起因是因为要逆向一个系统软件,发现无法使用Cycript注入,只能使用LLDB,但是又十分怀念使用Cycript自定义方法的功能.如何寻找LLDB下的替代方法.翻看文档才知道LLDB还有Python脚本这功能
.
这里分享一个LLDB的Python库Chisel
##Chisel
Chisel是Facebook写的LLDB的指令集合,十分强大!十分强大!十分强大!
效果
pviews 打印视图结构
(lldb) pviews
[ D A w ] h=-&- v=-&- NSView 0x7f999bde1190 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdf0bf0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D AF W ] h=-&- v=-&- NSSplitView 0x7f999bdde180 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bddfd70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ HA w ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999bde1760 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bdab7f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- NSVisualEffectView 0x7f999bdddd50 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bd77c00> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- NSView 0x7f999d8612b0 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bd9e380> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D A w ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999bdc80e0 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdaa970> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D A w ] h=--- v=--- NSView 0x7f999bc69880 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdaa9a0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D A O W ] h=--- v=--- CalUICalendarContainerView 0x7f999bc6e2c0 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bd3e5b0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D A O W ] h=--- v=--- CalUIMonthContentView 0x7f999bf83b40 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bf57b80> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D AF w ] h=--- v=--- InfiniteSwipeControllerScrollView 0x7f999d8de290 f=(0,0,935,480) b=(-) => <_NSViewBackingLayer: 0x7f999de09030> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D AF w ] h=-&- v=-&- InfiniteSwipeControllerClipView 0x7f999d8dfa50 f=(0,0,935,480) b=(0,2.09715e+06,-,-) => <CalUILayer: 0x7f999d8df760> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D AF W ] h=--- v=--- InfiniteSwipeControllerDocumentView 0x7f999d8de3b0 f=(0,0,935,4.1943e+06) b=(-) => <_NSViewBackingLayer: 0x7f999d8de460> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
.........................................
[ AF W ] h=--- v=--- CalUIAutolayoutTextField 0x7f999de0d040 "周六" f=(890,8,36,19) b=(-) => <_NSViewBackingLayer: 0x7f999de0d5f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ AF w ] h=--- v=--- CalUIDateNavigator 0x7f999bf7a9d0 f=(822,521,102,24) b=(-) => <_NSViewBackingLayer: 0x7f999d8d2a00> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ AF w ] h=--- v=--- NSSegmentItemView 0x7f999bf30710 f=(0,0,25,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf86a40> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ AF w ] h=--- v=--- NSSegmentItemView 0x7f999bf7b450 f=(25,0,53,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf432c0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ AF w ] h=--- v=--- NSSegmentItemLabelView 0x7f999d859b70 "今天" f=(11,2,30,17) b=(-) => <_NSViewBackingLayer: 0x7f999bf78e80> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ AF w ] h=--- v=--- NSSegmentItemView 0x7f999bf66820 f=(78,0,24,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf425c0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ HA w ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999d8a7ad0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bddbd40> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- NSVisualEffectView 0x7f999bde25e0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bdda720> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- CalUISearchSidebarView 0x7f999d85e5c0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bd7da70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ HA w ] h=--- v=--- NSVibrantSplitDividerView 0x7f999bde3080 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde50a0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- NSVisualEffectView 0x7f999bde38e0 f=(2,0,1,560) b=(-) => <_NSViewBackingLayer: 0x7f999bddd2d0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA V w ] h=--- v=--- NSSplitDividerView 0x7f999bde48c0 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdc5760> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ HA w ] h=--- v=--- NSVibrantSplitDividerView 0x7f999bde3150 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde29f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA w ] h=--- v=--- NSVisualEffectView 0x7f999bddc790 f=(2,0,1,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde2a70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ hA V w ] h=--- v=--- NSSplitDividerView 0x7f999bd2fdf0 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde2ad0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ D A w ] h=--- v=--- _NSSplitViewSpringLoadingView 0x7f999bde0080 f=(0,0,15,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde0910> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
[ A w ] h=--- v=--- _NSSplitViewSpringLoadingView 0x7f999bde0ba0 f=(920,0,15,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde0fa0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
A=autoresizesSubviews, C=canDrawConcurrently, D=needsDisplay, F=flipped, G=gstate, H=hidden (h=by ancestor), L=needsLayout (l=child needsLayout), U=needsUpdateConstraints (u=child needsUpdateConstraints), O=opaque, P=preservesContentDuringLiveResize, S=scaled/rotated, W=wantsLayer (w=ancestor wantsLayer), V=needsVibrancy (v=allowsVibrancy), #=has surface
presponder 打印响应者链条
(lldb) presponder 0x7f999bde0ba0
<_NSSplitViewSpringLoadingView: 0x7f999bde0ba0>
| <NSSplitView:0x7f999bdde180 delegate="(CalUISplitViewController)0x7f999bddba60" layout="constraints", dividers="views", arrangesAllSubviews="no">
| | <NSView: 0x7f999bde1190>
| | | <CalUISplitViewController: 0x7f999bddba60>
| | | | <CALWindow: 0x7f999bc7f290>
| | | | | <CalWindowController: 0x7f999bd413c0>
pinternals 打印对象详细属性
(lldb) pinternals 0x7f999bde0ba0
(_NSSplitViewSpringLoadingView) $56 = {
NSView = {
NSResponder = {
NSObject = {
isa = _NSSplitViewSpringLoadingView
}
_nextResponder = 0x00007f999bdde180
}
_superview = 0x00007f999bdde180
_subviews = nil
_window = 0x00007f999bc7f290
_unused_was_gState = nil
_frameMatrix = nil
_layer = 0x00007f999bde0fa0
_dragTypes = 0x00007f999bde0a60 1 element
_viewAuxiliary = 0x00007f999bde0c60
}
_springLoadingHandler = 0x00007f999bde0f20
_canSpringLoadHandler = 0x00007f999bde0f70
_orientation = 1
_didSpringLoad = '\0'
}
bmessage 根据方法名称下断点
(lldb) bmessage -[NSViewController viewDidLoad]
Setting a breakpoint at -[NSViewController viewDidLoad] with condition (void*)object_getClass((id)$rdi) == 0x00007fff77fa4398
Breakpoint 1: where = AppKit`-[NSViewController viewDidLoad], address = 0x00007fff9669aee9
wivar 添加一个观察断点
(lldb) wivar 0x7f999bde0ba0 _subviews
Remember to delete the watchpoint using: watchpoint delete 1
这四样的意义相信大家都懂的,还有更多的实用命令在里边 ,使用 help 就可以查看其余指令如何使用了
##安装
- 开始,命令行输入
brew update
brew install chisel
- 最后,命令行输入
echo command script import /usr/local/Cellar/chisel/libexec/fblldb.py >> ~/.lldbinit
开始愉快的使用吧!
ps : 论坛的Markdown 体验十分之好啊