一步一步用debugserver + lldb代替gdb进行动态调试

wls-Mac:tool wl$ /opt/ldid -e /opt/debugserver
CTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>


com.apple.springboard.debugapplications

get-task-allow

task_for_pid-allow

run-unsigned-code


试试

chmod +x debugserver

吧,再不行我也没辙了,google或者联系作者群

签名应该是没有问题了,因为我刚才从没有加ldid的ios里面导出的debugserver,通过opt/ldid -e /opt/debugserver查看,本身就有entitlement。
导入到ios的/usr/bin下面,然后通过ssh连接上iOS,
zjmatotetsukue:~ root# debugserver *:1234 -a “SpringBoard”
zjmatotetsukue:~ root# //不报错,也没有任何提示
在osx上用端口转发:
wls-Mac:python-client wl$ ./tcprelay.py -t 1234:1234
在osx上进lldb:
wls-Mac:~ wl$ xcrun lldb
(lldb) platform select remote-ios
Platform: remote-ios
Connected: no
SDK Path: “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0”
SDK Roots: 0] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.2”
SDK Roots: 1] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/4.3”
SDK Roots: 2] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.0”
SDK Roots: 3] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/5.1”
SDK Roots: 4] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.0”
SDK Roots: 5] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/6.1”
SDK Roots: 6] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0”
SDK Roots: 7] “/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0.3 (11B508)”
SDK Roots: 8] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/5.0.1 (9A406)”
SDK Roots: 9] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/5.1.1 (9B206)”
SDK Roots: [10] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/6.1 (10B141)”
SDK Roots: [11] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/6.1.2 (10B146)”
SDK Roots: [12] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/6.1.3 (10B329)”
SDK Roots: [13] “/Users/wl/Library/Developer/Xcode/iOS DeviceSupport/7.0.6 (11B651)”
以上都没有问题,到下面就出问题:
连接远程监听端口
(lldb) process connect connect://127.0.0.1:1234
Process 0 connected
(lldb)
刚才的转发端口的窗口,发出错误消息:
wls-Mac:python-client wl$ ./tcprelay.py -t 1234:1234
Forwarding local port 1234 to remote port 1234
Incoming connection to 1234
Waiting for devices…
Connecting to device <MuxDevice: ID 15 ProdID 0x12a0 Serial ‘f721a964e879dbd1694d6ba4502c61a5c8914f70’ Location 0x3100000>

Exception happened during processing of request from (‘127.0.0.1’, 49415)
Traceback (most recent call last):
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 582, in process_request_thread
self.finish_request(request, client_address)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py”, line 639, in init
self.handle()
File “./tcprelay.py”, line 82, in handle
dsock = mux.connect(dev, self.server.rport)
File “/Users/wl/usbmuxd/python-client/usbmux.py”, line 235, in connect
return connector.connect(device, port)
File “/Users/wl/usbmuxd/python-client/usbmux.py”, line 206, in connect
raise MuxError(“Connect failed: error %d”%ret)
MuxError: Connect failed: error 3

一直都遇到这个error,怎么办
minimal/mapping.h(54): _assert(false); errno=2
libc++abi.dylib: terminate called throwing an exception
Abort trap: 6
gdb也是一直都attach不了app,一attach,gdb就报错segmentation fault 11,然后就crash了

你的这个error是什么操作报的?gdb是哪里下载的?

又重新弄了一次,前面都成功了(没有进行瘦身,直接ldid),但是当:
debugserver *:1234 -a “SpringBoard” 时,也遇到了跟gdb一样的error:
debugserver-300.2 for armv7.
Attaching to process SpringBoard…
Segmentation fault: 11
gdb我尝试了2个地方的源:

  1. https://code.google.com/p/apiexplorer/downloads/detail?name=gdb-1821.deb
  2. 书中提到的http://cydia.radare.org
    也装了gdbinit,都是这样的error:
    gdb$ attach SpringBoard.80519
    Attaching to process 80519.
    Segmentation fault: 11

补充一下 我的device(iPad4)本来是dev的机器,然后可以连着xcode进行真机调试,但突然有一天就不行了,程序一起来就自己停下来了,然后xcode端没有任何error提示

你看看你的iPad有没有/Developer这个目录?

嗯 有的 debugserver就是从Developer/usr/bin 这个路径拷出来然后进行后续操作的

那我就不是很清楚了,你可以试着把这个机子从Xcode的调试机里去除,再重新配置一遍

好的~ 谢谢 弱弱地问一句 这个去除是什么概念呢? 是说revoke注册的device然后重新加入吗

就是在Organizer里面把对应的设备remove掉,如下图:

@snakeninny 您好:

lldb connect 越狱机器后显示:

(lldb) process connect connect://192.168.58.203:1234
warning: unable to find and load segment named ‘__DATA’ at 0x3b475000 in ‘/Users/chenggong/Library/Developer/Xcode/iOS DeviceSupport/8.0 (12A4265u)/Symbols/usr/lib/system/liblaunch.dylib’ in macosx dynamic loader plug-in.
warning: (armv7) /Users/chenggong/Library/Developer/Xcode/iOS DeviceSupport/8.0 (12A4265u)/Symbols/usr/lib/system/libunwind.dylib address 0x000000003b493000 maps to more than one section: libunwind.dylib.__DATA and libsystem_platform.dylib.__DATA
Process 1426 stopped

  • thread #1: tid = 0xc6bc, 0x394e5a58, stop reason = signal SIGSTOP
    frame #0: 0x394e5a58
    error: read memory from 0x394e5a58 failed
    debugserver显示:

gong-teki-iPod-touch:~ root# debugserver *:1234 -a “SpringBoard”
debugserver-310.2 for armv7.
Attaching to process SpringBoard…
Listening to port 1234 for a connection from *…

是不是有什么问题? 还有就是SpringBoard中的那个menu方法是怎么定位的,多谢:)

error: failed to attach to process named: “” unable to start the exception thread 这种情况怎么解决的啊?我也碰到了

你是在调试iOS 8的App吗?

是在调用debugserver时报的错吗?

iphone4,ios7.1.1

是ipod touch5 iOS7.1.1

我试了一下,springboard 没问题,
但是换了一个app
在(lldb) process connect connect://192.168.1.101:1234时
就出现了
error: unable to find section for section 32
求解

我偶尔也出现这种问题,重新连几次就好了