最新項(xiàng)目有一些BUG。莫名奇怪。
網(wǎng)上給出的都是要DSYM文件的。我之前項(xiàng)目沒(méi)有生成DSYM文件。

用之前的辦法找了一些。對(duì)于一些古怪的BUG不清楚不好用。
我寫(xiě)一個(gè)崩潰的例子：

[self doesNotRecognizeSelector:@selector(xxx)];

很明顯。這里會(huì)崩潰：

_CFRunLoopError_RunCalledWithInvalidMode to debug. This message will only appear once per execution.
2017-05-23 13:16:14.564712+0800 ShangXin[236:5197] UMLOG: error: session_id=2EDD98E50F32B02D719C97C632C05FD8, context=-[SXHomeViewController xxx]: unrecognized selector sent to instance 0x101528c40
(null)
((
    0   CoreFoundation                      0x0000000186026ff0 <redacted> + 148
    1   libobjc.A.dylib                     0x0000000184a88538 objc_exception_throw + 56
    2   CoreFoundation                      0x000000018602def4 <redacted> + 0
    3   ShangXin                            0x0000000100402198 -[SXHomeViewController viewDidLoad] + 84
    4   ShangXin                            0x00000001006017b8 __vcViewDidLoad + 480
    5   UIKit                               0x000000018c155f9c <redacted> + 1036
    6   UIKit                               0x000000018c20e0c4 <redacted> + 72
    7   UIKit                               0x000000018c20df9c <redacted> + 416
    8   UIKit                               0x000000018c20d2cc <redacted> + 144
    9   UIKit                               0x000000018c20cd00 <redacted> + 856
    10  UIKit                               0x000000018c20c8b4 <redacted> + 64
    11  UIKit                               0x000000018c20c818 <redacted> + 188
    12  UIKit                               0x000000018c153158 <redacted> + 1200
    13  QuartzCore                          0x0000000189343274 <redacted> + 148
    14  QuartzCore                          0x0000000189337de8 <redacted> + 292
    15  QuartzCore                          0x0000000189337ca8 <redacted> + 32
    16  QuartzCore                          0x00000001892b3360 <redacted> + 252
    17  QuartzCore                          0x00000001892da3c0 <redacted> + 504
    18  QuartzCore                          0x00000001892dae8c <redacted> + 120
    19  CoreFoundation                      0x0000000185fd49a0 <redacted> + 32
    20  CoreFoundation                      0x0000000185fd2628 <redacted> + 372
    21  CoreFoundation                      0x0000000185f02db4 CFRunLoopRunSpecific + 456
    22  UIKit                               0x000000018c1c045c <redacted> + 652
    23  UIKit                               0x000000018c1bb130 UIApplicationMain + 208
    24  ShangXin                            0x00000001004af6b8 main + 124
    25  libdyld.dylib                       0x0000000184f1159c <redacted> + 4
)

dSYM UUID: A558F24E-26FD-31B3-B23D-241289FF6D44
CPU Type: arm64
Slide Address: 0x0000000100000000
Binary Image: ShangXin
Base Address: 0x00000001000a0000
2017-05-23 13:16:14.591106+0800 ShangXin[236:5197] UMLOG: session: session_id=2EDD98E50F32B02D719C97C632C05FD8, duration=10.790535

WX20170523-132010@2x.png

上圖Xcode 已經(jīng)幫我定位到是-[SXHomeViewController viewDidLoad] + 84的位置。

WX20170523-132521@2x.png

(lldb) image list -o -f
[  0] 0x00000000000a0000 /Users/zhangxiaoliang/Library/Developer/Xcode/DerivedData/ShangXin-fqfhhkkpshfleqeggllubtmnpskg/Build/Products/Debug-iphoneos/ShangXin.app/ShangXin
[  1] 0x0000000101298000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/usr/lib/dyld
[  2] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/usr/lib/libc++.1.dylib
[  3] 0x0000000101320000 /Users/zhangxiaoliang/Library/Developer/Xcode/DerivedData/ShangXin-fqfhhkkpshfleqeggllubtmnpskg/Build/Products/Debug-iphoneos/ShangXin.app/Frameworks/RevealServer.framework/RevealServer
[  4] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/usr/lib/libz.1.dylib
[  5] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
[  6] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/System/Library/Frameworks/AudioToolbox.framework/AudioToolbox
[  7] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/System/Library/Frameworks/AssetsLibrary.framework/AssetsLibrary
[  8] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/System/Library/Frameworks/AVFoundation.framework/AVFoundation
[  9] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 (14E277)/Symbols/System/Library/Frameworks/ImageIO.framework/ImageIO
[ 10] 0x00000000049e0000 /Users/zhangxiaoliang/Library/Developer/Xcode/iOS DeviceSupport/10.3 
此處省略N個(gè)動(dòng)靜態(tài)庫(kù)的偏移信息

鏡像地址如上：不知道為什么xcode 沒(méi)給出 偏移后的地址。
其實(shí)上面的有個(gè)這樣的信息：

Slide Address: 0x0000000100000000
Binary Image: ShangXin
Base Address: 0x00000001000a0000

Base Address: 0x00000001000a0000 = Slide Address: 0x0000000100000000 + 0x00000000000a0000 ;
0x00000000000a0000是隨機(jī)值，每次都不一樣。Slide Address 在ios 貌似永遠(yuǎn)是0x0000000100000000。和hoper 里面里面 從0x0000000100000000開(kāi)始 是一樣的。

上面：

 3   ShangXin                            0x0000000100402198 -[SXHomeViewController viewDidLoad] + 84 

就是崩潰點(diǎn)，崩潰信息 永遠(yuǎn)都是最后的APPName 地址處導(dǎo)致崩潰。其他都是都是蘋(píng)果的動(dòng)靜態(tài)庫(kù)，是沒(méi)有錯(cuò)的。
上面的stack 地址 ： 0x0000000100402198 = -[SXHomeViewController viewDidLoad] +84；
0x0000000100402198 - randomization地址（0x00000000000a000） = -[SXHomeViewController viewDidLoad] (hopper 里面的地址，內(nèi)存中的地址是要 減去 0x00000000000a000) + 86（此處要換算為16進(jìn)制）；

有圖有證據(jù)：

WX20170523-134749@2x.png

0000000100362144 + 0x54(86) = 0x0000000100402198 - randomization地址（0x00000000000a000）；

定位到匯編的 0000000100362198 ldur x1, [x29, #0xffffffe8]
所以我們可以這樣找崩潰信息，雖有一點(diǎn)偏差，差一行代碼。

手機(jī)上的顯示崩潰日志跟這個(gè)稍微不一樣：

Snip20170523_2.png

Last Exception Backtrace:
0   CoreFoundation                  0x186026fd8 __exceptionPreprocess + 124
1   libobjc.A.dylib                 0x184a88538 objc_exception_throw + 56
2   CoreFoundation                  0x18602def4 -[NSObject(NSObject) doesNotRecognizeSelector:] + 140
3   ShangXin                        0x100406198 0x1000a4000 + 3547544
4   ShangXin                        0x1006057b8 0x1000a4000 + 5642168

發(fā)現(xiàn)此處 ：

 3   ShangXin                       0x100406198 0x1000a4000 + 3547544
4   ShangXin                        0x1006057b8 0x1000a4000 + 5642168

0x100406198 = 0x1000a4000 + 0x362198 （3547544）
蘋(píng)果給出 鏡像 地址列表和xcode 里面不一樣：
Binary Images:

0x1000a4000 - 0x100923fff ShangXin arm64  <a558f24e26fd31b3b23d241289ff6d44> /var/containers/Bundle/Application/D1A648DA-6D9F-490D-913A-ABE73433F222/ShangXin.app/ShangXin

直接給出了偏移后的地址。
xocde 里面只會(huì)給出偏移隨機(jī)值；
所以要從手機(jī)上看出的日志在hopper里面找 是這樣的： 0x1000a4000 - 0xa4000 + 0x362198(3547544) ;

0x1000a4000 - 0xa4000(randomization地址)+ 0x362198(3547544) = -[SXHomeViewController viewDidLoad](hopper 里面的地址0x100362144) +0x54 (86（此處要換算為16進(jìn)制）)

。我們來(lái)看看友盟怎么給我們傳回?cái)?shù)據(jù)呢

WX20170523-135528@2x.png

可能是我打開(kāi)了生成DYSM文件吧。這個(gè)直接在hopper 搜 0x100362198 即可找到崩潰位置。但是大多時(shí)候給我的是內(nèi)存地址。

最后總結(jié)下：
Base Address = Slide Address + 偏移；

stack address = 函數(shù)地址+ 代碼偏移(函數(shù)內(nèi)部偏移) ；
stack address = Base Address + 函數(shù)偏移(hopper中位置 - 0x100000000 (Slide Address)) +代碼偏移(函數(shù)內(nèi)部偏移)；

xcode：
直接在xocde里面根據(jù)崩潰函數(shù)名找，或者用 stack address - app可執(zhí)行文件（偏移），在hopper里面看。
手機(jī)崩潰日志：
stack address - 偏移在hopper 找，偏移 = Base Address - Slide Address， Slide Address貌似永遠(yuǎn)是0x100000000;
友盟：
直接根據(jù) 崩潰的地址找