一步一步用debugserver + lldb代替gdb进行动态调试

我说的指令不正确就是arm和thumb混了,比如IDA里显示的是MOV R1, R5,lldb里显示的是一些不认识的thumb指令,还有一堆“unknown code”。结果我删了Xcode 5.1.1,装回5.0.X,把lldb版本降下来就好了

那5.1.1的lldb的确有问题。
我也是这样子的。不过其他应该正常,除了反汇编比较诡异~

((lldb) process connect connect://iOSIP:1234时,因为我是在虚拟机上连接iDevice进行调试的,没有wifi,是不是就不能进行调试了。

参考一下这个帖子,如果USB能识别应该就可以

我参考了你的那个用usbmuxd方法的帖子,但当执行到process connect connect://127.0.0.1:1234结果是Process 0 connected

等待监听端报得错是下面:
Incoming connection to 1234
Waiting for devices…
Connecting to device <MuxDevice: ID 5 ProdID 0x12a4 Serial ‘899b609353e8aa081f2ffa8444d7532393c21ce9’ Location 0x3100000>

Exception happened during processing of request from (‘127.0.0.1’, 49825)
Traceback (most recent call last):
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 582, in process_request_thread
self.finish_request(request, client_address)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 639, in init
self.handle()
File “./tcprelay.py”, line 82, in handle
dsock = mux.connect(dev, self.server.rport)
File “/opt/tool/usbmuxd/python-client/usbmux.py”, line 235, in connect
return connector.connect(device, port)
File “/opt/tool/usbmuxd/python-client/usbmux.py”, line 206, in connect
raise MuxError(“Connect failed: error %d”%ret)
MuxError: Connect failed: error 3

Incoming connection to 1234
Waiting for devices…
Connecting to device <MuxDevice: ID 5 ProdID 0x12a4 Serial ‘899b609353e8aa081f2ffa8444d7532393c21ce9’ Location 0x3100000>

Exception happened during processing of request from (‘127.0.0.1’, 49826)
Traceback (most recent call last):
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 582, in process_request_thread
self.finish_request(request, client_address)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 639, in init
self.handle()
File “./tcprelay.py”, line 82, in handle
dsock = mux.connect(dev, self.server.rport)
File “/opt/tool/usbmuxd/python-client/usbmux.py”, line 235, in connect
return connector.connect(device, port)
File “/opt/tool/usbmuxd/python-client/usbmux.py”, line 206, in connect
raise MuxError(“Connect failed: error %d”%ret)
MuxError: Connect failed: error 3

你能通过USB ssh到iOS去吗?

可以的,通过ssh连接上了iDevice,并运行的DebugServer

注意到这个报错

Exception happened during processing of request from ('127.0.0.1', 49825)

你指定的端口是1234,而显示的端口号49825,是不是说明真机连过来的端口还是错了?
那我觉得有可能是虚拟机的问题,因为虚拟机的USB接口也是模拟出来的,我不确定它是不是原封不动地转发真机USB接口上的数据。你可以查查看你用的虚拟机有没有这种设置端口转发的功能,我猜是这里的问题

我看了我的虚拟机有端口转发的功能,要怎么设置呢

我运行完debugserver *:1234 -a "SpringBoard"后显示是:
Administratormato-iPad:~ root# debugserver *:1234 -a “SpringBoard”
debugserver-64 for armv6 Copyright (c) 2007-2009 Apple, Inc. All Rights Reserved.

后面就什么都没有了,这里不对,是吧

22转22,1234转1234

应该有问题,我印象我的debugserver执行完之后输出不止一行

我把详细过程写下来:
1、lipo -thin armv7s /path/to/debugserver -output /path/to/debugserver
wls-Mac:tool wl$ lipo -thin armv7 debugserver -output /debug/debugserver
lipo: input file (debugserver) must be a fat file when the -thin option is specified
直接跳过瘦身,ldid应该支持
2、wls-Mac:tool wl$ ./ldid -S/ent.xml /debug/debugserver
minimal/mapping.h(54): _assert(false); errno=2
libc++abi.dylib: terminate called throwing an exception
Abort trap: 6
前面签名都过了,今天又冒出这个错,疯了

ent.xml是在根目录下么?
ldid是从我给的链接下载的吗?

ldid是从你给的链接下的
重新试了下:
wls-Mac:tool wl$ /opt/tool/ldid -S/opt/tool/ent.xml /opt/tool/debug/debugserver
minimal/mapping.h(54): _assert(false); errno=2

对了,忘了说了,我的xcode里有开发者账号(交了99美元的),是不是就不用ldid了
我试着直接用没有ldid的debugserver,出现下面的信息
jooteki-iPad:~ root# debugserver *:1234 -a “SpringBoard”
debugserver-300.2 for armv7.
Attaching to process SpringBoard…
error: failed to attach to process named: “” unable to start the exception thread
Exiting.

我重新下了debugserver(原来的只有100多k,现在下的有1M),然后瘦身、签名,都没有问题了。但执行时又遇到新的问题:
jooteki-iPad:~ root# debugserver *:1234 -a “SpringBoard”
Killed: 9上面的原因我知道了,是代码签名的问题,现在正常的代码签名后执行是这样:
jooteki-iPad:~ root# debugserver *:1234 -a “SpringBoard”
debugserver-300.2 for armv7.
Attaching to process SpringBoard…
error: failed to attach to process named: “” unable to start the exception thread
Exiting.

能告诉我是什么原因吗

我找到这个帖子,看上去还是签名有问题。给debugserver签entitlements也成功了吗?

怎样判断debugserver签entitlements成功没有我是有开发者账号的,和这个有关系吗

ldid -e debugserver