According to ASLR(Address Space Layout Randomization), It provides random stack and heap allocations and page load every time a process starts, and randomize the address where objects are placed in virtual space of a given process.
But in my application running on ios, i create an object named ObjectA, after several reload the process ,i found that the address of ObjectA is all the same ,no randomize.
How does Apples's own ASLR implementation work? Why ObjectA's address is all the same?
What you mean for "several reload"? You should explicitly quit the application, because of the multitasking you might reopen the same process.
eg.
This is one of my applications printing out the address of a UIViewController instance, as you can see the address of the object is different in every execution.
First run: <DCViewController: 0x13d4a0>
Second run: <DCViewController: 0x2880f0>
Third run: <DCViewController: 0x2a2050>
(I do not think this is the case but in XCode there's an option to enable PIE (Position Independent Executable) under "Build Settings" and it's called "Don't Create Position Indipendent Executables", you can find it easily but typing "pie" in the search box. This option should be set to No).
EDIT:
Moreover Xcode will only make PIE binaries if deployment target is >= 4.3
Hope this helps =)
For completeness, the guy who did the work to answer that question was Dino Zovi in Apple iOS 4 Security Evaluation. My apologies if someone else published before Dino (I am not aware of the work or who you are).
Zovi published his stuff well before Apple published iOS Security. Dino's work is still more complete.
Related
I try to add UI test cases to our existing mac application. I already tried UI test cases for iOS, which includes the following steps
I choosed Appium instead of Apple's UIAutomator, because I want to maintain the same flow for our Android apps too.
To proceed the automation, I need to set Labels/Values/Identifiers to the elements. So that they can be accessible. We used drawRect method in most parts, so I followed this post to make drawed components accessible.
I can set/read elements in iOS. What I did is, whenever I draw an element, I simply created an UIAccessibilityElement and added in the corresponding view.
Now, I'm trying to write UI tests for our mac application. As Appium does not have support to the mac application, I considered to use Apple's XCTest UI recording/playback to automate my mac application.
Here is the steps that I took:
NSAccessibility is the class that provides accessibility to the mac application
With XCTest, If I knew a particular elements (say a button) identifier/label, I can proceed with automated tap action
Unlike UIAccessibility, NSAccessibility is a role based object. That is, we need to mention which type of accessibility element that we are going to define.
To start the automation process, I took my mac applications left panel, which has five buttons aligned vertically in it
I set identifiers to those buttons. Then I opened Accessibility Inspector and opened my mac app. The values are properly set.
Then I tried to use record option in XCTest. When tapping the button, crashes the app with the error
"Recorder Service Error: Left Mouse Down: Failed to find matching
element".
I posted about it here.
Questions:
Can someone suggest me the right path to automate mac application? Am I going in the right way?
I googled a lot to see a working sample code about how to implement NSAccessibility. But I can not found anything. Can someone share any useful links/samples?
All I need is, to get elements by identifier/label. Accessibility Inspector shows the right value where as XCTest can not read the identifiers. Did anyone face this issue?
Thanks in Advance
So I downloaded the beta of XCode 7 and I've created some UI tests, but I can't find the functionality of how to take screenshots of my app/UI during the test.
Can someone please help?
UI Testing in Xcode automatically takes screenshots of your app after every step.
Simply go to one of the tests that has already ran (Report Navigator > choose a Test), then start expanding your tests. When you hover your mouse over the steps, you will see eye icons near each step that has a screenshot.
Here's an example... in this case, notice the eye icon at the end of the gray row. If I were to tap on it, I would see a screenshot of the app right when the button in my app was tapped (since the step is Tap the "Button" Button).
If you want to generate screenshots, you can also use snapshot, which describes how to trigger screenshots in UI tests: https://github.com/fastlane/fastlane/tree/master/snapshot#how-does-it-work
It basically rotates the device to .Unknown (Source), which triggers a snapshot without actually modifying your app's state.
Comparing the output with the generated plist file enables you to even properly name the screenshot
Facebook's ios-snapshot-test-case and KIF both run as Unit Tests, and therefore are in the same process as the app. As such, they can directly access views and use something like renderView: or snapshotViewAfterScreenUpdates. Xcode UI Testing runs in a separate process, and therefore cannot directly access the views.
UI Automation, Apple's now-deprecated Javascript UI testing library, had a function calledcaptureScreenWithName.
Unfortunately, the new Xcode UI Testing lacks any similar function in its testing library, which to me seems like a glaring omission and I encourage you to submit a Radar for it, as taking screenshots is fundamental to perceptual difference tests (which it sounds like you're trying to do). I hope (and expect) that able will address this deficiency in later Xcode updates.
In the meantime, there are more creative approaches to taking screenshots. See this stack overflow response for a workaround involving taking the screenshot in the app itself and then sending it to the test process.
I' ve created a tool that saves the tests last n screenshots and generates the JUnit tests results report, parsing TestSummaries plist file from test logs. https://github.com/nacuteodor/ProcessTestSummaries
Maybe, that helps you.
Facebook's FBSnapshotTestCase can be alternative solution:
https://github.com/facebook/ios-snapshot-test-case
I need to debug the startup for an ios application on an actual device... and by start up I mean the very first instruction that is is executed when the OS hands control over to the app. Not "main". Also, this application doesn't have any symbols (ie. the debug information isn't available.. yet). I don't care if I have to debug at the CPU instruction level. I know how to do that (done it for over 30 years). I want the debugger to stop when control is about to transfer to the app. When I use the Attach|by Name command and run, it just says "Finished running".
Oh, and this application was not built in XCode. It is, however an application I built, signed and provisioned and moved to the device. The application does run since I can see the console output. Just in case you're thinking I'm some hacker trying to debug someone's application.
How's that for a tall order? I'll bet nobody can answer this... I've not been able to find any information on how I could do this with an XCode-built project. I wonder if it is simply not possible or "allowed" by the Apple overlords?
What do you say, Stack Overflow gods?
UPDATE: I should clarify something. This application is not built with any commercially available or open-source tool. I work with a tools vendor creating compilers, frameworks, and IDEs. IOW, you cannot get this tool... yet. In the process of bootstrapping a new tool chain, one regularly must resort to some very low-level raw debugging. Especially if there are bugs in the code generated by the tools.
I'm going to answer my own question because I think I've stumbled upon a solution. If anyone has anything more elegant and simple than this, please answer as well. On to the steps:
Starting with a raw monolithic iOS executable (not a bundled .app, but the actual binary mach-o file that is the machine code).
Create a new like-named empty Xcode project. Build and run it on the device.
Locate the output bundle's .app folder.
Copy the above raw iOS executable over the existing one in the .app bundle's folder.
The application will now have an invalid signature and cannot be deployed and run.
Run codesign against the app bundle (you can find out the command-line by running xcodebuild on the above Xcode project).
In the bundle's .app folder, run otool -h -l on the binary image. Locate the LC_UNIXTHREAD load command and find the value associated with the 'pc' register. This is address where the os loader will jump to your application. If this address is odd, then these are Thumb instructions otherwise it will be ARM (I think that's how it works).
Add a symbolic breakpoint (I used GDB instead of LLDB) and enter the address as '*0x00001234' as the symbol.
Select Product|Perform Action|Run Without Building.
Assuming that GDB is able to evaluate the breakpoint expression and set the break point, and you've selected Product|Debug Workflow|Show Disassembly When Debugging, the process should break at the very first instruction to be executed in the application.
You can now single step the instructions and use the GDB console to get/set register values.
Your question does not make sense - main is the entry point into the application. It is the first code that should be encountered, unless possibly you have initialize() overridden for some classes (but even then I think main would get hit before the runtime).
I think you are seeing some kind of odd error on launch and you think you want to set a breakpoint on entry to catch it, but far more likely what would help you is to describe the problem on launch and let one of the 4000 people who have seen and fixed the same crash help you...
However, if you really want to use GDB to break on an application with no symbols (but that you launch from XCode) you can have GDB break on an assembly address as per:
How to break on assembly instruction at a given address in gdb?
To find the address of main (or other methods) you can use tool or atos, some examples in this question:
Matching up offsets in iOS crash dump to disassembled binary
ADDITION:
If for some reason XCode cannot launch your application for debugging, you could also jailbreak and install GDB on the device itself which would give complete control over debugging. If XCode can launch you application I see no reason why being able to break at an arbitrary memory address does not give you the ability you seek...
One solution for applications with webviews is to run them in the iOS Simulator, and connect to that with the remote-debugger in macOS Safari. This is off-topic but maybe the one or other could benefit.
http://hiediutley.com/2011/11/22/debugging-ios-apps-using-safari-web-inspector/
Or use NetCat for iOS... not the most perfect solution, but at least you see what's going on.
I'd like to avoid having to do tweaking the keyboard bindings repeatedly for each machine I use Xcode on.
Sort of like copy the settings file to a particular location in the target computer's filesystem; doesn't need Dropbox.
Yes, at least for key bindings. I'm assuming you're using Xcode4. If that's the case, your Key Bindings are stored here...
~/Library/Developer/Xcode/UserData/KeyBindings
Just copy the 'sets' you want from one machine to the other and there you go.
Note that unlike Xcode3, Xcode4 now respects global bindings as well. Global bindings are stored here...
~/Library/KeyBindings/DefaultKeyBindings.dict
Global bindings are for instance, if like me, you prefer the way cursor movement is handled in Windows (e.g. Home/End work on the line, CTRL Left/Right jump a word at a time, etc.) you can remap the keys for the overall system, and Xcode4 respects that. In Xcode3, such changes had to be duplicated in its own key bindings file.
Also note that if the same key is defined in both the defaults and the Xcode4 file, the latter 'wins'.
Additionally, you can unmap a system-wide key when using Xcode. This will disable that key when using Xcode, but leave it enabled elsewhere.
(If you open the actual key bindings file in say TextEdit or a PList editor (that's all these files are) then you'll see it still defines the command, but leaves the key itself cleared out.
Something else that may be of interest is KeyBindingsEditor. It's a great editor for creating system-wide shortcuts. While it claims to support Xcode, it doesn't (or rather Xcode 3 and 4 it doesn't. I can't speak to earlier.)
However since again Xcode 4 can utilize system-wide shortcuts now, you can use this indirectly with Xcode. I personally am very happy about that as now, no matter where I am, including Xcode, my keyboard shortcuts are unified across the entire system.
HTH, Mark
Adding to Mark's answer, setup dropbox to point that file to ~/nameofyourchoice on all of your machines, and viola, everything should be synced. You'll need to test it out to see if other machines don't overwrite etc.
I've developed and application for iPhone. It works fine on os4 but it does not work on os3.1. In fact works but there are some problems; after splash screen a what screen appears. while I leaving the application I can see the application is opened successfully but just see while exiting.
So I wonder if there is a tool which says which apis have problems with os3.1? So I have a chance to replace them.
If you want to check a specific API, just run this in your code somewhere with an appropriate response. For example, to see if print is supported, run this...
if (NSClassFromString(#"UIPrintInfo")) {
}
Set your project's Base SDK to iphone-os-3-1, then build. All the error messages about classes, methods, and functions that don't exist must designate things added since iphone-os-3-1, since your project built and linked fine against the iphone-os-4-0 SDK.
If you don't have the iphone-os-3-1 SDK, try this instead:
Open your project's Build Settings.
Find the "Preprocessor Macros" setting.
Edit it and add __IPHONE_OS_VERSION_MAX_ALLOWED=30100
Now, try building. This should cause everything introduced after iOS 3.1 to be labeled unavailable, producing the same errors as if you had switched to the iphone-os-3-1 SDK.
It's a good idea to get a second installation of Xcode for this situation, in this case you need 3.2.1 with SDK 3.1.3 - I wish I could help you with a download link since it is no longer shown on Apple's page, but I have googled in the past and found direct, official download links which will work as long as you are signed in with your developer account, so good luck.
The annoying bit is that you need to go through your project files and set "Base SDK" to 3.1.3 and then back once you have completed the exercise. But it is the easiest way to flag what you can't do in 3.1.3. "sudo rm -rf" (I feel nervous even typing that) has an excellent method there but you need to have an inkling of what might be safe and what might not before you implement it or else you end up with code 10x the size it needs to be.
Apple really needs to sort out this issue - hopefully by flagging methods that are prior to your specified "Deployment Target", in the same way that deprecated methods are flagged.