite_trap:
0x7fffea1603bc <+0>: mov r10, rcx
0x7fffea1603bf <+3>: mov eax, 0x1000020
(lldb) # Try to find the
(lldb) # -[DocumentController openUntitledDocumentAndDisplay:error:]
(lldb) # symbol.
(lldb) break set -S openUntitledDocumentAndDisplay:error:
Breakpoint 1: where = AppKit`-[NSDocumentController openUntitledDocumentAndDisplay:error:], address = 0x00007fffd21d244f
(lldb) # These are not the droids we're looking for. It turns out that
(lldb) # TextEdit ships with its symbols stripped, so we'll have to do
(lldb) # this the hard way.
(lldb) #
(lldb) # Get the Class object for the DocumentController class.
(lldb) expr -- void *$class = (void *)objc_getClass("DocumentController")
(lldb) # Get the SEL object for the "openUntitledDocumentAndDisplay:error:" method.
(lldb) expr -- void *$sel=(void *)sel_getUid("openUntitledDocumentAndDisplay:error:")
(lldb) # Get a pointer to the method implementation.
(lldb) po (void*)class_getMethodImplementation($class, $sel)
0x0000000100006df4
(lldb) # Set a breakpoint on the method.
(lldb) b 0x0000000100006df4
Breakpoint 2: where = TextEdit`___lldb_unnamed_symbol74$$TextEdit, address = 0x0000000100006df4
(lldb) # Resume execution, and then create a new, untitled document.
(lldb) c
Process 2463 resuming
Process 2463 stopped
* thread #1: tid = 0x437c7a, 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
frame #0: 0x0000000100006df4 TextEdit`___lldb_unnamed_symbol74$$TextEdit
TextEdit`___lldb_unnamed_symbol74$$TextEdit:
-> 0x100006df4 <+0>: push rbp
0x100006df5 <+1>: mov rbp, rsp
0x100006df8 <+4>: push r15
0x100006dfa <+6>: push r14