上代码,希望懂的朋友指点下!!拜谢
(lldb) ni
Process 13409 stopped
* thread #1: tid = 0xe7225, 0x00007fff958920dd libobjc.A.dylib`objc_msgSend + 29, queue = 'com.apple.main-thread', stop reason = instruction step over
frame #0: 0x00007fff958920dd libobjc.A.dylib`objc_msgSend + 29
libobjc.A.dylib`objc_msgSend:
-> 0x7fff958920dd <+29>: andl 0x18(%r11), %r10d
//这句代码执行后 r10就全零了 不懂??
0x7fff958920e1 <+33>: shlq $0x4, %r10
0x7fff958920e5 <+37>: addq 0x10(%r11), %r10
0x7fff958920e9 <+41>: cmpq (%r10), %rsi
(lldb) re read rdi rsi r11 r10
rdi = 0x0000000100201200
rsi = 0x00007fff965eb509
r11 = 0x00007fff5fbffa40
r10 = 0x00007fff965eb509
//之前的值
(lldb) ni
Process 13409 stopped
* thread #1: tid = 0xe7225, 0x00007fff958920e1 libobjc.A.dylib`objc_msgSend + 33, queue = 'com.apple.main-thread', stop reason = instruction step over
frame #0: 0x00007fff958920e1 libobjc.A.dylib`objc_msgSend + 33
libobjc.A.dylib`objc_msgSend:
-> 0x7fff958920e1 <+33>: shlq $0x4, %r10
0x7fff958920e5 <+37>: addq 0x10(%r11), %r10
0x7fff958920e9 <+41>: cmpq (%r10), %rsi
0x7fff958920ec <+44>: jne 0x7fff958920f2 ; <+50>
(lldb) re read rdi rsi r11 r10
rdi = 0x0000000100201200
rsi = 0x00007fff965eb509
r11 = 0x00007fff5fbffa40
r10 = 0x0000000000000000
//全零了
(lldb) x 0x00007fff5fbffa40
//%r11
0x7fff5fbffa40: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ????????????????
0x7fff5fbffa50: f0 ff 6f 00 01 00 00 00 00 00 00 08 00 00 00 00 ??o.............
(lldb) x 0x00007fff5fbffa58
//0x18(%r11)
0x7fff5fbffa58: 00 00 00 08 00 00 00 00 20 ab 08 10 96 e3 00 04 ........ ?...?..
0x7fff5fbffa68: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[课程]Android-CTF解题方法汇总!
