iOS NSData探秘

请先参考

http://zhiwei.li/text/2012/03/objetive-c内存布局/

http://zhiwei.li/text/2010/11/objective-c中的meta-class/

http://zhiwei.li/text/2010/05/objective-c类对象/

 

 

/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.1.sdk/System/Library/Frameworks/Foundation.framework/Headers

NSObject.h

NSData.h

Foundation.h

CFData 和 NSData也可进行强制转换

NSString和CFStringRef可以实现强制转换

http://www.opensource.apple.com/source/CF/CF-744.12/CFData.c

 

struct __CFData {
CFRuntimeBase _base;
CFIndex _length; /* number of bytes */
CFIndex _capacity; /* maximum number of bytes */
CFAllocatorRef _bytesDeallocator; /* used only for immutable; if NULL, no deallocation */
uint8_t *_bytes; /* compaction: direct access to _bytes is only valid when data is not inline */
};

/*
Bit 0 = is mutable
Bit 1 = growable
Bit 2 = bytes inline
Bit 3 = use given CFAllocator
Bit 5 = allocate collectable memory

Bits 1-0 are used for mutability variation

Bit 6 = not all bytes have been zeroed yet (mutable)
*/

enum {
__kCFMutable = 0×01,
__kCFGrowable = 0×02,
__kCFMutableVarietyMask = 0×03,
__kCFBytesInline = 0×04,
__kCFUseAllocator = 0×08,
__kCFAllocatesCollectable = 0×20,
};

enum {
kCFImmutable = 0×0, /* unchangable and fixed capacity; default */
kCFFixedMutable = 0×1, /* changeable and fixed capacity */
kCFMutable = 0×3 /* changeable and variable capacity */
};

CF_INLINE void __CFDataSetInfoBits(CFDataRef data, UInt32 v) {__CFBitfieldSetValue(((CFRuntimeBase *)data)->_cfinfo[CF_INFO_BITS], 5, 0, v);}

http://www.opensource.apple.com/source/CF/CF-744.12/CFRuntime.h

/* All CF “instances” start with this structure. Never refer to
* these fields directly — they are for CF’s use and may be added
* to or removed or change format without warning. Binary
* compatibility for uses of this struct is not guaranteed from
* release to release.
*/
typedef struct __CFRuntimeBase {
    uintptr_t _cfisa;
    uint8_t _cfinfo[4];
    #if __LP64__
         uint32_t _rc;
    #endif
} CFRuntimeBase;

isa info 与NSObject 对应

 

(lldb) reg read

General Purpose Registers:

        r0 = 0x1f5ac970

        r1 = 0x1fa00000

        r2 = 0x1fa00084

        r3 = 0x0000009f

        r4 = 0x398f25c1  libobjc.A.dylib`objc_msgSend + 1

        r5 = 0×00000070

        r6 = 0x000fa69c  “dataWithBytes:length:”

        r7 = 0x2fd08338

        r8 = 0x000fa6dc  (void *)0x39f4e7f0: NSData

        r9 = 0x00291c01

       r10 = 0x000fa64c  “alloc”

       r11 = 0x000fa6d8  (void *)0x000fa750: AESCryptor

       r12 = 0×39903231  libobjc.A.dylib`-[NSObject autorelease] + 1

        sp = 0x2fd08300

        lr = 0x000f8f51  xi`-[AESCryptor signUpUrl] + 117 at AESCryptor.m:86

        pc = 0x000f8f52  xi`-[AESCryptor signUpUrl] + 118 at AESCryptor.m:87

      cpsr = 0×00000030

 

 

 

 

 

 

 

(lldb) memory read –size 4 –format x –count 0×20 0x2fd0831c

0x2fd0831c: 0x1f5ac970 0x000f99b6 0x20855af0 0x000fa684

 

 

 

(lldb) memory read –size 4 –format x –count 0×20 0x1f5ac970

0x1f5ac970: 0x3a04a97c 0×00000001 0×00000070 0×00000070

0x1f5ac980: 0x90ba060e 0xffc7b64d 0x3ad1b110 0xd1b9059b

0x1f5ac990: 0x8f5999b6 0xfbca0345 0x603a133b 0x66e0f845

0x1f5ac9a0: 0xa2d1d7d4 0xd32c8271 0x2d7584b9 0xef77c1aa

0x1f5ac9b0: 0x8106a0f4 0xb3c83ded 0x58ac007c 0x418137e9

 

metaClass     ISA

Type               1

Length           0×70

Max      0×70

后面跟着的就是数据

(lldb) reg read

General Purpose Registers:

        r0 = 0x39f4e7f0  (void *)0x39f4e7dc: NSData

        r1 = 0x384656c5  “dataWithBytesNoCopy:length:”

        r2 = 0x1f5ad090

        r3 = 0×00000060

        r4 = 0×00000010

        r5 = 0x000fa858  iv

        r6 = 0x1f5ac980

        r7 = 0x2fd082a4

        r8 = 0×00000070

        r9 = 0x398f25c1  libobjc.A.dylib`objc_msgSend + 1

       r10 = 0x1f5ad090

       r11 = 0×00000080

       r12 = 0x3b8a67f0  (void *)0x39d54915: OSSpinLockUnlock$VARIANT$mp + 1

        sp = 0x2fd08214

        lr = 0x39d3706f  libsystem_c.dylib`free + 171

        pc = 0x000f9174  Fonexi`-[AESCryptor decryptv2:withKey:] + 312 at AESCryptor.m:124

      cpsr = 0×60000030

 

(lldb) memory read –size 4 –format x –count 0×20 0x1f5ad090

0x1f5ad090: 0x8b5e543e 0xb82436ef 0x500dc3e4 0x230688f4

0x1f5ad0a0: 0xa46710e6 0x545b659e 0x852adec4 0xd21781f0

0x1f5ad0b0: 0xf71d5333 0xd72ebc0c 0xbffb5d37 0x2a93c3c1

0x1f5ad0c0: 0xbb98a8e4 0x767af3a0 0x3cc44626 0x6e99bc20

0x1f5ad0d0: 0xfc3febf7 0xe5b15ef0 0xcc456b3d 0xd522fcf3

0x1f5ad0e0: 0xb94973c5 0xa022a02f 0xa32ff49f 0x00db5aa0

0x1f5ad0f0: 0×00000000 0x1f5ad0e4 0×00000000 0x07aca020

0x1f5ad100: 0×00000000 0×00000000 0×00000000 0×00000000

 

 

 

 

(lldb) memory read –size 4 –format x –count 0×20 0x1f5b2e70

0x1f5b2e70: 0x3a04a97c 0×00000002 0×00000060 0×00000060

0x1f5b2e80: 0x1f5ad090 0×00000000 0×00000000 0×00000000

 

ISA  0x3a04a97c，就是所谓NSConcreateData

但类型已经变成 02了，长度和容量 是 0×60

接下来的0x1f5ad090 就是指针， 

 

dataWithBytesNoCopy 就是这个效果

 

(lldb) memory read –size 4 –format x –count 0×40  0x21df00

error: failed to sent packet: ‘m21de00,200′

(lldb) memory read –size 4 –format x –count 0×40  0x21df00

0x0021df00: 0x3a04a97c 0×00000002 0x00000eaa 0x00000eaa

0x0021df10: 0x00ba4600 0×00000000 0×00000000 0×00000000

明显 info = 0×2 可以增长,但是不能修改内容

(lldb) memory read –size 1  –count 0×100 –outfile /tmp/1.bin –binary  0x00ba4a00

256 bytes written to ‘/tmp/1.bin’

(lldb) memory read –size 1  –count 0×100 –outfile /tmp/1.bin –binary –append-outfile 0x00ba4b00

256 bytes appended to ‘/tmp/1.bin’

(lldb) memory read –size 1  –count 0×100 –outfile /tmp/1.bin –binary –append-outfile 0x00ba4c00

256 bytes appended to ‘/tmp/1.bin’