{"id":13843684,"url":"https://github.com/4ch12dy/xia0LLDB","last_synced_at":"2025-07-11T19:33:11.533Z","repository":{"id":41274861,"uuid":"149711834","full_name":"4ch12dy/xia0LLDB","owner":"4ch12dy","description":"LLDB python scripts for  iOS arm64 reversing by xia0","archived":false,"fork":false,"pushed_at":"2023-05-11T13:51:45.000Z","size":3979,"stargazers_count":637,"open_issues_count":15,"forks_count":111,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-08-05T17:38:36.157Z","etag":null,"topics":["debug","lldb","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/4ch12dy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-21T04:55:59.000Z","updated_at":"2024-08-02T09:01:23.000Z","dependencies_parsed_at":"2022-07-14T10:48:39.949Z","dependency_job_id":null,"html_url":"https://github.com/4ch12dy/xia0LLDB","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ch12dy%2Fxia0LLDB","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ch12dy%2Fxia0LLDB/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ch12dy%2Fxia0LLDB/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ch12dy%2Fxia0LLDB/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/4ch12dy","download_url":"https://codeload.github.com/4ch12dy/xia0LLDB/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755091,"owners_count":17519197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debug","lldb","reverse-engineering"],"created_at":"2024-08-04T17:02:23.852Z","updated_at":"2024-11-21T15:31:24.534Z","avatar_url":"https://github.com/4ch12dy.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"# xia0LLDB 😈\n\n```\n\n           https://github.com/4ch12dy/xia0LLDB\n          Welcome to xia0LLDB - Python3 Edition\n          ,--.          ,--.  ,--.   ,--.   ,------.  ,-----.   \n,--.  ,--.`--' ,--,--. /    \\ |  |   |  |   |  .-.  \\ |  |) /_  \n \\  `'  / ,--.' ,-.  ||  ()  ||  |   |  |   |  |  \\  :|  .-.  \\ \n /  /.  \\ |  |\\ '-'  | \\    / |  '--.|  '--.|  '--'  /|  '--' /  \n'--'  '--'`--' `--`--'  `--'  `-----'`-----'`-------' `------'   \n\n[xia0LLDB] * Version: v3.1\n[xia0LLDB] + Loading all scripts from ~/xia0/iOSRE/LLDB/xia0LLDB\n[xia0LLDB] * Finished\n```\n\n## Notice(^_\u003c)\n\n~~There is a problem that lldb import xia0LLDB  in last macOS Catalina, because the last macOS's lldb default use python3. Here is a way to change it to python2~~\n\n~~`defaults write com.apple.dt.lldb DefaultPythonVersion 2`~~\n\n**Welcome to xia0LLDB - Python3 Edition**\n\n**Thanks [@Lakr](https://twitter.com/Lakr233) so much for porting it to Python3 !**\n\n## Install \n\nJust open Terminal and run below command\n\n`git clone https://github.com/4ch12dy/xia0LLDB.git \u0026\u0026 cd xia0LLDB \u0026\u0026 ./install.sh` \n\n#### It highly recommend you to install [issh](https://github.com/4ch12dy/issh)/[Tap2debug](https://github.com/4ch12dy/Tap2Debug) \n\n#### Happy debugging ✔️\n\n## Commands\n\n### alias\n\n Below is cmds just use alias in cmd.txt\n\n- mload [dylib_in_the_iphone_device_path]\n\n  Load a dylib into current process\n\n- rr\n\n  Fast show some important regiters \n\n- pwindow\n\n  Print current key windown\n\n- xi [code_address]\n\n  just show address disassmble +/- 8\n\n- dfuc [addr_of_func]\n\n  show function all disassemble by given address\n\n- pclass [oc_object]\n\n  print oc object class name\n\n- pbcopy\n\n  get string from iOS device pasteboard\n\n- pbpaste [string]\n\n  paste string to iOS device pasteboard\n\n- data [object_of_NSData]\n\n  print NSData object\n\n- pcc\n\n  It is just alias of  `process connect connect://127.0.0.1:1234`\n\n- wpc\n\n  write pc register to control exe process\n\n### croc\n\n👉👉👉 go to the env that can run oc script. This cmd is always used when backboard debug luanch app, debuger just attch on.The point  is between  app code not execute  and can run lldb commands.So try use it  when backboard debug luanch app.\n\n### ivars\n\nprint all ivars of OC object (iOS Only) and **macOS version will come soon!**\n\n```\n(lldb) ivars 0x2835c4d00\n\u003cCContactMgr: 0x2835c4d00\u003e:\nin CContactMgr:\n\tm_oLock (NSRecursiveLock*): \u003cNSRecursiveLock: 0x2830aaca0\u003e\n\tm_uiLoadedType (unsigned int): 0\n\tm_oContactDB (CContactDB*): \u003cCContactDB: 0x2819b07e0\u003e\n\tm_oNewContactDB (NewContactDB*): \u003cNewContactDB: 0x28156b7e0\u003e\n\tm_oContactOPLog (CContactOPLog*): \u003cCContactOPLog: 0x2819b07f0\u003e\n\tm_openImContactMgr (OpenImContactMgr*): \u003cOpenImContactMgr: 0x281bc07a0\u003e\n\tm_dicRemark (NSMutableDictionary*): \u003c__NSDictionaryM: 0x281bc0a00\u003e\n\tm_dicLastAccessTime (NSMutableDictionary*): \u003c__NSDictionaryM: 0x281bc0a60\u003e\n\tm_dicContacts (NSMutableDictionary*): \u003c__NSDictionaryM: 0x281bc09e0\u003e\n...\n```\n\n### methods\n\nprint all methods of OC object (iOS Only)  and **macOS version will come soon!**\n\n**if the objc class name contains space like \" m\" or other odd characters. you can use \"methods -n the_odd_class_name.\"**\n\n```\n(lldb) methods CContactMgr\n\u003cCContactMgr: 0x1071caa28\u003e:\nin CContactMgr:\n\tProperties:\n\t\t@property (readonly) unsigned long hash;\n\t\t@property (readonly) Class superclass;\n\t\t@property (readonly, copy) NSString* description;\n\t\t@property (readonly, copy) NSString* debugDescription;\n\tInstance Methods:\n\t\t- (void) MessageReturn:(id)arg1 Event:(unsigned int)arg2; (0x1005cb338)\n\t\t- (id) getContactByName:(id)arg1; (0x1000f4e74)\n\t\t- (void) OnGetNewXmlMsg:(id)arg1 Type:(id)arg2 MsgWrap:(id)arg3; (0x1001de380)\n\t\t- (void) onServiceReloadData; (0x102d10934)\n...\n\n(lldb) methods -n \" m\"\n[*] will get methods for class:\" m\"\n\u003c m: 0x10d6f86f0\u003e:\nin  m:\n\tProperties:\n\t\t@property (retain, nonatomic)  N*  kManager;  (@synthesize  kManager = _configManager;)\n\t\t@property (retain, nonatomic)  h* payloadStore;  (@synthesize payloadStore = _payloadStore;)\n\t\t@property (retain, nonatomic)  5* sensorAgent;  (@synthesize sensorAgent = _sensorAgent;)\n\t\t@property (retain, nonatomic) NSObject\u003cOS_dispatch_queue\u003e* scriptMsgQueue;  (@synthesize scriptMsgQueue = _scriptMsgQueue;)\n  ...\n\tInstance Methods:\n\t\t- (void) setConfigManager:(id)arg1; (0x10d65b68c)\n\t\t- (void) setSensorAgent:(id)arg1; (0x10d5c86d0)\n\t\t- (void)  lb; (0x10d60aa04)\n\t\t- (void) setKernelCode:(id)arg1; (0x10d6d9330)\n\t\t- (void) setIsBaseKernel:(BOOL)arg1; (0x10d606168)\n  ...\n```\n\n### freshxlldb\n\nRe import xia0LLDB from lldbinit\n\n### sbt [2018/08/04]\n\nthe replacement of `bt` , it can restore frame OC symbol on stackframe. if you want to restore block symbol, you can use the ida python script provided to get block symbol json file. then input `sbt -f  block_json_file_path`  in lldb. Beside it can show more infomation: mem address, file address\n\n```\n// also you can spcail -f block_json_file to restore block symbol\n(lldb) sbt\n==========================================xia0LLDB=========================================\n  BlockSymbolFile    Not Set The Block Symbol Json File, Try 'sbt -f'\n===========================================================================================\n  frame #0: [file:0x100009740 mem:0x100fb1740] WeChat`-[MMServiceCenter getService:] + 0\n  frame #1: [file:0x100017cd4 mem:0x100fbfcd4] WeChat`+[SettingUtil getMainSetting] + 88\n  frame #2: [file:0x10004eef0 mem:0x100ff6ef0] WeChat`-[CDownloadVoiceMgr TimerCheckDownloadQueue] + 44\n  frame #3: [file:0x1800a3604 mem:0x1ccb33604] libobjc.A.dylib`-[NSObject performSelector:withObject:] + 68 \n  frame #4: [file:0x10002e92c mem:0x100fd692c] WeChat`-[MMNoRetainTimerTarget onNoRetainTimer:] + 84\n  frame #5: [file:0x1819750bc mem:0x1ce4050bc] Foundation`__NSFireTimer + 88 \n  frame #6: [file:0x180e3d0a4 mem:0x1cd8cd0a4] CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32 \n  frame #7: [file:0x180e3cdd0 mem:0x1cd8ccdd0] CoreFoundation`__CFRunLoopDoTimer + 884 \n  frame #8: [file:0x180e3c5c4 mem:0x1cd8cc5c4] CoreFoundation`__CFRunLoopDoTimers + 252 \n  frame #9: [file:0x180e37284 mem:0x1cd8c7284] CoreFoundation`__CFRunLoopRun + 1832 \n  frame #10: [file:0x180e36844 mem:0x1cd8c6844] CoreFoundation`CFRunLoopRunSpecific + 452 \n  frame #11: [file:0x1830e5be8 mem:0x1cfb75be8] GraphicsServices`GSEventRunModal + 104 \n  frame #12: [file:0x1ae78431c mem:0x1fb21431c] UIKitCore`UIApplicationMain + 216 \n  frame #13: [file:0x10022ee88 mem:0x1011d6e88] WeChat`main + 556\n  frame #14: [file:0x1808ec020 mem:0x1cd37c020] libdyld.dylib`start + 4 \n```\n\n### choose [2019/07/21]\n\nget instance object of given class name, a lldb version of cycript's choose command\n\n```\n(lldb) choose CContactMgr\n====\u003exia0LLDB NSArray Address: 0x2815a8540\tsize: 0x1\n|  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | \nV  V  V  V  V  V  V  V  V  V  V  V  V  V  V  V  V  V  V  V \n======\u003exia0LLDB Object Address: 0x2835c4d00\n\u003cCContactMgr: 0x2835c4d00\u003e\n```\n\n### xbr [2019/08/11]\n\nxia0 super set breakpoint command:set breakpoint at OC class method although strip symbol and so on\n\n```\n// set breakpoint at oc methold even symbol stripped\n(lldb) xbr \"-[MMServiceCenter getService:]\"\n[*] className:MMServiceCenter methodName:getService:\n[+] found class address:0x10803d208\n[+] found selector address:0x106425b4c\n[+] found method address:0x100fb1740\nBreakpoint 1: where = WeChat`___lldb_unnamed_symbol50$$WeChat, address = 0x0000000100fb1740\n\n// set breakpoint at address of ida, auto add slide\n(lldb) xbr 0x100009740\n[*] you not specail the module, default is main module\n[*] ida's address:0x100009740 main module slide:0xfa8000 target breakpoint address:0x100fb1740\nBreakpoint 3: where = WeChat`___lldb_unnamed_symbol50$$WeChat, address = 0x0000000100fb1740\n\n// set breakpoint at memory address\n(lldb) xbr -a 0x100fb1740\n[*] breakpoint at address:0x100fb1740\nBreakpoint 4: where = WeChat`___lldb_unnamed_symbol50$$WeChat, address = 0x0000000100fb1740\n\n// set breakpoint at main function\n(lldb) xbr -E main\n[*] breakpoint at main function:0x1011d6c5c\nBreakpoint 5: where = WeChat`___lldb_unnamed_symbol7390$$WeChat, address = 0x00000001011d6c5c\n\n// set breakpoint at first mod_init function\n(lldb) xbr -E init\n[*] breakpoint at mod int first function:0x1044553dc\nBreakpoint 6: where = WeChat`___lldb_unnamed_symbol143513$$WeChat, address = 0x00000001044553dc\n\n//  set breakpoint at adresses of all methods of given class name\n(lldb) xbr UPLivePlayerVC\nBreakpoint 1: where = TestPaly`-[UPLivePlayerVC progressSliderSeekTime:] at UPLivePlayerVC.m:205, address = 0x0000000102dc134c\nBreakpoint 2: where = TestPaly`-[UPLivePlayerVC progressSliderTouchDown:] at UPLivePlayerVC.m:197, address = 0x0000000102dc1184\nBreakpoint 3: where = TestPaly`-[UPLivePlayerVC progressSliderValueChanged:] at UPLivePlayerVC.m:201, address = 0x0000000102dc11ec\n...\nBreakpoint 45: where = TestPaly`-[UPLivePlayerVC setUrl:] at UPLivePlayerVC.h:13, address = 0x0000000102dc2990\nBreakpoint 46: where = TestPaly`-[UPLivePlayerVC play] at UPLivePlayerVC.m:124, address = 0x0000000102dbfd84\nBreakpoint 47: where = TestPaly`-[UPLivePlayerVC pause] at UPLivePlayerVC.m:132, address = 0x0000000102dbfe1c\nSet 47 breakpoints of UPLivePlayerVC\n\n// set breakpoint at all +[* load] methods\n(lldb) xbr -E load\n[*] will set breakpoint at all +[* load] methold, count:2\nBreakpoint 2: where = TestAPP`+[OCTest load] at OCTest.m:19, address = 0x00000001042df674\n[+] set br at:0x1042df674\nBreakpoint 3: where = TestAPP`+[OCClassDemo load] at OCClassDemo.m:19, address = 0x000000010430272c\n[+] set br at:0x10430272c\n```\n\n### debugme [2019/08/13]\n\nbypass anti-debug: can hook ptrace and inlinehook svc to kill anti debug. it is so strong ever!!!\n\n```\n[*] start patch ptrace funtion to bypass antiDebug\n[+] success ptrace funtion to bypass antiDebug\n[*] start patch svc ins to bypass antiDebug\n[+] get text segment start address:0x100017430 and end address:0x10001a398\n[+] found svc address:0x100017528\n[*] start hook svc at address:0x100017528\n[+] success hook svc at address:0x100017528\n[+] found svc address:0x100017540\n[*] start hook svc at address:0x100017540\n[+] success hook svc at address:0x100017540\n[*] all patch done\n[x] happy debugging~ kill antiDebug by xia0@2019\n```\n\n### info [2019/08/20]\n\nvery useful command to get info of address/function/module and so on\n\n```\n// get info of image\n(lldb) info -m WeChat\n=======\nModule Path : /var/containers/Bundle/Application/747A9704-6252-45A9-AE55-59690DAD60BB/WeChat.app/WeChat\nModule Silde: 0x7d4000\nModule base : 0x1007d4000\n=======\n\n// get info of address of function\n(lldb) info -a 0x00000001cd4ca3b8\nModule Path: /usr/lib/system/libsystem_kernel.dylib\nModule base: 0x1cd4a8000\nSymbol name: __getpid\nSymbol addr: 0x1cd4ca3b8\n\n// get info of function\n(lldb) info -f getpid\nFunc   name: getpid\nFunc   addr: 0x1cd4ca3b8\nModule Path: /usr/lib/system/libsystem_kernel.dylib\nModule base: 0x1cd4a8000\nSymbol name: __getpid\nSymbol addr: 0x1cd4ca3b8\n```\n\n### dumpdecrypted [2019/09/22]\n\ndump macho image in lldb, default dump all macho image.\n\n👇👇👇 very important!!!\n\n**Notice: if app crash at launch like detect jailbreak, you should use -x backboard launch app, and just input `dumpdecrypted -X` see more: [http://4ch12dy.site/2020/02/26/lldb-how-to-dump-gracefully/lldb-how-to-dump-gracefully/](http://4ch12dy.site/2020/02/26/lldb-how-to-dump-gracefully/lldb-how-to-dump-gracefully/)** \n\n```\n(lldb) dumpdecrypted\n[*] start dump image:/var/containers/Bundle/Application/701B4574-1606-41F3-B0DB-92D34F92E886/com_kwai_gif.app/com_kwai_gif\n\n[+] Dumping com_kwai_gif\n[+] detected 64bit ARM binary in memory.\n[+] offset to cryptid found: @0x100014980(from 0x100014000) = 980\n[+] Found encrypted data at address 00004000 of length 16384 bytes - type 1.\n[+] Opening /private/var/containers/Bundle/Application/701B4574-1606-41F3-B0DB-92D34F92E886/com_kwai_gif.app/com_kwai_gif for reading.\n[+] Reading header\n[+] Detecting header type\n[+] Executable is a plain MACH-O image\n[+] Opening /var/mobile/Containers/Data/Application/23C75F90-C42D-4F43-83D9-5DCCA36FE2D5/Documents/com_kwai_gif.decrypted for writing.\n[+] Copying the not encrypted start of the file\n[+] Dumping the decrypted data into the file\n[+] Copying the not encrypted remainder of the file\n[+] Setting the LC_ENCRYPTION_INFO-\u003ecryptid to 0 at offset 980\n[+] Closing original file\n[+] Closing dump file\n[*] This mach-o file decrypted done.\n[+] dump macho file at:/var/mobile/Containers/Data/Application/23C75F90-C42D-4F43-83D9-5DCCA36FE2D5/Documents/com_kwai_gif.decrypted\n\n\n[*] start dump image:/private/var/containers/Bundle/Application/701B4574-1606-41F3-B0DB-92D34F92E886/com_kwai_gif.app/Frameworks/gifIMFramework.framework/gifIMFramework\n\n[+] Dumping gifIMFramework\n[+] detected 64bit ARM binary in memory.\n[+] offset to cryptid found: @0x100064bd0(from 0x100064000) = bd0\n[+] Found encrypted data at address 00004000 of length 2752512 bytes - type 1.\n[+] Opening /private/var/containers/Bundle/Application/701B4574-1606-41F3-B0DB-92D34F92E886/com_kwai_gif.app/Frameworks/gifIMFramework.framework/gifIMFramework for reading.\n[+] Reading header\n[+] Detecting header type\n[+] Executable is a plain MACH-O image\n[+] Opening /var/mobile/Containers/Data/Application/23C75F90-C42D-4F43-83D9-5DCCA36FE2D5/Documents/gifIMFramework.decrypted for writing.\n[+] Copying the not encrypted start of the file\n[+] Dumping the decrypted data into the file\n[+] Copying the not encrypted remainder of the file\n[+] Setting the LC_ENCRYPTION_INFO-\u003ecryptid to 0 at offset bd0\n[+] Closing original file\n[+] Closing dump file\n[*] This mach-o file decrypted done.\n[+] dump macho file at:/var/mobile/Containers/Data/Application/23C75F90-C42D-4F43-83D9-5DCCA36FE2D5/Documents/gifIMFramework.decrypted\n\n...\n[*] Developed By xia0@2019\n```\n\n### patcher [2019/10/17] \n\nruntime patch instrument in lldb\n\n```\n// -a patch_address -i patch_instrument{nop/ret/mov0/mov1} -s instrument_count\n(lldb) patcher -a 0x0000000100233a18 -i nop -s 8\n[*] start patch text at address:0x100233a18 size:8 to ins:\"nop\" and data:0x1f, 0x20, 0x03, 0xd5 \n[*] make ins data:\n{0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 ,0x1f, 0x20, 0x03, 0xd5 }\n[+] patch done\n[x] power by xia0@2019\n(lldb) x/12i 0x0000000100233a18\n    0x100233a18: 0xd503201f   nop    \n    0x100233a1c: 0xd503201f   nop    \n    0x100233a20: 0xd503201f   nop    \n    0x100233a24: 0xd503201f   nop    \n    0x100233a28: 0xd503201f   nop    \n    0x100233a2c: 0xd503201f   nop    \n    0x100233a30: 0xd503201f   nop    \n    0x100233a34: 0xd503201f   nop    \n    0x100233a38: 0xf941ac14   ldr    x20, [x0, #0x358]\n    0x100233a3c: 0xf9419c15   ldr    x21, [x0, #0x338]\n    0x100233a40: 0xf941a400   ldr    x0, [x0, #0x348]\n    0x100233a44: 0xf9400008   ldr    x8, [x0]\n    \n// 2019-10-27 update: -i option can receive raw instrument data like: \"{0x20, 0x00, 0x80, 0xd2}\"\n(lldb) patcher -a 0x183a40fd8 -i \"{0x20, 0x00, 0x80, 0xd2}\"\n[*] detect you manual set ins data:{0x20, 0x00, 0x80, 0xd2}\n[*] start patch text at address:0x183a40fd8 size:1 to ins data:{0x20, 0x00, 0x80, 0xd2}\n[x] power by xia0@2019\n(lldb) x/12i $pc\n-\u003e  0x183a40fd8: 0xd2800020   mov    x0, #0x1\n    0x183a40fdc: 0x928003f0   mov    x16, #-0x20\n    0x183a40fe0: 0xd4001001   svc    #0x80\n    0x183a40fe4: 0xd65f03c0   ret    \n    0x183a40fe8: 0x92800410   mov    x16, #-0x21\n    0x183a40fec: 0xd4001001   svc    #0x80\n    0x183a40ff0: 0xd65f03c0   ret    \n    0x183a40ff4: 0x92800430   mov    x16, #-0x22\n    0x183a40ff8: 0xd4001001   svc    #0x80\n    0x183a40ffc: 0xd65f03c0   ret    \n    0x183a41000: 0x92800450   mov    x16, #-0x23\n    0x183a41004: 0xd4001001   svc    #0x80\n```\n\n\n\n## TODO\n\n- Anti-anti-debug：bypass anti debug in lldb （done at 2019/09/11）\n- OCHOOK：hook ObjectC function in lldb\n- NetworkLog：minitor network info\n- UI Debug：some useful command for UI debug\n- xbr: set breakpoint at address of methods of class（done at 2019/08/11）\n- traceOC: trace ObjectC call by inlinehook msg_send stub code\n- ...\n\n## Update\n\n- [2019/07/04] Update for **sbt -x / xutil**  :  xutil cmd and sbt -x to disable color output in Xcode\n\n- [2019/07/21] Update for  **choose**  : lldb's choose command version of cycript's choose command\n\n- [2019/08/07] Fix critical bugs in **choose**  : Fix critical bugs\n\n- [2019/08/11] Update for **xbr** : `xbr className` can set breakpoint at adresses of all methods of class\n\n- [2019/08/13] New **debugme**: kill anti debug in lldb\n\n- [2019/08/20] New **info**:  get info of address/function/module and so on\n\n- [2019/09/11] **debugme** update: hook ptrace and inlinehook svc ins done.\n\n- [2019/09/22] new **dumpdecrypted**: dump macho image in lldb\n\n- [2019/09/27] **dumpdecrypted** update: can dump all image in app dir \n\n- [2019/10/17] new  **patcher** :runtime patch instrument in lldb\n\n- [2022/04/18] add xivars/xmethods/xprotocol to enable dump class when ivars/methods not support like in macOS or iOS system process.\n  \n\n## Document\n\n- [About_this_project](http://4ch12dy.site/2018/10/03/xia0LLDB/xia0LLDB/)\n- [sbt command for frida](http://4ch12dy.site/2019/07/02/xia0CallStackSymbols/xia0CallStackSymbols/)\n\n## Credits\n\n- [http://blog.imjun.net/posts/restore-symbol-of-iOS-app/](http://blog.imjun.net/posts/restore-symbol-of-iOS-app/) thanks to the ida_block_json.py script\n\n- https://github.com/DerekSelander/LLDB Special thanks to DerekSelander's LLDB provide the code framework\n\n- [https://lldb.llvm.org/tutorial.html](https://lldb.llvm.org/tutorial.html) \n\n- https://github.com/hankbao/Cycript/blob/bb99d698a27487af679f8c04c334d4ea840aea7a/ObjectiveC/Library.mm choose command in cycript\n\n- https://opensource.apple.com/source/lldb/lldb-179.1/examples/darwin/heap_find/heap.py.auto.html\n\n  Apple lldb opensource about heap\n\n- [https://blog.0xbbc.com/2015/07/%e6%8a%bd%e7%a6%bbcycript%e7%9a%84choose%e5%8a%9f%e8%83%bd/](https://blog.0xbbc.com/2015/07/抽离cycript的choose功能/) \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ch12dy%2Fxia0LLDB","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F4ch12dy%2Fxia0LLDB","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ch12dy%2Fxia0LLDB/lists"}