Giter Club home page Giter Club logo

Comments (7)

chenhuimao avatar chenhuimao commented on August 18, 2024 1

可以看一下我写的tracefunction和traceinstruction命令,也许能给你提供一点思路?通过lldb实现指令级别的监控太耗时了,我的方案还没能解决耗时问题。

from hmlldb.

chenhuimao avatar chenhuimao commented on August 18, 2024

1.frame.EvaluateExpression('@import Foundation;@import UIKit;@import ObjectiveC;')
(example: https://github.com/chenhuimao/HMLLDB/blob/master/commands/HMLLDBHelpers.py, evaluate_expression_value)

2.Use common APIs.Use "id" to represent specific objective-c types.

3.Use typedef.
(example: https://github.com/chenhuimao/HMLLDB/blob/master/commands/HMExpressionPrefix.py)

4.The variable identifies the type when used. The return value also identifies the type.
❌Class inputClass = objc_lookUpClass([clsName UTF8String]);
✅Class inputClass = (Class)objc_lookUpClass((char *)[(NSString *)clsName UTF8String]);

5.Sometimes it is necessary to use the objc_msgSend function.
(example: https://github.com/chenhuimao/HMLLDB/blob/master/commands/HMSandbox.py)

6.Get the address of the function and call it with a function pointer.
(I wrote a function to get the address of a function, but haven't actually used it yet. https://github.com/chenhuimao/HMLLDB/blob/master/commands/HMLLDBHelpers.py, get_function_address)

from hmlldb.

reverseXiang avatar reverseXiang commented on August 18, 2024

老哥,你太强了。我这里还有一种简化脚本逻辑的方法,自己把复杂的oc调用写入三方库注入到应用里,lldb可以直接调用注入的三方库里的OC方法,这样就不需要在python里面写那些蹩脚的OC语法了

from hmlldb.

chenhuimao avatar chenhuimao commented on August 18, 2024

老哥,你太强了。我这里还有一种简化脚本逻辑的方法,自己把复杂的oc调用写入三方库注入到应用里,lldb可以直接调用注入的三方库里的OC方法,这样就不需要在python里面写那些蹩脚的OC语法了

我的这个库有几个原则,一个是支持真机,二是任何项目可以直接使用,工程不用做任何修改。
好处是方便大家上手,而且主要是为了debug而不是reverse,不对原有项目做任何侵入。
类似的方案我也想过,就是提前写好framework,模拟器倒是可以直接dlopen电脑本地framework,而真机需要访问电脑本地文件,有点麻烦。
你的方案恐怕不支持真机,或者需要改工程配置?

from hmlldb.

reverseXiang avatar reverseXiang commented on August 18, 2024

我主要是为了reverse,做的mac逆向。对于上面你提的问题,如果是在越狱设备的话问题不大

from hmlldb.

reverseXiang avatar reverseXiang commented on August 18, 2024

目前在尝试一种大批量指令的trace功能,做到汇编级别的监控,通过lldb实现trace功能,因为监控大量汇编指令的同时加了各种条件过滤和符号解析,所以难免遇到各种问题。我在python里调用一些三方库写好的符号解析逻辑,第一次调用经常会失败,报错,调用成功一次以后,后面就又可以正常运行了。

from hmlldb.

reverseXiang avatar reverseXiang commented on August 18, 2024

我第一次看见lldb还有thread step-scripted这种命令,这些指令都好小众(涨见识了)。我的指令级监控基本实现了,选择的方案是下断点,但只能实现对单个线程的监控,同时将其它线程都挂起,不然会变得非常慢。这个方案整体下来,目前上万条指令是跑通过的,印象中耗时2-3分钟吧

from hmlldb.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.