使用gdb调试theos tweak插件

查看设备日志tail -f /var/log/syslog
或者

Mobilesubstrate injects your dylib into the target process. Debugging the target process using GDB or LLDB is also debugging your extension code. I will show you how to debug Mobilesubstrate extension using GDB. Here is simple Mobilesubstrate/Logos extension:

%hook SBApplicationController
-(void)uninstallApplication:(id)application {
    int i = 5;
    i = i +7;
    NSLog(@"Hey, we're hooking uninstallApplication: and number: %d", i);
    %orig; // Call the original implementation of this method
    return;
}
%end

I compile and install the code, and then attaching gdb to it:

yaron-shanis-iPhone:~ root# ps aux | grep -i springboard
mobile     396   1.6  4.3   423920  21988   ??  Ss    2:19AM   0:05.23 /System/Library/CoreServices/SpringBoard.app/SpringBoard
root       488   0.0  0.1   273024    364 s000  S+    2:22AM   0:00.01 grep -i springboard
yaron-shanis-iPhone:~ root# gdb -p 488

You can find your Mobilesubstrate extension with the command:

(gdb) info sharedlibrary 

This command print a list of loaded modules, find your extension:

test-debug-substrate.dylib            - 0x172c000         dyld Y Y /Library/MobileSubstrate/DynamicLibraries/test-debug-substrate.dylib at 0x172c000 (offset 0x172c000)

You can also find the address of Logos uninstallApplication hook:

(gdb) info functions uninstallApplication

Which outputs this:

0x0172cef0  _logos_method$_ungrouped$SBApplicationController$uninstallApplication$(SBApplicationController*, objc_selector*, objc_object*)

You can debug your uninstallApplication hook function with breakpoints and other gdb features:

(gdb) b *0x0172cef0+36

Where the offset 36 is the assembly opcode that adding of 7 to the i variable in uninstallApplication hook function. You can continue to debug your Mobilesubstrate extension from here as you wish.