前期准备
- 崩溃日志地址(涉及敏感数据已屏蔽)
- 对应app 的 dSYM文件,利用
dwarfdump --uuid <file_to_detect>检测dSYM文件uuid和app执行文件uuid是否匹配
$ dwarfdump --uuid APP_BUNDLE_NAME.app.dSYM
UUID: F181E27B-CE37-3525-93FD-DC3A16827D20 (armv7) APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME
UUID: 3D16DCD2-749C-3D41-BEF1-333E55AA28BB (arm64) APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME
$ dwarfdump --uuid APP_BUNDLE_NAME/Payload/APP_BUNDLE_NAME.app/APP_BUNDLE_NAME
UUID: F181E27B-CE37-3525-93FD-DC3A16827D20 (armv7) APP_BUNDLE_NAME/Payload/APP_BUNDLE_NAME.app/APP_BUNDLE_NAME
UUID: 3D16DCD2-749C-3D41-BEF1-333E55AA28BB (arm64) APP_BUNDLE_NAME/Payload/APP_BUNDLE_NAME.app/APP_BUNDLE_NAME
出错堆栈
0 libobjc.A.dylib 0x00000001941bbbdc objc_msgSend + 28
1 UIKit 0x00000001885f0f74 0x00000001881fc000 + 4149108
2 UIKit 0x00000001882e5bec 0x00000001881fc000 + 957420
3 UIKit 0x00000001882e5960 0x00000001881fc000 + 956768
4 UIKit 0x00000001882ec5e0 0x00000001881fc000 + 984544
5 UIKit 0x00000001882095f8 0x00000001881fc000 + 54776
6 UIKit 0x000000018822aa34 0x00000001881fc000 + 191028
7 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
8 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
9 UIKit 0x000000018822aa34 0x00000001881fc000 + 191028
10 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
11 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
12 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
13 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
14 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
15 UIKit 0x0000000188209310 0x00000001881fc000 + 54032
16 UIKit 0x00000001882089e0 0x00000001881fc000 + 51680
17 Foundation 0x0000000184891908 0x000000018483c000 + 350472
18 UIKit 0x00000001882088a0 0x00000001881fc000 + 51360
19 UIKit 0x00000001882143a0 0x00000001881fc000 + 99232
20 UIKit 0x00000001883000b0 0x00000001881fc000 + 1065136
21 UIKit 0x0000000188344128 0x00000001881fc000 + 1343784
22 UIKit 0x00000001883439f0 0x00000001881fc000 + 1341936
23 UIKit 0x000000018840d5c4 0x00000001881fc000 + 2168260
24 UIKit 0x0000000188241418 0x00000001881fc000 + 283672
25 UIKit 0x000000018840d430 0x00000001881fc000 + 2167856
26 UIKit 0x0000000188241418 0x00000001881fc000 + 283672
27 UIKit 0x000000018822a52c 0x00000001881fc000 + 189740
28 UIKit 0x000000018840d068 0x00000001881fc000 + 2166888
29 UIKit 0x0000000188241418 0x00000001881fc000 + 283672
30 UIKit 0x000000018822a52c 0x00000001881fc000 + 189740
31 UIKit 0x0000000188240db4 0x00000001881fc000 + 282036
32 UIKit 0x0000000188200750 0x00000001881fc000 + 18256
33 CoreFoundation 0x0000000183a16a50 0x0000000183938000 + 911952
34 CoreFoundation 0x0000000183a139dc 0x0000000183938000 + 899548
35 CoreFoundation 0x0000000183a13dbc 0x0000000183938000 + 900540
36 CoreFoundation 0x00000001839410a4 CFRunLoopRunSpecific + 396
37 GraphicsServices 0x000000018cadb5a4 GSEventRunModal + 168
38 UIKit 0x0000000188272aa4 UIApplicationMain + 1488
39 APP_BUNDLE_NAME 0x0000000100327938 0x00000001000a0000 + 2652472
40 libdyld.dylib 0x0000000194816a08 0x0000000194814000 + 10760
分析数据
- Stack Address(栈地址): 0x0000000100327938
- Load Address(首地址): 0x00000001000a0000
- Slide Value(32位虚拟地址): 0x00004000
- Slide Value(64位虚拟地址): 0x0000000100000000
- Symbol Offset(偏移量): 2652472
- File Address(32位文件地址): 0x28B938
- File Address(64位文件地址): 0x100287938
注意虚拟地址区分32位(LC_SEGMENT)和64位(LC_SEGMENT_64)段的不同
数据关系说明
数据关系说明
获取虚拟地址
对于 ATOS,它会主动帮你计算虚拟地址,只要你提供了首地址和栈地址;对于 dwarfdump 和 lldb 而言,它们需要使用文件地址,所以还需要虚拟地址。我们可以使用 otool来获取 dSYM 文件中的虚拟地址。
$ otool -l APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME
...
Load command 3
cmd LC_SEGMENT
cmdsize 736
segname __TEXT
vmaddr 0x00004000
vmsize 0x00c3c000
fileoff 0
filesize 0
maxprot 0x00000005
initprot 0x00000005
nsects 10
flags 0x0
...
Load command 3
cmd LC_SEGMENT_64
cmdsize 952
segname __TEXT
vmaddr 0x0000000100000000
vmsize 0x0000000000d94000
fileoff 0
filesize 0
maxprot 0x00000005
initprot 0x00000005
nsects 11
flags 0x0
...
使用ATOS进行符号化
atos -arch \<architecture\> -o \<binary filename\> -l \<load address\> \<stack address 1\> \<stack address 2\> ...
$ atos -arch arm64 -o APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME
-l 0x00000001000a0000 0x0000000100327938
main (in ) (main.m:14)
使用lldb进行符号化
(lldb) target create --arch arm64 ./APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME
Current executable set to './APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME' (arm64).
(lldb) image lookup --address 0x100287938
Address: APP_BUNDLE_NAME[0x0000000100287938] (APP_BUNDLE_NAME.__TEXT.__text + 2632468)
Summary: APP_BUNDLE_NAME`main + 88 at main.m:14
使用dwarfdump进行符号化
$ dwarfdump --lookup 0x100287938 --arch arm64 APP_BUNDLE_NAME.app.dSYM
----------------------------------------------------------------------
File: APP_BUNDLE_NAME.app.dSYM/Contents/Resources/DWARF/APP_BUNDLE_NAME (arm64)
----------------------------------------------------------------------
Looking up address: 0x0000000100287938 in .debug_info... found!
0x002942c4: Compile Unit: length = 0x0000024d version = 0x0002
abbr_offset = 0x00000000 addr_size = 0x08 (next CU at 0x00294515)
0x002942cf: TAG_compile_unit [106] *
AT_producer( "Apple LLVM version 8.1.0 (clang-802.0.38)" )
AT_language( DW_LANG_ObjC )
AT_name( "/Users/user/APP_PROJECT_NAME/APP_PROJECT_NAME/main.m" )
AT_stmt_list( 0x00128d9d )
AT_comp_dir( "/Users/user/APP_PROJECT_NAME" )
AT_APPLE_optimized( 0x01 )
AT_APPLE_major_runtime_vers( 0x02 )
AT_low_pc( 0x00000001002878d8 )
AT_high_pc( 0x0000000100287960 )
0x00294480: TAG_subprogram [226] *
AT_low_pc( 0x00000001002878e0 )
AT_high_pc( 0x0000000100287960 )
AT_frame_base( reg29 )
AT_name( "main" )
AT_decl_file( "/Users/user/APP_PROJECT_NAME/APP_PROJECT_NAME/main.m" )
AT_decl_line( 12 )
AT_prototyped( 0x01 )
AT_type( {0x002944c7} ( int ) )
AT_external( 0x01 )
AT_APPLE_optimized( 0x01 )
Line table dir : '/Users/user/APP_PROJECT_NAME/APP_PROJECT_NAME'
Line table file: 'main.m' line 14, column 16 with start address 0x0000000100287924
Looking up address: 0x0000000100287938 in .debug_frame... not found.
网友评论