查看设备日志tail -f /var/log/syslog
或者Mobilesubstrate injects your dylib into the target process. Debugging the target process using GDB or LLDB is also debugging your extension code. I will show you how to debug Mobilesubstrate extension using GDB. Here is simple Mobilesubstrate/Logos extension:
%hook SBApplicationController
-(void)uninstallApplication:(id)application {
int i = 5;
i = i +7;
NSLog(@"Hey, we're hooking uninstallApplication: and number: %d", i);
%orig; // Call the original implementation of this method
return;
}
%endI compile and install the code, and then attaching gdb to it:
yaron-shanis-iPhone:~ root# ps aux | grep -i springboard
mobile 396 1.6 4.3 423920 21988 ?? Ss 2:19AM 0:05.23 /System/Library/CoreServices/SpringBoard.app/SpringBoard
root 488 0.0 0.1 273024 364 s000 S+ 2:22AM 0:00.01 grep -i springboard
yaron-shanis-iPhone:~ root# gdb -p 488You can find your Mobilesubstrate extension with the command:
(gdb) info sharedlibrary This command print a list of loaded modules, find your extension:
test-debug-substrate.dylib - 0x172c000 dyld Y Y /Library/MobileSubstrate/DynamicLibraries/test-debug-substrate.dylib at 0x172c000 (offset 0x172c000)You can also find the address of Logos uninstallApplication hook:
(gdb) info functions uninstallApplicationWhich outputs this:
0x0172cef0 _logos_method$_ungrouped$SBApplicationController$uninstallApplication$(SBApplicationController*, objc_selector*, objc_object*)You can debug your uninstallApplication hook function with breakpoints and other gdb features:
(gdb) b *0x0172cef0+36Where the offset 36 is the assembly opcode that adding of 7 to the i variable in uninstallApplication hook function. You can continue to debug your Mobilesubstrate extension from here as you wish.