![]() val = ("temp", lldb.SBAddress(offset, lldb.target), ptr_type). offset = ptr.GetValueAsUnsigned() + i * ptr_size_type. print('SBProcess.WriteMemory() failed ! ') > offset = ptr.GetValueAsUnsigned() + 3 * ptr_size_type > print(("temp", lldb.SBAddress(offset, lldb.target), ptr_type)) (int) temp = 255 > for i in range (0, 4). > if not error.Success() or result != len(new_int_as_bytes): > result = (offset, new_int_as_bytes, error) > offset = ptr.GetValueAsUnsigned() + 3 * ptr_size_type But you won't have a variable symbol name and will probably need to help lldb with the Type. In a stripped binary - you can get a value from a register - as you will know the register position from documentation. val = ("temp", lldb.SBAddress(offset, lldb.target), ptr_type) offset = ptr.GetValueAsUnsigned() + i * ptr_size_type > ptr_type = ptr.GetType().GetPointeeType() > print(ptr.GetValue()) // this prints the value NOT the offset Settings set -startup-command QSetLogging:bitmask=LOG_ALL lldb with SwiftĠx00007ffeefbff4c8: (float *) input = 0x00007ffeefbff4f0 Settings show target.env-vars Add setting to lldbinit fileĮcho "settings set target.x86-disassembly-flavor intel" > ~/.lldbinit Logging Settings show n-args show target.env-vars Watchpoint set expression -w read_write - $arg1 Delete some watchpoints, if you see this errorĮrror: sending gdb watchpoint packet failed Settings show n-args Watchpoint set expression - $arg1 watchpoint on register Watchpoint set expression -w write - "+" + 32 watchpoint on register Watchpoint set variable completionHandler watchpoint on address in function ![]() Po file_exists = NO watchpoint on frame variable Watchpoint set variable file_exists Once it stops Watch del 1 watchpoint on Global variable Po (char *)$arg1 // telling lldb how to cast $arg1 See how many times a C function is called when running an iOS app. Mem read 0x00007ffee5f99610 -f d Get start and end of search Memory read -format instruction -count 5 0x10463d970 Read memory and print in format Decimal Memory read 0x00007fff36d99fb5 Read five instructions after address (a) Memory Read the string that is pointed to by a char* pointer # Add & continue Python script when Breakpoint fires (lldb) breakpoint command add -F ydscripts.YDHelloWorld fooName # Callback to Python function when Breakpoint hits (lldb) breakpoint command add -s python fooNameĮnter your Python command(s). Rb Foo.handleBarChallenge -s playModule -N fooNameīreakpoint set -selector blah:blah: -s objc_play -N fooNameīr mod -c $arg2 = "URLSession:didReceiveChallenge:completionHandler: " fooNameī "- " # Breakpoint on completionHandlerī -īreakpoint set -func-regex=. # Regex Breakpoint on Selector ( good for Swift ) # Break on Register holding ist substringīr s -n syscall -c '(char *) strnstr((char *)$rsi, "ist", (int)strlen((char *) $rsi)) != NULL ' # Breakpoint on Selectorīreakpoint set -selector URLSession:didReceiveChallenge:completionHandler:īreakpoint set -selector blah:blah: -s playModule ![]() # Breakpoint on Name and give the breakpoint a nameī -n task_get_exception_ports -N fooName -auto-continue true # Breakpoint on Address ( gdb syntax )ī "+ " # Breakpoint on Function, name the breakpoint and set conditionīr set -b "+ " -N fooName -c " $arg1 = 0x33 " # Breakpoint on Address with name (lldb syntax )ī set -N fooName -auto-continue true -c $x16=26 # Breakpoint on fullname in a single Moduleīreakpoint set -F access -s libsystem_kernel.dylib # Getting the options help breakpoint set # Options to add script to Breakpoint help break command add
0 Comments
Leave a Reply. |