What is ___lldb_unnamed_symbol?

Question

I want to set a breakpoint on a third party class instance method.

br set -r "\[ThirdPartyClass .*\]$"

But I got (no location).

Then I want to lookup this class and found what's wrong with it.

image lookup -t ThirdPartyClass

The output is empty. Things become weird.

Finally, I use hopper to find the address offset of the instance method which is something like this.

                     -[ThirdPartyClass aMethod:]:
00000001008f83b8         stp        x22, x21, [sp, #-0x30]!                     ; Objective C Implementation defined at 0x101098168 (instance method), DATA XREF=0x101098168
00000001008f83bc         stp        x20, x19, [sp, #0x10]
00000001008f83c0         stp        x29, x30, [sp, #0x20]
00000001008f83c4         add        x29, sp, #0x20
00000001008f83c8         mov        x19, x2
00000001008f83cc         mov        x20, x0
00000001008f83d0         adrp       x8, #0x101102000
00000001008f83d4         ldr        x1, [x8, #0xb40]
00000001008f83d8         mov        x0, x19
00000001008f83dc         bl         imp___stubs__objc_msgSend
00000001008f83e0         adrp       x8, #0x101116000
00000001008f83e4         ldrsw      x21, [x8, #0x8d4]
00000001008f83e8         ldr        x0, x20, x21
00000001008f83ec         adrp       x8, #0x101102000
00000001008f83f0         ldr        x1, [x8, #0x940]
00000001008f83f4         bl         imp___stubs__objc_msgSend
00000001008f83f8         str        x19, x20, x21
00000001008f83fc         ldp        x29, x30, [sp, #0x20]
00000001008f8400         ldp        x20, x19, [sp, #0x10]
00000001008f8404         ldp        x22, x21, [sp]!, #0x30
00000001008f8408         ret

And find base address with this.

image list -f -o
[  0] /Users/TEP/Library/Developer/Xcode/DerivedData/XXXXXX 0x00000000009e8000

When I mixed up all these addresses.

image lookup -a 0x00000000009e8000+0x0000001008f83b8

I got this:

  Address: XXXXXXX[0x00000001008f83b8] (XXXXXXXX.__TEXT.__text + 9376552)
  Summary: XXXXXXXXXX`___lldb_unnamed_symbol98$$XXXXXXXXXX

So, what is ___lldb_unnamed_symbol? where is this class and why I can't find it?

Answer 1

In the main executable of an app, Objective-C code is stripped out so LLDB is unable to read these symbols. This is different than dynamically linked frameworks, where you can still resolve the symbols.

That being said, you're going after Objective-C, so you can use the Objective-C runtime against itself. There's a number of ways to find the location of that method when loaded into memory. But since I see you're using the regex option in that breakpoint, I'd suggest you take a look at this custom LLDB script that can search the main executable for stripped out classes

https://github.com/DerekSelander/LLDB/blob/master/lldb_commands/lookup.py

This command, called lookup, can be used like so:

(lldb) lookup -X \[ThirdPartyClass\s

Using the -l argument you can get the load address of these methods (lldb) lookup -X -l \[ThirdPartyClass\s

And of course you can set a breakpoint on all these methods with the -B option (lldb) lookup -X -B \[ThirdPartyClass\s

You can see this lookup command being used in this video https://youtu.be/gxfrJuxwblI?t=20m50s