Cheat sheet
Basic commands
| Command | Example | Comment |
| re re |
Read the registers Write to registers |
|
| b |
b 0x00000076cb964ed0 b libc.so`sendto breakpoint set -s libc.so -n send |
|
| watchpoint | `w s e -s 1 -w read_write -- $x0&0x0000FFFFFFFFFFFF` | hardware |
| image lookup -r -n <symbol> |
image lookup -r -n fopen image lookup -r -n send libc.so |
regex lookup function name |
| image lookup -a <address> | (lldb) image lookup -a `((int ***)$x0)[0][6]` Address: libart.so[0x00000000003900c0] (libart.so.PT_LOAD[1]..text + 2515136) Summary: libart.so`art::JNI<false>::FindClass(_JNIEnv*, char const*) (lldb) image lookup -a 0x000000787952b0c0 Address: libart.so[0x00000000003900c0] (libart.so.PT_LOAD[1]..text + 2515136) Summary: libart.so`art::JNI<false>::FindClass(_JNIEnv*, char const*) |
translate address to symbol, in example - parsing JNIEnv * object |
| memory region <ADDRESS> | (lldb) mem reg 0x0000007c23b510f8 [0x0000007c23b47000-0x0000007c23b52000) r-- /data/app/XXX/YYY/base.apk |
shows the region of the specified address |
| memory read --outfile <PATH> --binary --force <START_ADDR> <END_ADDR> | (lldb) memory read --outfile C:\temp\dump.bin --binary --force 0x0000007872124000 0x000000787219a000 483328 bytes written to 'C:\temp\dump.bin' |
dump binary memory |