前言
放一些在iOS开发中用来提高效率的脚本工具传送门
codeObfuscated改良版的代码混淆传送门aUtoReSiGn是使用企业签名来做ipa包的重签名传送门inject_with_jailbreaking用来在越狱设备中hook某些app做些调研什么的传送门class_dump对ipa文件进行头文件的导出传送门B&A&D构建,打包,并提交Itunesconnect上传dsym文件到svn以供后续Debug使用传送门isWKoUI检测app内的页面是WKWebview还是UIWebview传送门crashMe演示如何通过crash文件排查app崩溃的问题 传送门nextDay演示什么叫做永远没空研究系列传送门
codeObfuscated
本工具是用于混淆方法名和类名
- 改良这个脚本工具的初衷:因为项目中使用JSPatch的热修复功能,然后上架的时候被Apple拒绝了,然后就有了这个混淆的工具。如果你也需要混淆JSPatch那么你可以复用
obfuscation.list,本人已经通过审核了.
使用本脚本做完了混淆后,可以使用github上整理好的上的class_dump中的工具做.h文件的dump查看混淆的效果.
建议:理论上来说能混淆任意的字符串,但是出于实用性
obfuscation.list最好不要放置属性名,我只测试过函数名和类名的混淆,如果有兴趣对其他的字符串做混淆请自行测试。
该工具是由念茜的iOS安全攻防(二十三):Objective-C代码混淆为原型做了以下的修改
- 防止生成的随机数有可能重复的问题
防止每次编译程序的时候,
codeObfuscation.h文件都会发生变化而导致的每次编译都要很久的问题使用步骤:
- 将混淆脚本
obfuscated.sh和需要混淆的函数名/类名表obfuscation.list这2个文件放到工程的根目录下. - 重要的提示:如果是为了审核通过请不要将
obfuscation.list在项目中引用(reference),否则就会和我一样虽然混淆了但是obfuscation.list暴露出了一切还是会被Apple拒绝的,因为你将文件引用入工程会导致它在打包时会将该文件一起打包进去的. - 配置
Build Phase:在工程Build Phase中添加执行脚本操作,执行obfuscated.sh如图
- 在
obfuscation.list中写入需要混淆的方法名和类名,如:
@interface JPCore : NSObject //其中JPCore是需要混淆的类名
-(void)sample;
-(void)seg1:(NSString \*)string seg2:(NSUInteger)num;
就这样写:
JPCore
sample
seg1
seg2
- 脚本执行完了以后会生成一个
codeObfuscation.h头文件,将此头文件加入工程中并在XXX-Prefix.ch中import
#ifdef __OBJC__
#import <UIKit/UIKit.h>
#import <Foundation/Foundation.h>
//添加混淆作用的头文件(这个文件名是脚本obfuscated.sh中定义的)
#import "codeObfuscation.h"
#endif
aUtoReSiGn
1. 环境要求:
- OSX 10.8以上.
- Xcode8.0以上.
2. 使用方式:
- 直接在终端运行
aUtoReSiGn.sh. - 将要需要企业重签名的
ipa放入input文件夹中. - 企业重签名后的
ipa文件会自动放入output文件夹中. - 默认情况下重签名的是Distribution版的,如需重签名
Development版的请修改resign.config中的GET_TASK_ALLOW为true - 如若不需要自动重签名,请直接运行
resign.sh脚本
3. 重要的:
在使用该脚本前您需要确保做了以下几件事:
P.S.:请看完全文后再配置,后面附有文件的详细获取/修改步骤 Development和Distribution的区别在于Development的重签名是可以get-task-allow
3.1 Development配置
- 配置
Development的企业证书在本地的电脑中(钥匙串中) - 将您下载的
Development版的xx.mobileprovision放入resign目录中并重命名为EnterPrise_Development.mobileprovision,文件结构如下图文件结构所示 - 修改
resign中Entitlements/developer/Entitlements.plist的配置 - 在
resign.config文件中修改CODESIGN_IDENTITIES_DEV的值为您Development版的企业证书名字
3.1 Distribution配置
- 配置
Distribution的企业证书在本地的电脑中(钥匙串中) - 将您下载的
Distribution版的yy.mobileprovision放入resign目录中并重命名为EnterPrise_Distribution.mobileprovision,文件结构如下图文件结构所示 - 修改
resign中Entitlements/production/Entitlements.plist的配置 - 在
resign.config文件中修改CODESIGN_IDENTITIES的值为您Distribution版的企业证书名字
3.2 如何修改对应的Entitlements.plist
- 假设你的
teamID为:yourTeamID - 假设你的
application-identifier:为yourTeamID.com.xxx.xxx - 将
application-identifier中的yyyy.com.xxx.xxx改为yourTeamID.com.xxx.xxx - 将
keychain-access-groups的中的yyyy.*改为yourTeamID.*
如果看不懂上面说的是什么鬼.
Development配置
- 将
Entitlements/developer/Entitlements.plist中的application-identifier的值,改为EnterPrise_Development.mobileprovision文件中application-identifier中对应的值 - 将
Entitlements/developer/Entitlements.plist中的keychain-access-groups的值,改为EnterPrise_Development.mobileprovision文件中keychain-access-groups中对应的值
- 将
Distribution配置
- 将
Entitlements/production/Entitlements.plist中的application-identifier的值,改为EnterPrise_Distribution.mobileprovision文件中application-identifier中对应的值 - 将
Entitlements/production/Entitlements.plist中的keychain-access-groups的值,改为EnterPrise_Distribution.mobileprovision文件中keychain-access-groups中对应的值
- 将
3.3 如何获取对应的xx.mobileprovision
- Development
- 登陆你的企业开发者账号,选择
Provisioning Profiles下的Development下载Type为iOS Development的Provisioning Profiles文件(P.S.:没试过Type为iOS UniversalDistribution的)
- 登陆你的企业开发者账号,选择
- Distribution
- 登陆你的企业开发者账号,选择
Provisioning Profiles下的Distribution下载Type为iOS Distribution的Provisioning Profiles文件(P.S.:没试过Type为iOS UniversalDistribution的)
- 登陆你的企业开发者账号,选择
3.4 如何获取您证书的名字
- Development
- 打开电脑中的
Keychain Access - 找到您的
Development企业证书,并双击 - 复制证书
Common Name中对应的值到resign.config的CODESIGN_IDENTITIES_DEV
- 打开电脑中的
- Distribution
- 打开电脑中的
Keychain Access - 找到您的
Distribution企业证书,并双击 - 复制证书
Common Name中对应的值到resign.config的CODESIGN_IDENTITIES
- 打开电脑中的
如果不想使用自动重签名,可以将xx.ipa放在resign目录下,并执行脚本resign.sh
文件结构:
1 | aUtoReSiGn |
inject_with_jailbreaking
有空的时候补充一下文档,可以先从传送门过去看看.
class_dump
导出头文件操作流程文档
砸壳时遇见如下
dyld: could not load inserted library 'dumpdecrypted.dylib' because no suitable image found. Did find:
dumpdecrypted.dylib: required code signature missing for 'dumpdecrypted.dylib'
security find-identity -v -p codesigning
codesign --force --verify --verbose --sign "iPhone Developer: xxx xxxx (xxxxxxxxxx)" dumpdecrypted.dylib
本目录下已经预先放置好了需要使用的工具,如果不能使用请从上面的网址去download新的工具来。
从App Store下载的ipa是需要先砸壳然后再使用class-dump才能导出头文件.
如果是自己打包的企业app直接把ipa解压后的xx.app用class-dump就能导出头文件.
针对App Store下载的ipa进行的class-dump(需要越狱的设备)
- 先从ituness上下载xxx.ipa
- 然后将ipa安装到越狱的手机中
- 将
dumpdecrypted.dylib拷贝到手机的(iOS8)/var/mobile/Containers/Data/Application/xxx-xxx/Documents目录下,在iOS7中是/var/mobile/Applications/xxx-xxx/Documents - iOS8然后再cd到3中的目录下执行:
DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xxx-xxx/yyy.app/yyy
iOS7然后再cd到3中的目录下执行:DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxx-xxx/yyy.app/yyy - 然后就会生成
yyy.decrypted - 使用
scp将yyy.decrypted传输到电脑上 ./class-dump -H yyy.decrypted -o outputs- 然后就能在
outputs中看到导出的头文件
针对不需要砸壳的ipa进行的class-dump(不需要越狱的设备)
- 将xxx.ipa解压到
class-dump同个目录下,然后使用下面的命令将头文件导出到outputs目录下: ./class-dump -H xx.app -o outputs- 然后就能在
outputs中看到导出的头文件
B&A&D
环境要求:
- OSX 10.8以上.
- Xcode8.0以上.
使用方式:
- 将
exportOptions,build.sh,archive.config放入你项目的根目录 - 修改
build.sh中ARCHIVE_SCHEME_NAME,ARCHIVE_PROJECT_NAME,ApplicationLoader_UserName,ApplicationLoader_Password为你对应的 - 执行
build.sh archive.config
4.isWKoUI
如何通过Safari检测第三方app的某个页面是WKWebview还是UIWebview
使用方法:
- 使用这里的传送门脚本对app进行重签名.
- PS:要选择Development的配置来进行重签名
- 重签名后将app安装到手机并使用闪电转USB连接线连接Mac电脑
- 打开app到你想要验证的页面
- 打开Mac电脑上的Safari浏览器
- 打开Safari菜单栏上的
开发选项.如果没找到开发选项,请依次点击Safari浏览器->偏好设置->高级->在菜单栏中显示“开发”菜单将勾勾选中.- PS:实在不明白请百度:Safari打开开发者选项
- 然后按如下图操作:
- 点击
Develop.(PS:中文里面是叫做开发) - 选择
devmatocloud的iPhone, 这时会有个WSPXDemo下面会显示app内webview加载的网址.(PS:如果没有网址出现在里面,那么该页面并不是webview做的)devmatocloud的iPhone对应你的手机;WSPXDemo对应你app的名字
- 选择其中一个网址,会弹出对应的
Web Inspector.(PS:中文应该叫web检查器) - 然后在
Console中输入window.statusbar.visible并按回车键,如果输出true那么就是wkwebview,相反则为uiwebview.
- 点击
Trick
- 一般使用
WKWebview都会在native这边通过- (void)addScriptMessageHandler:(id <WKScriptMessageHandler>)scriptMessageHandler name:(NSString *)name;添加一个script消息的handler,那么就可以通过在Web Inspector中输入window.webkit.messageHandlers查看是否有输出对应的输出来判断是哪个webviewUIWebview中的输出为:TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')WKWebview中的输出为:UserMessageHandlersNamespace {}
TODO:
- 弄个网址直接弹窗显示检测结果
crashMe
app崩溃时排查步骤
在app崩溃时所生成的
.crash文件,默认情况下该文件显示的都是十六进制数无法分析。所以我们需要对这些文件进行分析。
需要的工具:
Xcodeapp崩溃时生成的.crash文件,可通过Xcode–>Window–>Devices and Simulators–>View Device Logs从iPhone中提取出来dsym文件(符号表文件)symbolicatecrash(可通过执行find /Applications/Xcode.app/ -name symbolicatecrash找到该文件的所在位置)
使用方式:
- 打开
.crash文件找到其中的uuid - 找到对应的
dysm文件.(可通过dwarfdump --uuid xxx.dsym查看uuid是否和1的一致) - 将
.crash,dysm,symbolicatecrash这3个文件放在同一个文件夹下方便处理 - 执行命令
./symbolicatecrash xxxx.crash xxxx.dSYM/ > output.crash就可以看到符号化以后的崩溃堆栈信息 - 若报错
Error: "DEVELOPER_DIR" is not defined at ./symbolicatecrash,则在终端执行一次后面的命令export DEVELOPER_DIR="/Applications/XCode.app/Contents/Developer",然后再执行一次4的命令.
ps:最后生成的.crash文件只会解析当前项目的代码,其余的还是十六进制数据
实际操作
从
iPhone中获取wspxDemo 2018-11-5, 2-42 PM.crash.crash文件如下(只保留需要的关键信息)Incident Identifier: 211AB31B-F097-47DC-83ED-3AC6B3AC6B05 CrashReporter Key: 991d9b4c57cf7b9c00c2cabc05f20cb4812ea851 Hardware Model: iPhone10,3 Process: wspxDemo [1214] Path: /private/var/containers/Bundle/Application/DF7AAB28-9FF0-99EC-4EA1-16B5C50EB87C/wspxDemo.app/wspxDemo Identifier: com.crash.CrashMe Version: 2222 (22.22.222) Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.crash.CrashMe [738] Date/Time: 2018-11-05 14:42:17.6018 +0800 Launch Time: 2018-11-05 14:42:17.3303 +0800 OS Version: iPhone OS 12.1 (16B5089b) Baseband Version: 3.11.00 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Triggered by Thread: 0 Application Specific Information: abort() called Last Exception Backtrace: (0x1dcfcfea0 0x1dc1a1a40 0x1dcede054 0x102ceb9b4 0x209fda3c8 0x209fdbb30 0x209fe157c 0x20987ea18 0x209887698 0x20987e694 0x20987f034 0x20987d134 0x20987cde0 0x209881fa0 0x209882f00 0x209881e58 0x209886d44 0x209fdfa74 0x209bca088 0x1dfa049d4 0x1dfa0f79c 0x1dfa0ee94 0x1dca0a484 0x1dc9e13f0 0x1dfa43a9c 0x1dfa43728 0x1dfa43d44 0x1dcf601cc 0x1dcf6014c 0x1dcf5fa30 0x1dcf5a8fc 0x1dcf5a1cc 0x1df1d1584 0x209fe3328 0x102cebaf0 0x1dca1abb4) Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x00000001dcb67104 0x1dcb44000 + 143620 1 libsystem_pthread.dylib 0x00000001dcbe6998 0x1dcbe0000 + 27032 2 libsystem_c.dylib 0x00000001dcabed78 0x1dca67000 + 359800 3 libc++abi.dylib 0x00000001dc188f78 0x1dc187000 + 8056 4 libc++abi.dylib 0x00000001dc189120 0x1dc187000 + 8480 5 libobjc.A.dylib 0x00000001dc1a1e48 0x1dc19b000 + 28232 6 libc++abi.dylib 0x00000001dc1950fc 0x1dc187000 + 57596 7 libc++abi.dylib 0x00000001dc195188 0x1dc187000 + 57736 8 libdispatch.dylib 0x00000001dca0a498 0x1dc9a9000 + 398488 9 libdispatch.dylib 0x00000001dc9e13f0 0x1dc9a9000 + 230384 10 FrontBoardServices 0x00000001dfa43a9c 0x1df9f8000 + 309916 11 FrontBoardServices 0x00000001dfa43728 0x1df9f8000 + 309032 12 FrontBoardServices 0x00000001dfa43d44 0x1df9f8000 + 310596 13 CoreFoundation 0x00000001dcf601cc 0x1dceb4000 + 704972 14 CoreFoundation 0x00000001dcf6014c 0x1dceb4000 + 704844 15 CoreFoundation 0x00000001dcf5fa30 0x1dceb4000 + 703024 16 CoreFoundation 0x00000001dcf5a8fc 0x1dceb4000 + 682236 17 CoreFoundation 0x00000001dcf5a1cc 0x1dceb4000 + 680396 18 GraphicsServices 0x00000001df1d1584 0x1df1c6000 + 46468 19 UIKitCore 0x0000000209fe3328 0x2096fc000 + 9335592 20 wspxDemo 0x0000000102cebaf0 0x102ce4000 + 31472 21 libdyld.dylib 0x00000001dca1abb4 0x1dca1a000 + 2996 Thread 1: 0 libsystem_pthread.dylib 0x00000001dcbeece8 0x1dcbe0000 + 60648 Thread 2: 0 libsystem_pthread.dylib 0x00000001dcbeece8 0x1dcbe0000 + 60648 Thread 3: 0 libsystem_pthread.dylib 0x00000001dcbeece8 0x1dcbe0000 + 60648 Thread 4: 0 libsystem_pthread.dylib 0x00000001dcbeece8 0x1dcbe0000 + 60648 Thread 5 name: com.apple.uikit.eventfetch-thread Thread 5: 0 libsystem_kernel.dylib 0x00000001dcb5bed0 0x1dcb44000 + 98000 1 libsystem_kernel.dylib 0x00000001dcb5b3a8 0x1dcb44000 + 95144 2 CoreFoundation 0x00000001dcf5fbc4 0x1dceb4000 + 703428 3 CoreFoundation 0x00000001dcf5aa60 0x1dceb4000 + 682592 4 CoreFoundation 0x00000001dcf5a1cc 0x1dceb4000 + 680396 5 Foundation 0x00000001dd94f404 0x1dd947000 + 33796 6 Foundation 0x00000001dd94f2b0 0x1dd947000 + 33456 7 UIKitCore 0x000000020a0d0430 0x2096fc000 + 10306608 8 Foundation 0x00000001dda821ac 0x1dd947000 + 1290668 9 libsystem_pthread.dylib 0x00000001dcbeb2ac 0x1dcbe0000 + 45740 10 libsystem_pthread.dylib 0x00000001dcbeb20c 0x1dcbe0000 + 45580 11 libsystem_pthread.dylib 0x00000001dcbeecf4 0x1dcbe0000 + 60660 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x0000000000000000 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0x000000028248b4b7 x4: 0x00000001dc198b81 x5: 0x000000016d11a570 x6: 0x000000000000006e x7: 0xffffffff00000500 x8: 0x0000000000000800 x9: 0x00000001dcbe6870 x10: 0x00000001dcbe1ef4 x11: 0x0000000000000003 x12: 0x0000000000000069 x13: 0x0000000000000000 x14: 0x0000000000000010 x15: 0x0000000000000016 x16: 0x0000000000000148 x17: 0x0000000000000000 x18: 0x0000000000000000 x19: 0x0000000000000006 x20: 0x00000001030aeb80 x21: 0x000000016d11a570 x22: 0x0000000000000303 x23: 0x00000001030aec60 x24: 0x0000000000001903 x25: 0x0000000000002103 x26: 0x0000000000000000 x27: 0x0000000000000000 x28: 0x00000002836bc408 fp: 0x000000016d11a4d0 lr: 0x00000001dcbe6998 sp: 0x000000016d11a4a0 pc: 0x00000001dcb67104 cpsr: 0x00000000 Binary Images: 0x102ce4000 - 0x102ceffff wspxDemo arm64 <b0ffd72fc5c33a59bf97c79556430202> /var/containers/Bundle/Application/DF7AAB28-9FF0-99EC-4EA1-16B5C50EB87C/wspxDemo.app/wspxDemo从
Binary Images: 0x102ce4000 - 0x102ceffff wspxDemo arm64 <b0ffd72fc5c33a59bf97c79556430202> /var/containers/Bundle/Application/DF7AAB28-9FF0-99EC-4EA1-16B5C50EB87C/wspxDemo.app/wspxDemo中我们拿到b0ffd72fc5c33a59bf97c79556430202在终端执行
dwarfdump --uuid wspxDemo.app.dSYM/后得到如下的输出:Mero:wspxDemo 2018-11-05 12-56-20 dc$ dwarfdump --uuid wspxDemo.app.dSYM/ UUID: 43C734F8-405F-3970-8B8D-D58575672912 (armv7) wspxDemo.app.dSYM/Contents/Resources/DWARF/wspxDemo UUID: B0FFD72F-C5C3-3A59-BF97-C79556430202 (arm64) wspxDemo.app.dSYM/Contents/Resources/DWARF/wspxDemo对比步骤2和3的结果会发现:
b0ffd72fc5c33a59bf97c79556430202和B0FFD72F-C5C3-3A59-BF97-C79556430202是一致的,所以该wspxDemo 2018-11-5, 2-42 PM.crash.crash对应的dysm就是wspxDemo.app.dSYM在终端执行命令:
./symbolicatecrash wspxDemo\ \ 2018-11-5\,\ 2-42\ PM.crash wspxDemo.app.dSYM/ > output.crash得到如下的输出:Mero:wspxDemo 2018-11-05 12-56-20 dc$ ./symbolicatecrash wspxDemo\ \ 2018-11-5\,\ 2-42\ PM.crash wspxDemo.app.dSYM/ > output.crash Error: "DEVELOPER_DIR" is not defined at ./symbolicatecrash line 69.报错:
Error: "DEVELOPER_DIR" is not defined at ./symbolicatecrash line 69.执行如下命令:
export DEVELOPER_DIR="/Applications/XCode.app/Contents/Developer"然后再执行5的命令.执行结果如下:Mero:wspxDemo 2018-11-05 12-56-20 dc$ export DEVELOPER_DIR="/Applications/XCode.app/Contents/Developer" Mero:wspxDemo 2018-11-05 12-56-20 dc$ ./symbolicatecrash wspxDemo\ \ 2018-11-5\,\ 2-42\ PM.crash wspxDemo.app.dSYM/ > output.crash如果没有报任何其他错误,则说明你已经成功把
crash符号了,这时打开output.crash开始查看崩溃堆栈吧如下是符号化后的
output.crash文件的内容:Incident Identifier: 211AB31B-F097-47DC-83ED-3AC6B3AC6B05 CrashReporter Key: 991d9b4c57cf7b9c00c2cabc05f20cb4812ea851 Hardware Model: iPhone10,3 Process: wspxDemo [1214] Path: /private/var/containers/Bundle/Application/DF7AAB28-9FF0-99EC-4EA1-16B5C50EB87C/wspxDemo.app/wspxDemo Identifier: com.crash.CrashMe Version: 2222 (22.22.222) Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.crash.CrashMe [738] Date/Time: 2018-11-05 14:42:17.6018 +0800 Launch Time: 2018-11-05 14:42:17.3303 +0800 OS Version: iPhone OS 12.1 (16B5089b) Baseband Version: 3.11.00 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Triggered by Thread: 0 Application Specific Information: abort() called Last Exception Backtrace: 0 CoreFoundation 0x1dcfcfea0 __exceptionPreprocess + 228 1 libobjc.A.dylib 0x1dc1a1a40 objc_exception_throw + 55 2 CoreFoundation 0x1dcede054 -[__NSSingleObjectArrayI objectAtIndex:] + 127 3 wspxDemo 0x102ceb9b4 -[AppDelegate application:didFinishLaunchingWithOptions:] + 31156 (AppDelegate.m:150) 4 UIKitCore 0x209fda3c8 -[UIApplication _handleDelegateCallbacksWithOptions:isSuspended:restoreState:] + 411 5 UIKitCore 0x209fdbb30 -[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 3339 6 UIKitCore 0x209fe157c -[UIApplication _runWithMainScene:transitionContext:completion:] + 1551 7 UIKitCore 0x20987ea18 __111-[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:]_block_invoke + 783 8 UIKitCore 0x209887698 +[_UICanvas _enqueuePostSettingUpdateTransactionBlock:] + 159 9 UIKitCore 0x20987e694 -[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:] + 239 10 UIKitCore 0x20987f034 -[__UICanvasLifecycleMonitor_Compatability activateEventsOnly:withContext:completion:] + 1075 11 UIKitCore 0x20987d134 __82-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:]_block_invoke + 771 12 UIKitCore 0x20987cde0 -[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:] + 431 13 UIKitCore 0x209881fa0 __125-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:]_block_invoke + 219 14 UIKitCore 0x209882f00 _performActionsWithDelayForTransitionContext + 111 15 UIKitCore 0x209881e58 -[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:] + 247 16 UIKitCore 0x209886d44 -[_UICanvas scene:didUpdateWithDiff:transitionContext:completion:] + 367 17 UIKitCore 0x209fdfa74 -[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 539 18 UIKitCore 0x209bca088 -[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 363 19 FrontBoardServices 0x1dfa049d4 -[FBSSceneImpl _didCreateWithTransitionContext:completion:] + 443 20 FrontBoardServices 0x1dfa0f79c __56-[FBSWorkspace client:handleCreateScene:withCompletion:]_block_invoke_2 + 259 21 FrontBoardServices 0x1dfa0ee94 __40-[FBSWorkspace _performDelegateCallOut:]_block_invoke + 63 22 libdispatch.dylib 0x1dca0a484 _dispatch_client_callout + 15 23 libdispatch.dylib 0x1dc9e13f0 _dispatch_block_invoke_direct$VARIANT$armv81 + 215 24 FrontBoardServices 0x1dfa43a9c __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 39 25 FrontBoardServices 0x1dfa43728 -[FBSSerialQueue \_performNext] + 415 26 FrontBoardServices 0x1dfa43d44 -[FBSSerialQueue \_performNextFromRunLoopSource] + 55 27 CoreFoundation 0x1dcf601cc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 23 28 CoreFoundation 0x1dcf6014c __CFRunLoopDoSource0 + 87 29 CoreFoundation 0x1dcf5fa30 __CFRunLoopDoSources0 + 175 30 CoreFoundation 0x1dcf5a8fc __CFRunLoopRun + 1039 31 CoreFoundation 0x1dcf5a1cc CFRunLoopRunSpecific + 435 32 GraphicsServices 0x1df1d1584 GSEventRunModal + 99 33 UIKitCore 0x209fe3328 UIApplicationMain + 211 34 wspxDemo 0x102cebaf0 main + 31472 (main.m:14) 35 libdyld.dylib 0x1dca1abb4 start + 3 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x00000001dcb67104 __pthread_kill + 8 1 libsystem_pthread.dylib 0x00000001dcbe6998 pthread_kill$VARIANT$armv81 + 296 2 libsystem_c.dylib 0x00000001dcabed78 abort + 140 3 libc++abi.dylib 0x00000001dc188f78 __cxa_bad_cast + 0 4 libc++abi.dylib 0x00000001dc189120 default_unexpected_handler+ 8480 () + 0 5 libobjc.A.dylib 0x00000001dc1a1e48 _objc_terminate+ 28232 () + 124 6 libc++abi.dylib 0x00000001dc1950fc std::__terminate(void (*)+ 57596 ()) + 16 7 libc++abi.dylib 0x00000001dc195188 std::terminate+ 57736 () + 84 8 libdispatch.dylib 0x00000001dca0a498 _dispatch_client_callout + 36 9 libdispatch.dylib 0x00000001dc9e13f0 _dispatch_block_invoke_direct$VARIANT$armv81 + 216 10 FrontBoardServices 0x00000001dfa43a9c __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 40 11 FrontBoardServices 0x00000001dfa43728 -[FBSSerialQueue _performNext] + 416 12 FrontBoardServices 0x00000001dfa43d44 -[FBSSerialQueue _performNextFromRunLoopSource] + 56 13 CoreFoundation 0x00000001dcf601cc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 14 CoreFoundation 0x00000001dcf6014c __CFRunLoopDoSource0 + 88 15 CoreFoundation 0x00000001dcf5fa30 __CFRunLoopDoSources0 + 176 16 CoreFoundation 0x00000001dcf5a8fc __CFRunLoopRun + 1040 17 CoreFoundation 0x00000001dcf5a1cc CFRunLoopRunSpecific + 436 18 GraphicsServices 0x00000001df1d1584 GSEventRunModal + 100 19 UIKitCore 0x0000000209fe3328 UIApplicationMain + 212 20 wspxDemo 0x0000000102cebaf0 main + 31472 (main.m:14) 21 libdyld.dylib 0x00000001dca1abb4 start + 4 Thread 1: 0 libsystem_pthread.dylib 0x00000001dcbeece8 start_wqthread + 0 Thread 2: 0 libsystem_pthread.dylib 0x00000001dcbeece8 start_wqthread + 0 Thread 3: 0 libsystem_pthread.dylib 0x00000001dcbeece8 start_wqthread + 0 Thread 4: 0 libsystem_pthread.dylib 0x00000001dcbeece8 start_wqthread + 0 Thread 5 name: com.apple.uikit.eventfetch-thread Thread 5: 0 libsystem_kernel.dylib 0x00000001dcb5bed0 mach_msg_trap + 8 1 libsystem_kernel.dylib 0x00000001dcb5b3a8 mach_msg + 72 2 CoreFoundation 0x00000001dcf5fbc4 __CFRunLoopServiceMachPort + 236 3 CoreFoundation 0x00000001dcf5aa60 __CFRunLoopRun + 1396 4 CoreFoundation 0x00000001dcf5a1cc CFRunLoopRunSpecific + 436 5 Foundation 0x00000001dd94f404 -[NSRunLoop+ 33796 (NSRunLoop) runMode:beforeDate:] + 300 6 Foundation 0x00000001dd94f2b0 -[NSRunLoop+ 33456 (NSRunLoop) runUntilDate:] + 148 7 UIKitCore 0x000000020a0d0430 -[UIEventFetcher threadMain] + 136 8 Foundation 0x00000001dda821ac __NSThread__start__ + 1040 9 libsystem_pthread.dylib 0x00000001dcbeb2ac \_pthread_body + 128 10 libsystem_pthread.dylib 0x00000001dcbeb20c \_pthread_start + 48 11 libsystem_pthread.dylib 0x00000001dcbeecf4 thread_start + 4 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x0000000000000000 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0x000000028248b4b7 x4: 0x00000001dc198b81 x5: 0x000000016d11a570 x6: 0x000000000000006e x7: 0xffffffff00000500 x8: 0x0000000000000800 x9: 0x00000001dcbe6870 x10: 0x00000001dcbe1ef4 x11: 0x0000000000000003 x12: 0x0000000000000069 x13: 0x0000000000000000 x14: 0x0000000000000010 x15: 0x0000000000000016 x16: 0x0000000000000148 x17: 0x0000000000000000 x18: 0x0000000000000000 x19: 0x0000000000000006 x20: 0x00000001030aeb80 x21: 0x000000016d11a570 x22: 0x0000000000000303 x23: 0x00000001030aec60 x24: 0x0000000000001903 x25: 0x0000000000002103 x26: 0x0000000000000000 x27: 0x0000000000000000 x28: 0x00000002836bc408 fp: 0x000000016d11a4d0 lr: 0x00000001dcbe6998 sp: 0x000000016d11a4a0 pc: 0x00000001dcb67104 cpsr: 0x00000000 Binary Images: 0x102ce4000 - 0x102ceffff wspxDemo arm64 <b0ffd72fc5c33a59bf97c79556430202> /var/containers/Bundle/Application/DF7AAB28-9FF0-99EC-4EA1-16B5C50EB87C/wspxDemo.app/wspxDemo- 从
crash文件中我们很容易定位到app挂在了AppDelegate.m文件中的第150行这里.并且可能是因为数组越界导致崩溃。从源码截图中看确实是在AppDelegate.m的150行有问题. - 得到符号化
crash文件后就可以进一步排查问题,之前有写过相关的博客传送门在这里就不再详细说明.
