ahhh, I see. To others reading this, I found the underlying text based .crash file by doing this:
(1) from the XCode Organizer, Ctrl-click on the crash report and select "Show in Finder"
(2) This takes you to a package file with a .xccrashpoint file extension
(3) Ctrl-click on the file and select "Show package contents"
(4) drill down through the folders and you will see a file with a .crash file extension, which you can view in TextEdit or any text editor
It indeed shows the ARM Thread State, as well as the Binary Images.
In my little test app based on your crashing test code, I was able to successfully reproduce printing out the string pointed to by the x1 register. In my case the x1 register in the thread state showed this
x1: 0x0000000100012d25
and the Binary Image of the executable shows this:
Binary Images:
0x10000c000 - 0x100013fff .../testCrashReport
So the offset is presumably 0x10000c000 - 0x100000000 = 0xc000. But when I print out the contents, it's still 8 bytes off for some strange reason. In other words, this happens:
(lldb) p (char *)(0x0000000100012d25 - 0xc000)
(char *) $0 = 0x0000000100006d25 "affles:"
but when make the offset 8 bytes bigger, I get the correct result:
(lldb) p (char *)(0x0000000100012d25 - 0xc008)
(char *) $0 = 0x0000000100006d1d "varnishWaffles:"
Success on the test app, although I must be misunderstanding how you calculate the offset.
As an aside, I also tried printing out the SEL receiver object, which is supposedly stored in register x0 at the time of the crash. The x0 register shows an address of 0x00000001700183c0, and so I did this:
(lldb) p (char *)(0x00000001700183c0 - 0xc000)
(char *) $0 = 0x000000017000c3c0 <no value available>
As you can see, I get <no value available>. Not sure why...I suppose it's not of type (char *). I really want the class name of the receiver.
=========================
Moving on, I tried to print the selector name at the x1 register with my shipping app using the Archived .app file and the user crash file. According to the thread state of the user crash file, the x1 register at the time of the crash contains this address:
0x000000018c6f8629
Scanning the Binary Images, this address is not found in my application, but rather in UIKit:
0x18bbba000 - 0x18c947fff UIKit arm64 <439dc80bfac033ed983e5bb8c416c452> /System/Library/Frameworks/UIKit.framework/UIKit
Well now what? This is in UIKit. Is this a dead end for me, or is there still hope to get the selector? How would I calculate the offset? And where would I find the binary image of UIKit? I think I found the iOS UIKit.framework on my Mac at:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks
but that doesn't seem to contain what I need...