-
- | run (r)
- |
- Starting execution, which will continue unabated until a breakpoint is
- hit or the process terminates. |
-
-
- | continue (c)
- |
- Continue execution of the debugged process. |
-
-
- | nexti (n)
- |
- Execute the next instruction. This command will skip over function calls. |
-
-
- | stepi (s)
- |
- Execute the next instruction. Unlike the nexti command, this command will
- step into function calls. |
-
-
- | finish (f)
- |
- Execute the rest of the instructions in the current function (“frame”)
- return and halt. |
-
-
- | control + c
- |
- Pause execution. If the process has been run (r) or continued (c), this
- will cause the process to halt ...wherever it is currently executing. |
-
-
- | breakpoint (b)
- |
-
- b main
- b -[NSDictionary objectForKey:]
- b 0x0000000100004bd9
- br l #Breakpoint list
- br e/dis <num> #Enable/Disable breakpoint
- breakpoint delete <num>
- |
-
-
- | help
- |
-
- help breakpoint #Get help of breakpoint command
- help memory write #Get help to write into the memory
- |
-
-
- | reg
- |
-
- reg read $rax
- reg write $rip 0x100035cc0
- |
-
-
- | x/s <reg/memory address>
- |
- Display the memory as a null-terminated string. |
-
-
- | x/i <reg/memory address>
- |
- Display the memory as assembly instruction. |
-
-
- | x/b <reg/memory address>
- |
- Display the memory as byte. |
-
-
- | print object (po)
- |
-
- This will print the object referenced by the param
- po $raw
- {
-
- dnsChanger = {
-
- "affiliate" = "";
-
- "blacklist_dns" = ();
-
- Note that most of Apple’s Objective-C APIs or methods return objects,
- and thus should be displayed via the “print object” (po)
- command. If po doesn't produce a meaningful output use x/b
-
-
- |
-
-
- | memory write
- |
- memory write 0x100600000 -s 4 0x41414141 #Write AAAA in that address |
-
-
-