当时的调试信息如下
(lldb)
Process 846 stopped
- thread #1: tid = 0x57b8, 0x21ded958 CoreFoundation
__CFStringEncodeByteStream + 248, queue = 'com.apple.main-thread', stop reason = instruction step over frame #0: 0x21ded958 CoreFoundation__CFStringEncodeByteStream + 248
CoreFoundation`__CFStringEncodeByteStream:
→ 0x21ded958 <+248>: blx r5
0x21ded95a <+250>: str r0, [sp, #0x190]
0x21ded95c <+252>: b.w 0x21dee386 ; <+2854>
0x21ded960 <+256>: cmp.w r4, #0x100
(lldb) po $r1
392603424
(lldb) image list -o -f -b CoreFoundation
[ 0] 0x004a7000 /Users/sysadmin/Library/Developer/Xcode/iOS DeviceSupport/8.3 (12F70)/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation CoreFoundation
(lldb)
我想算出0x21ded958 在IDA中的地址,如是我用0x21ded958 - 0x004a7000 = 0x21946958
然后我跳转到IDA的0x21946958处,看汇编代码明显不对。
我的CoreFoundation二进制文件是从手机的cache中提取出来的,iphone 5c ios8.3
求帮助!!! 