Help/Support lldb live tracing an app, or an alternative?

infernusdoleo · December 18, 2015

In my continuing quest to figure out how this app works (so I can dismantle the hell out of it) I've found myself against a wall and need some more advice.

I need to figure out where the program goes when a button is pressed. I thought I had it figured out based on snooping the HTTPS traffic, but after a day of coding, it seems the HTTPS traffic happens AFTER what I'm trying to see happens.

So here's my problem.

I press a button. Shit happens. The stuff I know to break on is after the button press, but before the known breakpoints.

Without being able to live trace the execution, I cannot break the program at the right spot. It's a sub_x program so I have no clue which function to break on without seeing it happen. The problem is if I break on the function that happens after - it's not in the stack. There's a loop, which if I break on it, keeps stopping. But it's a HUGE function. What I'm looking for happens in that function, but it's before something that happens later - it descends into it, does what I need to see, returns back out, moves forward, then descends into what I can break on. That clears that other function from the stack.

Is there any way to live trace with lldb? I have access to every platform now - Windows, OS X, linux, iOS directly on the device.

Wish I could interrupt the process, press the button on the screen, then 's'tep into the function, but that doesn't work. Process needs to be running to pick up my click. But if it's running, it steps through the process too fast.

And the function that loops checking for the click is enormous - to manually check every subroutine would take a week.

Anyone? Any clue? Thanks.

Dannyyy · December 18, 2015

rjd3 · December 18, 2015

Shit bro, wish i knew, thats alittle to advanced for me... Goodluck

December 18, 2015

Tracepoints maybe? I've never worked with HTTPS traffic before

I don't know what the tracepoint command for LLDB is though

imp0ss1ble · December 18, 2015

maybe set a breakpoint on $PC... I dunno

Zork · December 18, 2015

"if I break on the function that happens after - it's not in the stack. There's a loop, which if I break on it, keeps stopping. But it's a HUGE function. What I'm looking for happens in that function, but it's before something that happens later - it descends into it"

sounds like a riddle Updated December 18, 2015 by Zork