All geek questions in one place

GDB script to track Objective-C calls on iOS device - issue

I have a gdb script. I'm working on tracing all the calls to the objective-C method that pass through objc_msgSend, but I have a problem that I cannot handle. After looking at the objective-C source code, I developed the following script to print [] every time objc_msgSend was broken. The problem is that there are situations where data_NEVER_USE is not a valid pointer, but also not null. The only indicator I can find out if the class is initialized is the id-> data_NEVER_USE-> and RW_REALIZED flag. What aspect of class initialization is missing here that would allow me to skip this case?

b objc_msgSend c commands silent if (*$r0 == 0) continue end set $id = (class_t *)$r0 set $sel = $r1 print *$id if($id->data_NEVER_USE != 0) set $data = (class_ro_t *) ($id->data_NEVER_USE) if (($data->flags & 0x80000000) && ($data->name)) set $classname = $data->name printf "[%s ", $classname else continue end end if ($sel != 0) printf "%s", $sel else printf "null" end printf "]\n" continue end

I appreciate any help on this. Thanks.

+4
source share
1 answer

These 2 methods worked well enough for me. Please note that in my example, I manually run "SomeApp" to monitor it as soon as it starts.

 gdb (gdb) attach --waitfor 'SomeApp' **this is where you manually start SomeApp on your device** call (void)instrumentObjcMessageSends(YES)

"instrumentObjcMessageSends" enables / disables message logging from the runtime. Here is some more information about this method.

Another option that uses GDB again on your iDevice is to write a small command like this:

 FooPad:~ root# gdb (gdb) attach SBSettings Attaching to process 440. Reading symbols for shared libraries . done Reading symbols for shared libraries ............................. done 0x35686004 in mach_msg_trap () (gdb) break objc_msgSend Breakpoint 1 at 0x3323ef72 (gdb) commands Type commands for when breakpoint 1 is hit, one per line. End with a line saying just "end". >printf "-[%s %s]\n", (char *)class_getName(*(long *)$r0,$r1),$r1 >c >end (gdb) c Continuing. // a ton of information will follow

As soon as you press "c" (right above the line that reads "Continuation"), your screen will populate function names and arguments.

Finally, follow these instructions to get a working GDB on your iDevice. For posterity, I will post short instructions here:

The GNU Debugger (gdb) is used to analyze the runtime behavior of an iOS expression. In recent iOS versions, booted Cydia's GNU Debugger is broken and does not work properly. After Post Pod 2g also did not help me.

To get rid of this problem, add http://cydia.radare.org to the cydia source and download the latest GNU debugger (build 1708). Creating GDB 1708 works for iOS 5.x.

+6
source

Source: https://habr.com/ru/post/1437862/

More articles:


All Articles