lldb: break at start of actual code, not entrypoint

Question

I want lldb to break at the start of the actual code of an OS X application (which might be called main if symbols are existing).

I am currently looking this up by hand, but as I want to script some actions, it would be great if this could somehow be realized automatically

Do you have any idea if there is a way?

Answer 1

Try this:

(lldb) break set -n main
(lldb) r
(lldb) thread backtrace

frame #0: 0x0000000000405696 app`main(argc=1, argv=...) + 22 at app.cpp:11
frame #1: 0x00007ffff7216ec5 libc.so.6`__libc_start_main + 245
frame #2: 0x0000000000401f79 app

The frame below (before) main is the one you want, and it's showing the library and function name. You can set a breakpoint on it just like any other:

(lldb) break set -n __libc_start_main
Breakpoint 1: where = libc.so.6`__libc_start_main, address = 0x00007ffff7216dd0

or, to be more specific:

(lldb) break set -s libc.so.6 -n __libc_start_main
Breakpoint 2: where = libc.so.6`__libc_start_main, address = 0x00007ffff7216dd0

If you know the address, you could use it directly:

(lldb) break set -a 0x000000...

Then restart the process, and you should hit it immediately:

(lldb) r
There is a running process, kill it and restart?: [Y/n] y
...
* thread #1: ...__libc_start_main, name = 'app', stop reason = breakpoint
frame #0: 0x00007ffff7216dd0 libc.so.6`__libc_start_main
-> ...: pushq  %r14
(lldb)

Answer 2

Try adding a breakpoint on a bad address. In GDB, the way I do this is: b *0xf00, or something similar. Here's what it looks like for me in GDB, and maybe you'll find a way to duplicate the same behavior:

$ gdb ./a.out
(gdb) b *0xf00
(gdb) r
Starting program: ./a.out 
Warning:
Cannot insert breakpoint 1.
Cannot access memory at address 0xf00

(gdb) x/2i $rip
=> 0x7ffff7ddb2d0 <_start>:   mov    rdi,rsp
   0x7ffff7ddb2d3 <_start+3>: call   0x7ffff7ddea70