让LLDB效率倍增--Python脚本--Chisel

起因是因为要逆向一个系统软件,发现无法使用Cycript注入,只能使用LLDB,但是又十分怀念使用Cycript自定义方法的功能.如何寻找LLDB下的替代方法.翻看文档才知道LLDB还有Python脚本这功能:sweat:.

这里分享一个LLDB的Python库Chisel
##Chisel
Chisel是Facebook写的LLDB的指令集合,十分强大!十分强大!十分强大!

效果

pviews 打印视图结构

(lldb) pviews 
[ D A      w   ] h=-&- v=-&- NSView 0x7f999bde1190 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdf0bf0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
  [ D AF     W   ] h=-&- v=-&- NSSplitView 0x7f999bdde180 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bddfd70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [  HA      w   ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999bde1760 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bdab7f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
      [  hA      w   ] h=--- v=--- NSVisualEffectView 0x7f999bdddd50 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bd77c00> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
        [  hA      w   ] h=--- v=--- NSView 0x7f999d8612b0 f=(0,0,163,516) b=(-) => <_NSViewBackingLayer: 0x7f999bd9e380> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [ D A      w   ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999bdc80e0 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdaa970> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
      [ D A      w   ] h=--- v=--- NSView 0x7f999bc69880 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdaa9a0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
        [ D A  O   W   ] h=--- v=--- CalUICalendarContainerView 0x7f999bc6e2c0 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bd3e5b0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
          [ D A  O   W   ] h=--- v=--- CalUIMonthContentView 0x7f999bf83b40 f=(0,0,935,560) b=(-) => <_NSViewBackingLayer: 0x7f999bf57b80> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
            [ D AF     w   ] h=--- v=--- InfiniteSwipeControllerScrollView 0x7f999d8de290 f=(0,0,935,480) b=(-) => <_NSViewBackingLayer: 0x7f999de09030> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
              [ D AF     w   ] h=-&- v=-&- InfiniteSwipeControllerClipView 0x7f999d8dfa50 f=(0,0,935,480) b=(0,2.09715e+06,-,-) => <CalUILayer: 0x7f999d8df760> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
                [ D AF     W   ] h=--- v=--- InfiniteSwipeControllerDocumentView 0x7f999d8de3b0 f=(0,0,935,4.1943e+06) b=(-) => <_NSViewBackingLayer: 0x7f999d8de460> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
.........................................
[   AF     W   ] h=--- v=--- CalUIAutolayoutTextField 0x7f999de0d040 "周六" f=(890,8,36,19) b=(-) => <_NSViewBackingLayer: 0x7f999de0d5f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
          [   AF     w   ] h=--- v=--- CalUIDateNavigator 0x7f999bf7a9d0 f=(822,521,102,24) b=(-) => <_NSViewBackingLayer: 0x7f999d8d2a00> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
            [   AF     w   ] h=--- v=--- NSSegmentItemView 0x7f999bf30710 f=(0,0,25,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf86a40> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
            [   AF     w   ] h=--- v=--- NSSegmentItemView 0x7f999bf7b450 f=(25,0,53,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf432c0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
              [   AF     w   ] h=--- v=--- NSSegmentItemLabelView 0x7f999d859b70 "今天" f=(11,2,30,17) b=(-) => <_NSViewBackingLayer: 0x7f999bf78e80> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
            [   AF     w   ] h=--- v=--- NSSegmentItemView 0x7f999bf66820 f=(78,0,24,24) b=(-) => <_NSViewBackingLayer: 0x7f999bf425c0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [  HA      w   ] h=--- v=--- _NSSplitViewItemViewWrapper 0x7f999d8a7ad0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bddbd40> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
      [  hA      w   ] h=--- v=--- NSVisualEffectView 0x7f999bde25e0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bdda720> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
        [  hA      w   ] h=--- v=--- CalUISearchSidebarView 0x7f999d85e5c0 f=(0,0,205,0) b=(-) => <_NSViewBackingLayer: 0x7f999bd7da70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [  HA      w   ] h=--- v=--- NSVibrantSplitDividerView 0x7f999bde3080 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde50a0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
      [  hA      w   ] h=--- v=--- NSVisualEffectView 0x7f999bde38e0 f=(2,0,1,560) b=(-) => <_NSViewBackingLayer: 0x7f999bddd2d0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
        [  hA    V w   ] h=--- v=--- NSSplitDividerView 0x7f999bde48c0 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bdc5760> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [  HA      w   ] h=--- v=--- NSVibrantSplitDividerView 0x7f999bde3150 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde29f0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
      [  hA      w   ] h=--- v=--- NSVisualEffectView 0x7f999bddc790 f=(2,0,1,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde2a70> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
        [  hA    V w   ] h=--- v=--- NSSplitDividerView 0x7f999bd2fdf0 f=(-2,0,5,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde2ad0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [ D A      w   ] h=--- v=--- _NSSplitViewSpringLoadingView 0x7f999bde0080 f=(0,0,15,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde0910> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
    [   A      w   ] h=--- v=--- _NSSplitViewSpringLoadingView 0x7f999bde0ba0 f=(920,0,15,560) b=(-) => <_NSViewBackingLayer: 0x7f999bde0fa0> TIME drawRect: min/mean/max 0.00/0.00/0.00 ms
A=autoresizesSubviews, C=canDrawConcurrently, D=needsDisplay, F=flipped, G=gstate, H=hidden (h=by ancestor), L=needsLayout (l=child needsLayout), U=needsUpdateConstraints (u=child needsUpdateConstraints), O=opaque, P=preservesContentDuringLiveResize, S=scaled/rotated, W=wantsLayer (w=ancestor wantsLayer), V=needsVibrancy (v=allowsVibrancy), #=has surface

presponder 打印响应者链条

(lldb) presponder 0x7f999bde0ba0
<_NSSplitViewSpringLoadingView: 0x7f999bde0ba0>
   | <NSSplitView:0x7f999bdde180 delegate="(CalUISplitViewController)0x7f999bddba60" layout="constraints", dividers="views", arrangesAllSubviews="no">
   |    | <NSView: 0x7f999bde1190>
   |    |    | <CalUISplitViewController: 0x7f999bddba60>
   |    |    |    | <CALWindow: 0x7f999bc7f290>
   |    |    |    |    | <CalWindowController: 0x7f999bd413c0>

pinternals 打印对象详细属性

(lldb) pinternals 0x7f999bde0ba0
(_NSSplitViewSpringLoadingView) $56 = {
  NSView = {
    NSResponder = {
      NSObject = {
        isa = _NSSplitViewSpringLoadingView
      }
      _nextResponder = 0x00007f999bdde180
    }
    _superview = 0x00007f999bdde180
    _subviews = nil
    _window = 0x00007f999bc7f290
    _unused_was_gState = nil
    _frameMatrix = nil
    _layer = 0x00007f999bde0fa0
    _dragTypes = 0x00007f999bde0a60 1 element
    _viewAuxiliary = 0x00007f999bde0c60
  }
  _springLoadingHandler = 0x00007f999bde0f20
  _canSpringLoadHandler = 0x00007f999bde0f70
  _orientation = 1
  _didSpringLoad = '\0'
}

bmessage 根据方法名称下断点

(lldb) bmessage -[NSViewController viewDidLoad]
Setting a breakpoint at -[NSViewController viewDidLoad] with condition (void*)object_getClass((id)$rdi) == 0x00007fff77fa4398
Breakpoint 1: where = AppKit`-[NSViewController viewDidLoad], address = 0x00007fff9669aee9

wivar 添加一个观察断点

(lldb) wivar 0x7f999bde0ba0 _subviews
Remember to delete the watchpoint using: watchpoint delete 1

这四样的意义相信大家都懂的,还有更多的实用命令在里边 ,使用 help 就可以查看其余指令如何使用了
##安装

  • 开始,命令行输入
brew update
brew install chisel
  • 最后,命令行输入
echo  command script import /usr/local/Cellar/chisel/libexec/fblldb.py >> ~/.lldbinit 

开始愉快的使用吧!

ps : 论坛的Markdown 体验十分之好啊

5 个赞

对lldb的扩展,非常爽啊

补充一下 Chisel在Xcode7.3下 pviews,pclass等命令显示为空白,但是在Xcode7.3.1下重新运行正常

这个很爽,有了这些东西调试方便很多了

在ios上能用嘛

print("THX 4 share. 补充了很实用功能.")

刚按照楼主的方法安装 发现出了一些问题。
发现在输入
echo command script import /usr/local/Cellar/chisel/libexec/fblldb.py >> ~/.lldbinit
时无效。
原因时新版的chisel 增加了版本号的目录。
关于版本号大家可以 自行在 /usr/local/Cellar/chisel/ 中查找
比如我使用的命令为:
echo command script import /usr/local/Cellar/chisel/1.5.0/libexec/fblldb.py >> ~/.lldbinit 即可
希望能够帮助大家

并不需要
homebrew安装的话直接brew info chisel 就能看到

谢谢指点。

涨姿势了。

真心不错 牛逼

安装好了之后,用lldb+debugserver调试ios中的计算器,发现lldb中输入pviews,
显示:
error: error: No value
None
请问为什么显示不对呢?确认chisel是安装好了的,在lldb中输入help,能看到有pviews等命令。