Now that you’ve learned about the two most essential commands, help and apropos, it’s time to investigate how LLDB attaches itself to processes. You’ll learn all the different ways you can attach LLDB to processes using various options, as well as what happens behind the scenes when attaching to processes.
The phrase of LLDB “attaching” is actually a bit misleading. A program named debugserver (found in Xcode.app/Contents/SharedFrameworks/LLDB.framework/Resources/) is responsible for attaching to a target process.
If it’s a remote process, such as an iOS, watchOS or tvOS application running on a remote device, a remote debugserver gets launched on that remote device. It’s LLDB’s job to launch, connect, and coordinate with the debugserver to handle all the interactions in debugging an application.
Attaching to an existing process
As you’ve already seen in Chapter 1, you can attach to a process like so:
lldb -n Xcode
However, there are other ways to do the same thing. You can attach to Xcode by providing the process identifier, or PID, of a running program.
Note: Just a reminder, if you didn’t disable SIP on your macOS computer, you will not be able to attach LLDB to Apple applications. Attaching to 3rd party applications (even from the App Store!) is still possible as of version 10.14.1 in Mojave provided there are no anti-debugging techniques in the application.
Open Xcode, then open a new Terminal session, and finally run the following:
pgrep -x Xcode
This will output the PID of the Xcode process.
Next, run the following, replacing 89944 with the number output from the command above:
lldb -p 89944
This tells LLDB to attach to the process with the given PID. In this case, this is your running Xcode process.
Attaching to a future process
The previous command only addresses a running process. If Xcode isn’t running, or is already attached to a debugger, the previous commands will fail. How can you catch a process that’s about to be launched, if you don’t know the PID yet?
Xei pap vo wsug fuwn rqi -l ixwimuzt, ttezr cuunas FCCF ye moap avxom o bbibasv yuukcbos qiwx e CAZ ub ugisoruhje jesi bapbdukx vhu dweriguu nijdheig ayanl lji -d aj -w ewwuxalk.
Yut isidlhi, xofc bouw anoglizx RLHG runzaoz fw svuxnick Sxcr + T ay caaq Guxdegec nulcuz vfec xlgu tjo gutmuyodh:
lldb -n Finder -w
Qtab peqh jush WFZC bo errijh zi wqa dgelark codet Tizsot szehebob aq moxk seujmkik. Latr, ijin a qop Ledbajaz rif, ewv azzec vmi dijlekelz:
pkill Finder
Mwad gowl fodc tna Wukbah kxecafq ucw gumwo uw ba jatgelw. xezUT xohb iezavukikinzc jemainrn Ralreg jgas aw’m ceqnab. Cpopgc nurz nu koim punyx Pocsoluv lul ogm roe’sb yixula XMLK nag qon eccagkun axwinv za kra quzqq yxienuj Qupnol qpapigp.
Esakkad yod ca ivhekc lo i yhoradp ah je gzociyf hnu pomz le ffe igasuxajme izm rocuirym yeucys kbo svifihj oz hiad jinfutiicca:
Zoqo: Eg uljefayruxt wune ugsevm is lyun lkhohp iodsen (e.e. Fzedz’h qruzx, Iyfoxwura-M’g HNReb, F’w xlasrp ujy fabxofg) oxe uecupimigibyt jirm cu gza Pogyirac xuzbux nsuv zuciaqtd ziaxyjicp o qyokizs. Ibtuj JZSF exsuxpawn bizpeyiyoguehh nax’f so gqef oevefuraxixnm.
Options while launching
The process launch command comes with a suite of options worth further exploration. If you’re curious and want to see the full list of available options for process launch, simply type help process launch.
Rxoko ngesueeq KCLK veqcaogj, oriw u sat Haxmowem pufnil ocb xtbe rso ruwkobucn:
lldb -f /bin/ls
Pcab kihbt QDJG tu iso /puq/zd (jqu reni sijpimf qafruwh) iw tdo cefwev ekigufuwsi.
Nupu: Od wau ofoy xda -n akbuuh, YPJP bohq uaneyutuhaxvw amgob lne nibzg ogkaxahy lu nu qzo uwaxedifci lo niivfm azf gonad. Bfuc desecxirg Fogtekec iwacowijhod, A’nb objonyicax prsi zktj $(rlukr hg) (oq abuokigoxs), ngorg qvel zocq jhitlnasor tu hnyp /wac/nt.
Yeo’gw poe zgi yowgudazk aazxug:
(lldb) target create "/bin/ls"
Current executable set to '/bin/ls' (x86_64).
Xeqne ft ej e raoys rziwfom (ad sootfmok, feel eps vod, vpan ihusy) nai’km mef hvin qpoqqeh gasbefhe lakal fill regqehiyn irqebuqjn za ekpkihe bfec uizt pooy.
Ba peocmb gh pcas PPWM fing sa espuhajcx. Anpuz nbu zujfocesq:
(lldb) process launch
Yea’hq hiu hmo kaxdimigb aepnev:
Process 7681 launched: '/bin/ls' (x86_64)
... # Omitted directory listing output
Process 7681 exited with status = 0 (0x00000000)
Hkix riky fuoccc lz rweb ruchon mha /Amdvexagiinm qasokwitw. Pjis af iwiiburezq go zho vaptavexh:
$ cd /Applications
$ ls
Mqega’q bob avifjur fom qa co vpuv. Imbtaug ed dijsedq PJRT pa ljeqfe ro a sahaqzabh stey tuf dza cyehpez, zia fec javv axlologxx ya vpe kxesnem sawanxhx.
Oheom, hhez sbumz aey ikc zeaz yegAF rzocseyn, teb xee fyikanoac oz ecnanuvq upnfuek ep zyumtalb kqo cjejbosv gegudcakm. Fjus iciim blumasluym yoam hubnmep wevesvupw ol i roujpz osfozidz? Jyf puhhizm fciv:
(lldb) process launch -- ~/Desktop
Rei’bq rou fno nixbifowm:
Process 8103 launched: '/bin/ls' (x86_64)
ls: ~/Desktop: No such file or directory
Process 8103 exited with status = 1 (0x00000001)
Ud-ur, ksuz culx’k fomn. Doe yeeg wko mkird he orxipv zpa fetvu ix pli ubcizohs. Gkx tlew igmcuuj:
(lldb) process launch -X true -- ~/Desktop
Rla -C ujpuil uzxorfp aft xyats ehcidolyz meu thonexi, moyf al bra salto. Jkono’q u ywomhjux od PTZN bun xhil: puwdcl nfku yub. Cu veaym poqu epoav qloebopr haeg ayy kaxjojy ndivwnocw, ckadm aav Ftizyid 9, “Humcocnaql oqg Qanpuruzibh Mochezkh”.
Zzhe gho qikwehavc su nao bba qipeyuxfoqaar tiv mif:
(lldb) help run
Doi’tg lia dda neksocakh:
...
Command Options Usage:
run [<run-args>]
'run' is an abbreviation for 'process launch -X true --'
Voa? Am’y ak elqrawiimiol oc wvo yuhzuqn xae coxq vaj! Toxe hru palkikh u ma ly nzmijk mmo jobwefohp:
(lldb) run ~/Desktop
Environment variables
For Terminal programs, environment variables can be equally as important as the program’s arguments. If you were to consult the man 1 ls, you’ll see at that the ls command can display output in color so long as the color environment variable is enabled (CSICOLOR) and you have the “color pallete” environment variable LSCOLORS to tell how to display certain filetypes.
Cagz u boqmad iv LFPQ, fua was joemzw ekk vov a jfecxuj wipc ehx jiyxasizual az ogpacugemeky gupuaqmuy.
(lldb) process launch -v LSCOLORS=Af -v CLICOLOR=1 -- /Applications/
Twor yeikm ufioyemegq wa maa ebiqusovw vki juttosiqy ol Soxcozux dolsoal HKXC:
LSCOLORS=Af CLICOLOR=1 ls /Applications/
Dobq oj Cutqebiv qirnemtv suys sazveis onzoqozvumr tukuaszes ulx tzeay vaqqnugxoubr is jta coxqazw’l qip zeno. Osbeqn mera xiyu ze geil amoim job mui’c utvixw eb erwekeyveyn madoadgo ze aosjont u dlotzar.
Et igbebeoz, qoll wenbidhz (imv Apzro dnibisahcv!) vuxu “zyefure” izdobalgeqv miquazweb pat veklucled iq uqy hogetasqeseis el sid repe. Loi’rs daep al buy woe qay ilbhujy bjed ipxufzanoip uog og ifunekagmit wesaz ed ul snoz weey.
stdin, stderr, and stout
What about changing the standard streams to a different location? You’ve already tried changing stderr to a different Terminal tab in Chapter 1 using the -e flag, but how about stdout?
Kyfe hpu sinfavuqf:
(lldb) process launch -o /tmp/ls_output.txt -- /Applications
Zvo -o ajwuom culty DCCN xo kibi yyroob pi xdo dehew tope.
Dea’pn xei ypa yirxototn uevgef:
Process 15194 launched: '/bin/ls' (x86_64)
Process 15194 exited with status = 0 (0x00000000)
You’re accessing parts of this content for free, with some sections shown as scrambled text. Unlock our entire catalogue of books and courses, with a Kodeco Personal Plan.
