基于frida和lldb的ceserver.iOS分析可以通过Cheat Engine实现。

I have ported Cheat Engine’s ceserver to iOS using frida.
frida-ceserver(github)

・Reading and writing memory
・Enumeration of symbols and modules
・Speed Hack
・Pointer scan
・MonoDataCollector(il2cpp: not for publication)

I was able to port most of the functions.

However, only the debugger could not be ported.
Dwarf and others implement a pseudo-debugger with Memory.protect and exception handler, but it is not complete.

This problem was solved by using lldb.
Because lldb remote debugging does not support iOS on windows.

lldb/lldb-gdb-remote.txt at master · llvm-mirror/lldb (github.com)

I was able to manipulate the debugserver directly via the above protocol and successfully set up a hardware breakpoint.
At this time, Cheat Engine does not support arm64, so I plan to support software breakpoints as soon as it is supported.
If you are interested, I would be happy to use it.

120924433-baa86600-c70e-11eb-8794-ab5c28ec50b6703×466 203 KB

arm64643×637 222 KB

I suggest that you use Japanese, so we can use translators to understand you. But if you use a translator to make it looking like Chinese, thank you, but it’s really weird to read automatically translated Chinese

is so crazy, I have implemented a tool that only has memory search function and no debugger