Skip to content

Instantly share code, notes, and snippets.

@G5t4r

G5t4r/gist:cc5c11218b26497c0d9a6daf57e92ca5

Created May 31, 2018 06:47
Show Gist options
  • Save G5t4r/cc5c11218b26497c0d9a6daf57e92ca5 to your computer and use it in GitHub Desktop.
Save G5t4r/cc5c11218b26497c0d9a6daf57e92ca5 to your computer and use it in GitHub Desktop.
Download ZIP
Cycript 使用技巧
Raw
gistfile1.txt
UIApp.keyWindow.recursiveDescription().toString()
UIButton点击事件获取: [xxx allTargets] [xxx allControlEvents] [xxxx actionsForTarget:#0x12610c200 forControlEvent:64] [xx sendActionsForControlEvents:64]
地址转对象 var p = #0x8614390
打印变量的内存变量 *controller 或者 [i for (i in *UIApp)] 或者使用 function tryPrintIvars(a){ var x={}; for(i in *a){ try{ x[i] = (*a)[i]; } catch(e){} } return x; }
获取包名 NSBundle.mainBundle.bundleIdentifier
打印类的所有方法:
function printMethods(className, isa) {
var count = new new Type("I");
var classObj = (isa != undefined) ? objc_getClass(className).constructor : objc_getClass(className);
var methods = class_copyMethodList(classObj, count);
var methodsArray = [];
for(var i = 0; i < *count; i++) {
var method = methods[i];
methodsArray.push({selector:method_getName(method), implementation:method_getImplementation(method)});
}
free(methods);
return methodsArray;
}
// 使用 printMethods("MailboxPrefsTableCell") 获取类方法:printMethods("NSRunLoop", true)
正则匹配
function methodsMatching(cls, regexp) { return [[new Selector(m).type(cls), m] for (m in cls.prototype) if (!regexp || regexp.test(m))]; }
// 使用 methodsMatching(NSRunLoop, /forKey:$/)
使用NSBlog
NSLog_ = dlsym(RTLD_DEFAULT, "NSLog")
NSLog = function() { var types = 'v', args = [], count = arguments.length; for (var i = 0; i != count; ++i) { types += '@'; args.push(arguments[i]); } new Functor(NSLog_, types).apply(null, args); }
//NSLog("w ivars: %@", tryPrintIvars(w))
thread backtrace
command script import ~/sbr.py
x/10 $sp
po [MMServiceCenter _shortMethodDescription] // LLDB打印一类的方法
po [模型对象 _ivarDescription] // 打印变量
br s -n "-[TCWebViewKit open]"
register read // 打印寄存器
wivar 0x7f999bde0ba0 _subviews   // 给变量添加断点
bmessage -[NSViewController viewDidLoad] // 给方法下断点
pinternals 0x7f999bde0ba0 //打印变量
### 查找进程
`ps -e | grep /Applications`
### Cluth
查看已安装的App,以及Bundle ID
`Clutch -i`
砸壳
`Clutch -b 2` //2 为安装序列号
### debugserver
附加进程
`debugserver \*:1234 -a xxxxx`
启动并注入进程
`debugserver -x backboard \*:1234 /xxx/xxx/xx`
### class-dump
导出头文件(如果用Swift编写,有可能导出失败)
`class-dump -S -s -H 文件路径 -o 输出路径`
### lldb
调试常用基础命令

[参考文档](http://lldb.llvm.org/lldb-gdb.html)
附加到PID为79888的进程
`lldb -p 79888 `
附加到进程Minesweeper Deluxe
`lldb -n "Minesweeper Deluxe" `
配合DebugServer,进行远程调试
`process connect connect://192.168.199.164:1234 `
一般调试命令
```
p (SEL)$x1
po $x2
e int $a = 2
c //continue == process continue
n // next == thread step-over
s // step == thread step in
finish // thread step-out
br li //breakpoint list
breakpoint enable <breakpointID>
breakpoint disable <breakpointID>
breakpoint set // 创建断点
breakpoint set -F “-\[NSArray objectAtIndex:\]” // 准确的停止在函数的开始
breakpoint command add 1 //在断点1处添加命令,done结束输出
x/4c $str // x 命令查看内存,来看看新数组中的四个字节
```
查看进程中模块的偏移地址
`image list -o -f `
chisel是FaceBook为LLDB添加的扩张,极大方便我们调试软件
查找哪些View约束不完整或存在问题(正常开发用到)。
`alamborder `
循环打印view层级
`pviews self.view`
循环打印viewController的层级
`pvc <aViewController> 不传参数默认`
`viewController为当前的VC`
循环打印class的继承关系
`pclass <object>`
打印响应链
`presponder tableView`
打印一个对象内部的成员变量
`pinternals <object>`
根据viewController的Class名字查找VC
`fvc --name=viewcontroller`
e.g: 如果我们知道VC的view地址,也可以根据view来查找VC
`fvc --view=0x7fd0194194d0`
根据view的class名字查找view
`fv UILabel`
刷新界面
`caflush`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment