以调试设备界面为例,改变背景颜色、获取VPN界面UISwitch控件响应事件.
Mac通过ssh连接越狱设备,默认密码alpine
Nelson:~ Nelson$ ssh root@192.168.xx.xxx
复制代码启动Preferences进程,开启1234端口,等待任意IP地址的lldb接入
# debugserver -x backboard *:1234 /Applications/Preferences.app/Preferences
复制代码Nelson-iPad:~ root# debugserver -x backboard *:1234 /Applications/Preferences.app/Preferences
debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-340.3.51.1
for arm64.
Listening to port 1234 for a connection from *...
复制代码Mac启动新窗口终端,进入Xcode的lldb调试模式
# /Applications/Xcode.app/Contents/Developer/usr/bin/lldb
复制代码Nelson:~ Nelson$ /Applications/Xcode.app/Contents/Developer/usr/bin/lldb
(lldb)
复制代码连接正在等待的debugserver
# process connect connect://192.168.xx.xxx:1234
复制代码(lldb) process connect connect://192.168.xx.xxx:1234
Process 6529 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
frame #0: 0x00000001819f54bc libsystem_kernel.dylib`mach_msg_trap + 8
libsystem_kernel.dylib`mach_msg_trap:
-> 0x1819f54bc <+8>: ret
libsystem_kernel.dylib`mach_msg_overwrite_trap:
0x1819f54c0 <+0>: mov x16, #-0x20
0x1819f54c4 <+4>: svc #0x80
0x1819f54c8 <+8>: ret
(lldb)
复制代码打印所有界面层次
(lldb) po [[[UIApplication sharedApplication] keyWindow] recursiveDescription]
复制代码搜索UITableView:获取内存地址为0x13e051800
修改UITableView(0x13e051800)的背景颜色为yellowColor
(lldb) po [(UITableView*)0x13e051800 setBackgroundColor:[UIColor yellowColor]]
复制代码现在界面处理调试状态,需要手动刷新下界面
(lldb) e (void)[CATransaction flush]
复制代码修改另外一个UITableView(0x13e8ac400)的背景颜色
(lldb) po [(UITableView*)0x13e8ac400 setBackgroundColor:[UIColor greenColor]]
(lldb) e (void)[CATransaction flush]
复制代码获取VPN界面的UISwitch的allTargets
(lldb) po [(UISwitch *)0x13f263980 allTargets]
复制代码(lldb) po [(UISwitch *)0x13f263980 allTargets]
{(
<VPNToggleCell: 0x13e0c3400; baseClass = UITableViewCell; frame = (0 55.5; 594.5 45); text = '状态'; autoresize = W; tag = 6; layer = <CALayer: 0x13f004a80>>
)}
(lldb)
复制代码此处的Target为上一步获取到的VPNToggleCell(0x13e0c3400)
(lldb) po [(UISwitch *)0x13f263980 actionsForTarget:(id)0x13e0c3400 forControlEvent:0]
复制代码(lldb) po [(UISwitch *)0x13f263980 actionsForTarget:(id)0x13e0c3400 forControlEvent:0]
<__NSArrayM 0x13ddd9ca0>(
controlChanged:
)
(lldb)
复制代码获取到了UISwitch的响应方法为controlChanged:,接下来为UISwitch的点击添加断点
(lldb) br set -n "-[VPNToggleCell controlChanged:]"
Breakpoint 1: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
复制代码添加断点失败了,也就是说明controlChanged:这个方法不属于VPNToggleCell这个类,于是查找Runtime Header,找到了PSControlTableCell这个类 PSControlTableCell.h
(lldb) br set -n "-[PSControlTableCell controlChanged:]"
复制代码(lldb) br set -n "-[PSControlTableCell controlChanged:]"
Breakpoint 3: where = Preferences`-[PSControlTableCell controlChanged:], address = 0x0000000189488618
(lldb)
复制代码断点添加成功了,查看下所有的断点列表
(lldb) br list
复制代码(lldb) br list
Current breakpoints:
3: name = '-[PSControlTableCell controlChanged:]', locations = 1, resolved = 1, hit count = 0
3.1: where = Preferences`-[PSControlTableCell controlChanged:], address = 0x0000000189488618, resolved, hit count = 0
(lldb)
复制代码按需求可以对断点进行以下操作: 3针对以上的断点序号 禁用断点:(lldb) br dis 3 启用断点:(lldb) br en 3 删除断点:(lldb) br del 3
退出调试状态
(lldb) c
复制代码此时界面可以进行操作了,点击VPN界面的UISwitch执行了断点操作,再次进入了调试模式
(lldb) c
Process 6529 resuming
Process 6529 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 3.1
frame #0: 0x0000000189488618 Preferences`-[PSControlTableCell controlChanged:]
Preferences`-[PSControlTableCell controlChanged:]:
-> 0x189488618 <+0>: stp x24, x23, [sp, #-0x40]!
0x18948861c <+4>: stp x22, x21, [sp, #0x10]
0x189488620 <+8>: stp x20, x19, [sp, #0x20]
0x189488624 <+12>: stp x29, x30, [sp, #0x30]
(lldb)
复制代码执行c、s进行下一步操作
(lldb) c
复制代码(lldb) n
复制代码跳出调试模式
(lldb) process interrupt
复制代码lldb其他指令
| 指令 | 指令说明 |
|---|---|
thread list | 线程列表 |
image list -o -f | 进程列表 |
frame info | 查看当前代码 |
5419
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
