2021-01-01 00:00:00
lxkt
下断点到 反汇编的 block bl 跳转 地址上
(lldb) br s -a "0x00000001000060b4+0x00000000000c4000"
Breakpoint 1: where = block_hook`-[ViewController btn:] + 192 at ViewController.m:29, address = 0x00000001000ca0b4
Process 44042 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x00000001000ca0b4 block_hook`-[ViewController btn:](self=0x000000013feb23a0, _cmd="btn:", sender=0x000000013feb96a0) at ViewController.m:29
26
27 ViewController1 *vc = [ViewController1 new];
28
-> 29 [vc back:^(BOOL isHid, NSDictionary *dict, int age ) {
30 self.age.text = [NSString stringWithFormat:@"%d",age];
31 self.dict.text = dict[@"name"];
32 self.isHid.text = [NSString stringWithFormat:@"%@",isHid?@"YES":@"NO"];
Target 0: (block_hook) stopped.
查看是否定位到断点上
(lldb) po $x0
(lldb) p (char *)$x1
(char *) $1 = 0x000000018c6d237d "back:"
(lldb) po $x1
6650930045
(lldb) po $x2
<__NSStackBlock__: 0x16fd39f58>
(lldb) memory read --size 8 --format x 0x16fd39f58
0x16fd39f58: 0x00000001a1014218 0x00000000c2000000
0x16fd39f68: 0x00000001000ca0fc 0x00000001000cc098
0x16fd39f78: 0x000000013feb23a0 0x000000013fd4f930
0x16fd39f88: 0x000000013feb96a0 0x00000001000cab8a
(lldb) disassemble --start-address 0x00000001000ca0fc
block_hook`__22-[ViewController btn:]_block_invoke:
0x1000ca0fc <+0>: sub sp, sp, #0x90 ; =0x90
0x1000ca100 <+4>: stp x29, x30, [sp, #0x80]
0x1000ca104 <+8>: add x29, sp, #0x80 ; =0x80
0x1000ca108 <+12>: sub x8, x29, #0x18 ; =0x18
0x1000ca10c <+16>: mov x9, #0x0
0x1000ca110 <+20>: stur x0, [x29, #-0x8]
0x1000ca114 <+24>: mov x10, x0
0x1000ca118 <+28>: sturb w1, [x29, #-0x9]
(lldb) br s -a 0x00000001000ca0fc
Breakpoint 2: where = block_hook`__22-[ViewController btn:]_block_invoke at ViewController.m:29, address = 0x00000001000ca0fc
(lldb) memory read --size 4 --format x 0x16fd39f58
0x16fd39f58: 0xa1014218 0x00000001 0xc2000000 0x00000000
0x16fd39f68: 0x000ca0fc 0x00000001 0x000cc098 0x00000001
查看是否有函数签名
(lldb) expression -- ((0xc2000000 & (1 << 30)) != 0)
(bool) $4 = true
(lldb) expression -- ((0xc2000000 & (1 << 25)) != 0)
(bool) $5 = true
(lldb) memory read --size 8 --format x 0x00000001000cc098
0x1000cc098: 0x0000000000000000 0x0000000000000028
0x1000cc0a8: 0x00000001000ca33c 0x00000001000ca388
0x1000cc0b8: 0x00000001000cb5ef 0x0000000000000100
0x1000cc0c8: 0x00000001a1016ae8 0x00000000000007c8
(lldb) p (char *)0x00000001000cb5ef
(char *) $6 = 0x00000001000cb5ef "v24@?0B8@"NSDictionary"12i20"
(lldb) po [NSMethodSignature signatureWithObjCTypes:"v24@?0B8@\"NSDictionary\"12i20"]
number of arguments = 4
frame size = 224
is special struct return? NO
return value: -------- -------- -------- --------
type encoding (v) 'v'
flags {}
modifiers {}
frame {offset = 0, offset adjust = 0, size = 0, size adjust = 0}
memory {offset = 0, size = 0}
argument 0: -------- -------- -------- --------
type encoding (@) '@?'
flags {isObject, isBlock}
modifiers {}
frame {offset = 0, offset adjust = 0, size = 8, size adjust = 0}
memory {offset = 0, size = 8}
argument 1: -------- -------- -------- --------
type encoding (B) 'B'
flags {}
modifiers {}
frame {offset = 8, offset adjust = 0, size = 8, size adjust = -7}
memory {offset = 0, size = 1}
argument 2: -------- -------- -------- --------
type encoding (@) '@"NSDictionary"'
flags {isObject}
modifiers {}
frame {offset = 16, offset adjust = 0, size = 8, size adjust = 0}
memory {offset = 0, size = 8}
class 'NSDictionary'
argument 3: -------- -------- -------- --------
type encoding (i) 'i'
flags {isSigned}
modifiers {}
frame {offset = 24, offset adjust = 0, size = 8, size adjust = -4}
memory {offset = 0, size = 4}
(lldb)
还原后方法的 block 参数
- (void)back:(void(^)(bool,NSDictionary,int))arg1;
网友评论