What do you think?
Rate this book
Advanced Apple Debugging & Reverse Engineering: Exploring Apple code through LLDB, Python and DTrace
Explore Apple code through LLDB, Python and Dtrace!
Learn the powerful secrets of Apple's software debugger, LLDB, that can get more information out of any program than you ever thought possible.
In Advanced Apple Debugging and Reverse Engineering, you'll come to realize debugging is an enjoyable process to help you better understand software. Not only will you learn to find bugs faster, but you’ll also learn how other developers have solved problems similar to yours. You'll also learn how to create custom, powerful debugging scripts that will help you quickly find the secrets behind any bit of code that piques your interest.
Who This Book Is For
This book is for intermediate to advanced iOS/macOS developers who are already familiar with either Swift or Objective-C and want to take their debugging skills to the next level.
Topics Covered in Advanced Apple Debugging & Reverse Engineering
LLDB Max Achievement: Master LLDB and learn about its extensive list of subcommands and options.
1's and 0's: Learn the low-level components available to help extract useful information from a program, from assembly calling conventions to exploring the process of dynamically-loaded frameworks.
The Power of Python: Use LLDB’s Python module to create powerful custom debugging commands to introspect and augment existing programs.
Nothing is Secret: Learn how to use Dtrace, a dynamic tracing framework, and how to write D scripts to query anything you were ever curious about on your macOS machine.
Case Studies: Quickly find and solve the real-world issues that iOS and macOS developers typically face in their day-to-day development workflow.
After reading this book, you'll have the tools and knowledge to answer even the most obscure question about your code — or someone else’s.
Learn the powerful secrets of Apple's software debugger, LLDB, that can get more information out of any program than you ever thought possible.
In Advanced Apple Debugging and Reverse Engineering, you'll come to realize debugging is an enjoyable process to help you better understand software. Not only will you learn to find bugs faster, but you’ll also learn how other developers have solved problems similar to yours. You'll also learn how to create custom, powerful debugging scripts that will help you quickly find the secrets behind any bit of code that piques your interest.
Who This Book Is For
This book is for intermediate to advanced iOS/macOS developers who are already familiar with either Swift or Objective-C and want to take their debugging skills to the next level.
Topics Covered in Advanced Apple Debugging & Reverse Engineering
LLDB Max Achievement: Master LLDB and learn about its extensive list of subcommands and options.
1's and 0's: Learn the low-level components available to help extract useful information from a program, from assembly calling conventions to exploring the process of dynamically-loaded frameworks.
The Power of Python: Use LLDB’s Python module to create powerful custom debugging commands to introspect and augment existing programs.
Nothing is Secret: Learn how to use Dtrace, a dynamic tracing framework, and how to write D scripts to query anything you were ever curious about on your macOS machine.
Case Studies: Quickly find and solve the real-world issues that iOS and macOS developers typically face in their day-to-day development workflow.
After reading this book, you'll have the tools and knowledge to answer even the most obscure question about your code — or someone else’s.
- GenresProgramming
478 pages, Paperback
Published March 14, 2017
9 people are currently reading
48 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
February 6, 2024
This is a joint review of the 3rd ed. (of 2018, the last print edition) and the 4th ed. (of 2023, only available as an ebook on the Kodeco's website).
The title of this book is Advanced Apple Debugging & Reverse Engineering, but the focus is almost completely on the debugging side of this. Of course, debugging is a crucial aspect of reverse engineering, but only in a very few places is something that could be considered reverse engineering done.
The 3rd ed. of this book is hopelessly outdated, as Swift and LLDB change very quickly over time, so many things in the book will not work anymore or will work differently. The 4th ed. (ebook only) is more up to date, but due to the original author abandoning the book, it has been picked up by a different author. Unfortunately, it seems this lead to a rather hastily done adaption of the content to Apple's current ARM environment. There are a few places where text has been copied from the 3rd ed. without proper modifications. In other parts, sections or even whole chapters have been removed despite still being relevant today, presumably because they were too much trouble to adapt to the more recent environment.
The book is written as a long tutorial for Apple's LLDB debugger, and it covers both macOS and iOS. The first part teaches commonly used debugging commands as they could be used in Xcode or in the command line debugger. In the second part, we learn the structure of Apple binary files, how dynamic libraries are used and the memour layout for binaries.
The last part covers LLDB's Python API with which we can access all debugger commands and data available to the debugger (that is, everything that's loaded into memory for the binary under investigation), and evaluate it with Python's logic. There is also a section on DTrace, a program that allows us to observe and record ("hook") properties of classes and procedures at runtime. DTrace can also be combined with Python scripting to make it particularly powerful.
It is a well-structured and well-written book, and to me the part on scripting is immensely valuable, as this material must have been collected by the author through quite some effort, given that LLDB's public documentation is woefully incomplete. It would be a huge wall to overcome if you want to start from scratch gathering this knowledge yourself.
As a downside, due to the tutorial style, there is only little theory giving a bigger picture. At least the most important classes for the Python debugging API and their interrelations are explained, and there is a little bit of explanation on the format of DTrace commands. Sadly, this book of over 550 pages does not have an index, Boo!
Some technical remarks
If you want to follow along this book, you need macOS with System Integrity Protection (SIP) disabled to be able to attach your debugger to certain programs or use DTrace. This will leave your Mac vulnerable, and if you do not want to do this or have a spare Mac for it, you have to use a virtual machine. On Macs with ARM processors, the classical VMs like VMware or VirtualBox do not work anymore. Luckily, you can instead use Parallels or (the much cheaper) UTM. Either one allows for a very easy installation of macOS, and in the most recent version it is easy to start them into Recovery Mode and disable SIP (google it).
For iOS, usually one needs a jailbroken iPhone to debug programs. But on a Mac with SIP disabled, most of the material can be done using the Simulator that comes with Xcode (be aware though that iOS apps running on Simulator are not always identical to those running on a physical iPhone).
If you are using an Intel machine and want to run macOS in a VM there, you should use VMware, and find yourself an image of macOS 11 (Intel), pray that it hasn't been cracked and imbued with malware. You will then need to find a "VMware unlocker" that allows you to install macOS, it will not be possible to do so by default (and keep the unlocker in case it gets removed after a version update). Once macOS is installed, boot it into Recovery Mode like a physical machine and disable SIP.
The title of this book is Advanced Apple Debugging & Reverse Engineering, but the focus is almost completely on the debugging side of this. Of course, debugging is a crucial aspect of reverse engineering, but only in a very few places is something that could be considered reverse engineering done.
The 3rd ed. of this book is hopelessly outdated, as Swift and LLDB change very quickly over time, so many things in the book will not work anymore or will work differently. The 4th ed. (ebook only) is more up to date, but due to the original author abandoning the book, it has been picked up by a different author. Unfortunately, it seems this lead to a rather hastily done adaption of the content to Apple's current ARM environment. There are a few places where text has been copied from the 3rd ed. without proper modifications. In other parts, sections or even whole chapters have been removed despite still being relevant today, presumably because they were too much trouble to adapt to the more recent environment.
The book is written as a long tutorial for Apple's LLDB debugger, and it covers both macOS and iOS. The first part teaches commonly used debugging commands as they could be used in Xcode or in the command line debugger. In the second part, we learn the structure of Apple binary files, how dynamic libraries are used and the memour layout for binaries.
The last part covers LLDB's Python API with which we can access all debugger commands and data available to the debugger (that is, everything that's loaded into memory for the binary under investigation), and evaluate it with Python's logic. There is also a section on DTrace, a program that allows us to observe and record ("hook") properties of classes and procedures at runtime. DTrace can also be combined with Python scripting to make it particularly powerful.
It is a well-structured and well-written book, and to me the part on scripting is immensely valuable, as this material must have been collected by the author through quite some effort, given that LLDB's public documentation is woefully incomplete. It would be a huge wall to overcome if you want to start from scratch gathering this knowledge yourself.
As a downside, due to the tutorial style, there is only little theory giving a bigger picture. At least the most important classes for the Python debugging API and their interrelations are explained, and there is a little bit of explanation on the format of DTrace commands. Sadly, this book of over 550 pages does not have an index, Boo!
Some technical remarks
If you want to follow along this book, you need macOS with System Integrity Protection (SIP) disabled to be able to attach your debugger to certain programs or use DTrace. This will leave your Mac vulnerable, and if you do not want to do this or have a spare Mac for it, you have to use a virtual machine. On Macs with ARM processors, the classical VMs like VMware or VirtualBox do not work anymore. Luckily, you can instead use Parallels or (the much cheaper) UTM. Either one allows for a very easy installation of macOS, and in the most recent version it is easy to start them into Recovery Mode and disable SIP (google it).
For iOS, usually one needs a jailbroken iPhone to debug programs. But on a Mac with SIP disabled, most of the material can be done using the Simulator that comes with Xcode (be aware though that iOS apps running on Simulator are not always identical to those running on a physical iPhone).
If you are using an Intel machine and want to run macOS in a VM there, you should use VMware, and find yourself an image of macOS 11 (Intel), pray that it hasn't been cracked and imbued with malware. You will then need to find a "VMware unlocker" that allows you to install macOS, it will not be possible to do so by default (and keep the unlocker in case it gets removed after a version update). Once macOS is installed, boot it into Recovery Mode like a physical machine and disable SIP.
Displaying 1 of 1 review