使用lldb调试时,在GCD里面调用的函数,如何找到外层调用函数


#1

在调试一个函数,在这个函数下断点后,通过lldb 打印bt 如下:

(lldb) c
Process 703 resuming
Process 703 stopped

  • thread #1, queue = ‘com.apple.main-thread’, stop reason = breakpoint 3.1
    frame #0: 0x006d8ee2 WeChat_mh_execute_header + 6299362 WeChat_mh_execute_header:
    -> 0x6d8ee2 <+6299362>: .long 0x41b8f249 ; unknown opcode
    0x6d8ee6 <+6299366>: vsubw.s8 q9, q0, d0
    0x6d8eea <+6299370>: ldrbtmi r3, [r9], #-290
    0x6d8eee <+6299374>: .long 0xf0036809 ; unknown opcode
    Target 0: (WeChat) stopped.
    (lldb) bt
  • thread #1, queue = ‘com.apple.main-thread’, stop reason = breakpoint 3.1
    • frame #0: 0x006d8ee2 WeChat_mh_execute_header + 6299362 frame #1: 0x005c3dc6 WeChat_mh_execute_header + 5164486
      frame #2: 0x005c59b8 WeChat_mh_execute_header + 5171640 frame #3: 0x00471248 WeChat_mh_execute_header + 3777096
      frame #4: 0x0046e4a8 WeChat_mh_execute_header + 3765416 frame #5: 0x003ba8d2 WeChat_mh_execute_header + 3029202
      frame #6: 0x003b35f2 WeChat_mh_execute_header + 2999794 frame #7: 0x0023cf06 WeChat_mh_execute_header + 1466118
      frame #8: 0x0023ccd8 WeChat_mh_execute_header + 1465560 frame #9: 0x0023ddee WeChat_mh_execute_header + 1469934
      frame #10: 0x0023d65c WeChat_mh_execute_header + 1467996 frame #11: 0x0023d528 WeChat_mh_execute_header + 1467688
      frame #12: 0x0023db44 WeChat_mh_execute_header + 1469252 frame #13: 0x0023e1e6 WeChat_mh_execute_header + 1470950
      frame #14: 0x0023d19a WeChat_mh_execute_header + 1466778 frame #15: 0x0023d06a WeChat_mh_execute_header + 1466474
      frame #16: 0x003b5ce8 WeChat_mh_execute_header + 3009768 frame #17: 0x30e1c422 libdispatch.dylib_dispatch_call_block_and_release + 10
      frame #18: 0x30e1c40e libdispatch.dylib_dispatch_client_callout + 22 frame #19: 0x30e271b4 libdispatch.dylib_dispatch_main_queue_callback_4CF$VARIANT$mp + 712
      frame #20: 0x2300f630 CoreFoundation__CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 8 frame #21: 0x2300dd50 CoreFoundation__CFRunLoopRun + 1512
      frame #22: 0x22f5ab30 CoreFoundationCFRunLoopRunSpecific + 476 frame #23: 0x22f5a942 CoreFoundationCFRunLoopRunInMode + 106
      frame #24: 0x2a33a050 GraphicsServicesGSEventRunModal + 136 frame #25: 0x265506f0 UIKitUIApplicationMain + 1440
      frame #26: 0x001dd85c WeChat_mh_execute_header + 1075292 frame #27: 0x30e57aae libdyld.dylibstart + 2

发现其是在GCD里的_dispatch_main_queue_callback调用的,如何找到GCD的外层函数,求大神。


#2

用IDA,找这个block的引用。

代码如下

IDA找到这个block,列出他的引用,跳过去。

本质一个block是一个结构体,中间一个成员变量是函数指针,所以上面跳到是这个结构体的位置,
再点一次这个结构体的引用,就能找到代码的位置了。