There are many methods to analyze the crash log in Mac OS. Here we do not want to explain how to analyze the crash log, mainly to show the usage of Hopper. The powerful Ida may already be known, but its Mac OS version has brought us back to the DOS era. Fortunately, Mac OS has a small alternative: Hopper, which basically meets the need for disassembly at work, including pseudoCodeAnd control flow graph, which supports arm instruction sets and optimizes objective-C.
Open the symbol list on the left.ProgramYou can use the read executable on the far right of the toolbar to open the executable program analysis ):
The following uses crash log as an example to describe how to use Hopper.
The following crash log can be obtained when an application uses assert to collapse the application:
Crash log
Thread 0 crashed: Dispatch queue: COM. Apple. Main-Thread
0 libsystem_kernel.dylib 0x981fd9c6 _ pthread_kill + 10
1 libsystem_c.dylib 0x99692f78 pthread_kill + 106
2. libsystem_sim_c.dylib 0x01e5a57b abort + 140
3 libsystem_sim_c.dylib 0x01e3c286 _ assert_rtn + 267
4 blogcounter 0x000033c9
5 blogcounter 0x00003362
Open hopper and find the menu navigate-> go to address or symbol.
Enter 33c9 in the dialog box, And the hopper will jump to the program crash location.
Generate a pseudo code
Too short! AndSource codeRatio:
Obviously, the compiler has been optimized. Because assert (0) is stable and collapsed, the following code is not generated.
You can change assert
Assert(Urlstring =Nil);
When you try again, the location of the crash has changed (Mac OS has a technology where the address of the program and library during loading is dynamically determined ). Let's look at the new Code and control flow diagram (CFG ):
CFG:
Official Website: Www.baiperapp.com
It uses the disassembly engine:
Http://www.beaengine.org/
Reprinted please indicate the source: http://blog.csdn.net/horkychen