AwemeCore逆向

对于:

Xcode的lldb调试时,试试:

  • 对于Block变量,调用各种函数
    • Block_size
    • _Block_has_signature
    • _Block_use_stret
    • _Block_signature
    • _Block_layout
    • _Block_extended_layout
    • _Block_tryRetain
    • _Block_isDeallocating

的实际例子:

之前逆向抖音的AwemeCore期间,遇到调试某对应的Block函数调用细节是:

触发函数调用:AwemeCore`___lldb_unnamed_symbol1381076$$AwemeCore:

awemecore_lldb_unnamed_symbol1381076

可以查看具体的Block函数细节:

此处传入的是x0寄存器,就是(早已初始化好的)Block本身:

(lldb) reg r x0
      x0 = 0x000000014726ef70
(lldb) po 0x000000014726ef70
<__NSMallocBlock__: 0x14726ef70>
 signature: "v32@?0@"NSError"8@16@"TTHttpResponse"24"
 invoke   : 0x111735758 (/private/var/containers/Bundle/Application/1FFDC079-CC8A-4219-955A-E01C73207969/Aweme.app/Frameworks/AwemeCore.framework/AwemeCore`-[MKMapView(AWEMap) awe_screenScope])
 copy     : 0x108c97674 (/private/var/containers/Bundle/Application/1FFDC079-CC8A-4219-955A-E01C73207969/Aweme.app/Frameworks/AwemeCore.framework/AwemeCore`+[AWELaunchMainPlaceholder _generateBootLoaderLogs])
 dispose  : 0x108c9767c (/private/var/containers/Bundle/Application/1FFDC079-CC8A-4219-955A-E01C73207969/Aweme.app/Frameworks/AwemeCore.framework/AwemeCore`+[AWELaunchMainPlaceholder _generateBootLoaderLogs])

以及Block的每个属性的详情:

(lldb) po Block_size(0x14726ef70)
0x0000000000000030

(lldb) po _Block_has_signature(0x14726ef70)
0x0000000000000001

(lldb) po _Block_use_stret(0x14726ef70)
 nil
(lldb) po _Block_signature(0x14726ef70)
0x0000000107067dd6

(lldb) po _Block_layout(0x14726ef70)
 nil
(lldb) po _Block_extended_layout(0x14726ef70)
0x0000000000000100

(lldb) po _Block_tryRetain(0x14726ef70)
0x0000000000000001

(lldb) po _Block_isDeallocating(0x14726ef70)
 nil

供参考。

results matching ""

    No results matching ""