/* ARM64 Assembly Code - Debugging Reference */ .text .align 4 .global debug_breakpoint_handler debug_breakpoint_handler: // Save context stp x29, x30, [sp, #-16]! mov x29, sp // Save all general purpose registers stp x0, x1, [sp, #-16]! stp x2, x3, [sp, #-16]! stp x4, x5, [sp, #-16]! stp x6, x7, [sp, #-16]! stp x8, x9, [sp, #-16]! stp x10, x11, [sp, #-16]! stp x12, x13, [sp, #-16]! stp x14, x15, [sp, #-16]! stp x16, x17, [sp, #-16]! stp x18, x19, [sp, #-16]! stp x20, x21, [sp, #-16]! stp x22, x23, [sp, #-16]! stp x24, x25, [sp, #-16]! stp x26, x27, [sp, #-16]! stp x28, x29, [sp, #-16]! // Get exception syndrome mrs x0, esr_el1 ubfx x1, x0, #26, #6 // Extract exception class EC cmp x1, #0x3c // Check if BRK instruction b.ne not_breakpoint // Extract the immediate from BRK instruction ubfx x0, x0, #5, #16 // Extract immediate // Look up breakpoint handler adrp x1, breakpoint_table add x1, x1, :lo12:breakpoint_table // Call appropriate handler bl call_breakpoint_handler // Increment ELR to skip the breakpoint instruction mrs x0, elr_el1 add x0, x0, #4 msr elr_el1, x0 not_breakpoint: // Restore registers ldp x28, x29, [sp], #16 ldp x26, x27, [sp], #16 ldp x24, x25, [sp], #16 ldp x22, x23, [sp], #16 ldp x20, x21, [sp], #16 ldp x18, x19, [sp], #16 ldp x16, x17, [sp], #16 ldp x14, x15, [sp], #16 ldp x12, x13, [sp], #16 ldp x10, x11, [sp], #16 ldp x8, x9, [sp], #16 ldp x6, x7, [sp], #16 ldp x4, x5, [sp], #16 ldp x2, x3, [sp], #16 ldp x0, x1, [sp], #16 // Return ldp x29, x30, [sp], #16 eret // Memory Dump Function .global memory_dump memory_dump: stp x29, x30, [sp, #-16]! mov x29, sp // Save registers stp x19, x20, [sp, #-16]! stp x21, x22, [sp, #-16]! // x0 = address, x1 = size mov x19, x0 mov x20, x1 // Set up loop mov x21, #0 dump_loop: cmp x21, x20 b.ge dump_done // Print address mov x0, x19 add x0, x0, x21 bl print_address // Print byte at address ldrb w0, [x19, x21] bl print_byte // Next byte add x21, x21, #1 b dump_loop dump_done: // Restore registers ldp x21, x22, [sp], #16 ldp x19, x20, [sp], #16 ldp x29, x30, [sp], #16 ret // Backtrace Function .global backtrace backtrace: stp x29, x30, [sp, #-16]! mov x29, sp // Save registers stp x19, x20, [sp, #-16]! // x0 = max frames mov x19, x0 // Start with current frame mov x20, x29 backtrace_loop: cmp x19, #0 b.le backtrace_done // Print frame address mov x0, x20 bl print_address // Print return address ldr x0, [x20, #8] bl print_address // Get previous frame ldr x20, [x20] // Check for null or invalid frame cbz x20, backtrace_done // Decrement counter sub x19, x19, #1 b backtrace_loop backtrace_done: // Restore registers ldp x19, x20, [sp], #16 ldp x29, x30, [sp], #16 ret .global ios_memory_protection ios_memory_protection: // Query memory region mov x0, x0 // Address to query adrp x1, mem_info add x1, x1, :lo12:mem_info // Call system function to query memory info mov x16, #0 // Memory info syscall number svc #0x80 // iOS syscall // Check protection flags ldr w0, [x1, #16] // Protection flags offset tst w0, #1 // Test read permission cset w2, ne tst w0, #2 // Test write permission cset w3, ne tst w0, #4 // Test execute permission cset w4, ne ret .global android_memory_protection android_memory_protection: // Save link register str x30, [sp, #-16]! // Open /proc/self/maps adrp x0, proc_maps_path add x0, x0, :lo12:proc_maps_path mov x1, #0 // O_RDONLY mov x8, #56 // openat syscall mov x2, #0 mov x3, #0 svc #0 // Check for error cmn x0, #4095 b.hi open_error // Parse the maps file mov x19, x0 // Save file descriptor adrp x1, maps_buffer add x1, x1, :lo12:maps_buffer mov x2, #4096 // Buffer size mov x8, #63 // read syscall svc #0 // Close the file mov x0, x19 mov x8, #57 // close syscall svc #0 // Find our target address in the maps // ... (parsing logic) ldr x30, [sp], #16 ret open_error: // Handle error mov x0, #-1 ldr x30, [sp], #16 ret

DisARMing Code

System-level programming, debugging and reverse engineering on Aarch64 platforms

(temporarily unavailable, working on getting more stock and chasing the printing press guy who's been ghosting me. My apologies. I do get your emails, I WILL reply soon, and gladly take your orders)

By Jonathan Levin

$128 ($0x80 in hex!) - 500+ full color pages

Buy on Amazon

(please use link so I get some of the 23% commissions back!)

Order Direct
DisARMing Code Book Cover

About This Book

Debugging iOS & Android provides comprehensive coverage of system-level programming, debugging, and reverse engineering across both major mobile platforms. With a strong emphasis on ARM64, this book bridges the gap between theoretical OS knowledge and practical applied techniques.

This massive 500+ page full-color guide arose from Jonathan Levin's extensive experience teaching system internals and noticing knowledge gaps even among experienced developers. Think of it as "* Internals, Volume 0" - a perfect foundation before diving deeper into iOS or Android internals.

The book uniquely covers both Linux (+ Android) and Darwin systems, starting each chapter with common POSIX foundations before exploring platform-specific extensions. It's designed for both self-study and academic use, with review questions throughout.

Debugger
Disassembly
Memory
Registers
Debugging iOS & Android - Session Active
1
break 0x0000000100004f38
2
process attach --name "MobileApp"
3
// Process attached, stopped at breakpoint
4
bt
5
* thread #1, queue = 'com.example.app.main', stop reason = breakpoint 1.1
6
* frame #0: 0x0000000100004f38 MobileApp`AppDelegate.application(_:didFinishLaunchingWithOptions:)
7
frame #1: 0x00000001812a5c20 UIKit`UIApplicationMain
8
register read
9
x0 = 0x000000016fdff938
10
x1 = 0x000000016fdff930
11
disassemble
12
MobileApp`AppDelegate.application:
13
0x100004f20: stp x29, x30, [sp, #-16]!
14
0x100004f24: mov x29, sp
15
0x100004f28: sub sp, sp, #0x40
16
0x100004f2c: stp x20, x19, [sp, #0x20]
17
0x100004f30: str x0, [sp, #0x18]
18
--> 0x100004f38: bl 0x100005e40 ; InitializeApplication
Process: MobileApp (PID: 1234) | Memory: 128MB | Threads: 6 | Breakpoints: 1
⚙️

ARM64 Architecture

Understand the ARM64 instruction set that powers modern mobile devices, including registers, memory addressing, and system calls essential for effective debugging.

🔍

Runtime Hooking / Tracing

Learn techniques for monitoring application behavior at runtime, setting breakpoints, tracing execution, and understanding memory management issues.

📱

Cross-Platform Debugging

Master platform-specific debugging tools and workflows while understanding the commonalities and differences between iOS and Android debugging.

Full Table of Contents

Below is a quick glance of table of contents showing the extensive coverage of this 500+ page book.

1. An ARM Assembly Primer

2. Compilation & Linking

3. Binary Formats

4. The Process Lifecycle

5. Memory - I - The System View

6. Memory - II - The Process View

7. MultiThreading

8. I/O & IPC

9. Profiling

10. Hooking & Injecting

11. Runtimes

12. Post Mortem

13. Beyond User Mode

14. Reverse Engineering

A. disarm(j) - The Missing Manual Page

B. jtrace(j) - The Missing Manual Page

For the complete Table of Contents, please visit the official TOC page.

Why This Book?

In the author's own words: "I noticed there is a woeful lack of books on low level programming and debugging. And those that do exist, focus on Intel, not ARM64. Intel is, IMHO, in its dying throes. Aarch64 is immeasurably superior in every way to x86_64. I love, love, LOVE the assembly, and I want to spread the good word to the masses."

This book fills critical knowledge gaps that Jonathan Levin observed even among experienced developers and engineers during his training sessions. It serves as a practical companion to theoretical OS texts by providing hands-on techniques and workflows for real-world debugging scenarios.

The book also introduces and documents Levin's powerful suite of debugging tools:

  • jtrace - A sophisticated tracing tool that "leaves strace far behind"
  • disarm - A disassembler that rivals IDA/Ghidra for certain workflows
  • procexp - Advanced process exploration utilities
  • memento - Heap analysis tool for GlibC, Scudo, and Darwin heaps
$ cat book_details.txt
1
Price: $128 ($0x80 in hex!)
2
Pages: 500+ full color on high-quality paper
3
Note: $8 of each purchase donated to WWF or charity of choice
4
Order: Direct or Amazon (please use site link!)
5
International: ~$175 including shipping
6
Special: Author will sign books upon request

Who Should Read This Book

This comprehensive guide is the perfect companion for:

System-Level Programmers - Looking to master the ARM64 architecture and low-level programming techniques across mobile platforms.

Security Researchers & Reverse Engineers - Who need to understand binary formats, memory management, and runtime environments for vulnerability hunting.

OS Enthusiasts - Wanting to bridge the gap between theoretical OS knowledge and practical debugging skills on real-world mobile platforms.

Computer Science Students & Educators - The book includes review questions and can serve as excellent course material for advanced OS or mobile systems classes.

Tool Developers - Learn from Jonathan's decade of experience building advanced debugging and reverse engineering tools for mobile platforms.

Buy on Amazon Order Direct (Signed Copy Available)
FAQs Complete TOC Amazon Direct Order