如何使用Xcode在程序集文件上设置断点? [英] How to set a breakpoint on an assembly file using Xcode?

问题描述

我尝试了"breakpoint [行号]"，"breakpoint filename.s:line_number"，但是它们不起作用.目前，我必须完成所有步骤，这很麻烦

I tried "breakpoint [line number]", "breakpoint filename.s:line_number" but they don't work. Currently I have to step through all lines, and it's a hassle

推荐答案

作为替代，您可以:

1)显示带有汇编指令的内存

1) show memory with assembly instructions with

di

带有明确的参数

如果您需要进一步联系

di -c 1000 ;

如果您需要拆卸特定地址

if you need to disassemble a specific address

di -s <address>

2)设置内存断点

br s -a <memory address you found in previous step>

另一种选择更具破坏性，但实际上更省力，这在您的情况下可能有用也可能没有用.您可以在汇编代码中进行无效的syscall.您的程序将愉快地继续执行，但是在 SIGSYS / EXC_SYSCALL 的系统调用之后，下一条指令将中断 lldb .您尚未指定是针对 x86-64 还是 arm，因此设置会略有不同.

Another alternative is slightly more destructive but actually more effortless , which may or may not be useful in your case. You can make an invalid syscall in your assembly code. Your program will happily continue execution but lldb will break on the next instruction after the syscall with SIGSYS/EXC_SYSCALL. You haven't specified if you're targetting x86-64 or arm so the setup will differ slightly.

对于 x86-64 ，您将拥有

syscall

假设您的 rax 寄存器不是有效的系统调用，即在 0x2000xxx 范围内，破坏性部分将包括:

Assuming your rax register does not happen to be a valid syscall i.e in 0x2000xxx range the destructive part will include:

1)将 rax 寄存器的高32位清零

1) Zeroing upper 32bits of rax register

2) r11 将成为 rflags

3) rcx 将变为 rip (XNU内核用于从 syscall 返回用户空间)，但是，如果您单步执行 rcx 会变成我所说的 rsp

3) rcx will become rip (it's used by the XNU kernel for returning to the user space from the syscall), however if you single step rcx will become rsp as mentioned by me here

对于 32位和 64位臂，您可以使用以下方式进行系统调用:

For 32 bit and 64bit arm you can make a system call with:

svc 0x80 

任何1个字节^数字都可以使用，但是按照惯例，它是 0x80 .32 位使用 r12 作为系统调用号.64位使用 x16 .更多信息此处&此处.因此，基本上有效的范围是 0x0 - 0x0xxx .甚至无效的系统调用似乎也会影响 x0 & x1 (用于64位，因为我没有要测试的32位设备).因此，只要您考虑 x0 & x1 在系统调用后受到影响，并且碰巧有 x16 是无效的系统调用，您可以使用.

Btw any 1 byte^ number will work, but by convention it's 0x80. 32bit uses r12 for syscall number. 64bit uses x16. More info here & here. So basically valid ranges are 0x0 - 0x0xxx. Even invalid syscalls seem to affect x0 & x1 (for 64bit, as I don't have a 32bit device to test). So as long as you take into account x0 & x1 being affected after the syscall and happen to have x16 that is an invalid syscall you're good to go.

更新对于@PeterCordes的出色发言， x86的另一种替代方法是:

UPDATE To @PeterCordes excellent remark yet another alternative for x86 is:

int3

即调试器陷阱

等效臂是

trap

与 syscall 方法的区别在于，在 int3 / trap 之后，程序将继续执行并且只有在连接了调试器并执行lldb continue 命令时，附加值是完全不会影响寄存器.在系统调用方法中，程序也将继续执行，而调试器不会附加上述寄存器.

The difference vs syscall approach is the program execution after int3 / trap will continue if and only if debugger is attached and lldb continue command follows, the added value is it won't affect the registers at all. In the syscall approach the program will also continue execution without debugger attached with the aforementioned registers affected.

这篇关于如何使用Xcode在程序集文件上设置断点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！