Android roaming record (4)---. so file dynamic debugging example

The dynamic debugging of the Android platform has always been a headache for me and so on, especially for the local dynamic debugging support, can be said to be "mentally retarded" level, do not know Google's new NDK and coder Android Studio to this piece of support, let us wait and see.

To start with, I'm using the Cygwin+ndk-gdb debug mode, inspired by a blog post from XDA (click the Open link), the platform is different from the original author:

1, Win7 64

2. NDK r9d x86_64

3. Android 4.2.2

4, Cygwin 64

5. IDA Pro 6.1

If you don't talk a lot, start with the following steps:

1, the environment to build this kind of you can self-Google, here is not much to say.

2, first we casually find a website, download the game APK package. The official release version of the Android APK package cancels the debug attribute, and we need to do some preparatory work before debugging.

3. Unpack the apk file with Apktool, then modify the Androidmanifest.xml, re-package, and then use the signapk signature.

4, for NDK-GDB debugging to prepare work, this above post has been written in detail, here no longer repeat. Note: The goal of our debugging is. \libs\armeabi\libgame.so, which is the main library file for the game.

The directory structure after preparation is roughly the following:

5, good, ready to work finished, start our commissioning tour!

First, install our repackaged apk to the phone, then go to the Cygwin shell and enter the local game after unpacking the directory. Here is a point to note: due to some compatibility issues, we can not directly use Google's original ndk-gdb debug script, need to make some changes:

I assign the Data_dir to the app directory directly:/data/data/com.umonistudio.tile. This step is important, otherwise you will encounter Run-as and other errors, resulting in the inability to continue debugging!

OK, finally ready to finish, switch to Cygwin shell, start debugging, if there is no problem, will go smoothly into the gdb prompt, my output is as follows:

$ ndk-gdb--verbose--start--nowaitandroid ndk installation path:/cygdrive/e/tools/android-ndk-r9d-windows-x86_64/ android-ndk-r9dusing default adb command:/cygdrive/e/tools/adt-bundle-windows-x86_64-20131030/adt-bundle-windows- X86_64-20131030/SDK/PLATFORM-TOOLS/ADBADB version found:android Debug Bridge version 1.0.31Using ADB flags:using JDB com Mand:/cygdrive/e/tools/java/jdk1.7.0_15/bin/jdbusing auto-detected Project path:. Found package Name:com.umonistudio.tileABIs targetted by Application:armeabidevice API level:17device CPU Abis:armeabi -v7a armeabicompatible device abi:armeabiusing gdb setup init:./libs/armeabi/gdb.setupusing toolchain Prefix:/cygdrive /e/tools/android-ndk-r9d-windows-x86_64/android-ndk-r9using app out directory:./obj/local/armeabifound debuggable Flag:truefound Data directory: '/data/data/com.umonistudio.tile ' Found device gdbserver:/data/data/ Com.umonistudio.tile/lib/gdbserverfound first launchable activity:. tilelaunching Activity:com.umonistudio.tile/.tile## command:adb_cmd Shell am start-n com.umonistudio.tile/.tilestarting:intent {cmp= Com.umonistudio.tile/.tile}## command:adb_cmd Shell sleep 2Found running pid:8706launched gdbserver succesfully. Setup network redirection## command:adb_cmd Shell Run-as com.umonistudio.tile/data/data/com.umonistudio. tile/lib/       Gdbserver +debug-socket--attach 8706## command:adb_cmd forward tcp:5039 Localfilesystem:/data/data/com.umonistudio. tile/debug-socketattached; PID = 8706Listening on Unix socket debug-socket## command:adb_cmd pull/system/bin/app_process Obj/local/armeabi/app_pro cess2384 kb/s (21980 bytes in 0.009s) pulled app_process from device/emulator.## command:adb_cmd pull/system/bin/linker o bj/local/armeabi/linker3246 kb/s (63176 bytes in 0.019s) pulled linker from device/emulator.## Command:adb_cmd Pull/syste m/lib/libc.so obj/local/armeabi/libc.so4186 kb/s (424460 bytes in 0.099s) pulled libc.so from Device/emulator. GNU gdb (GDB) 7.3.1-gg2copyRight (C) free software Foundation, inc.license gplv3+: GNU GPL version 3 or later 
Here are a few instructions I entered for the debug command: Ndk-gdb--verbose--start--nowait, add a nowait parameter: If no nowait will be libgame.so this target so before loading, GDB will break down, so that we can not debug the target library.
OK, let's type in the GDB command number:
(GDB) Info sharedfrom to syms Read Shared Object library0x400b2280 0x400bb418 Yes (*) e:/works/apk                                                                                                                    Tools/biecaibaikuaie                                                                                                                     r_an_debug_sign/obj/local/armeabi/linker0x400df830 0x4012e294 Yes (*) E:/works/apktools/biecaibaikuaie R_an_d Ebug_sign/obj/local/armeabi/libc.so No libstdc++.so no lib M.so no liblog.so no libcutils.so N                         o libgccdemangle.so no libcorkscrew.so no libz.so          No libutils.so no libbinder.so No    Libemoji.so                    No libjpeg.so no libexpat.so No                        Libm4u.so No libstlport.so no libnetutils.so No libbwc.so no libhardware.so no Li                        Bsync.so No libui.so no libgles_trace.so                        No libegl.so no libglesv2.so no libion.so                        No libdpframework_os.so no libdpframework_plat.so          No libdpframework.so no libgui.so No                        Libcamera_client.so No libcam.utils.so no libaed.so   No       Libcameracustom.so No libcam_camera_exif.so no libn                        Ativehelper.so No libmatv_cust.so no libcamdrv.so          No libimageio.so no libcam.campipe.so No Libgdmascalerpipe.so No libswjpgcodec.so no libvcod                        Ec_oal.so No libsched.so no libvcodec_utility.so           No libmp4enc_xa.ca7.so no libvcodecdrv.so No Libjpgdecpipe.so No libmhalimagecodec.so no Liba                        Lmkdrv.so No libskia.so no libtinyxml.so No LibandRoidfw.so No libgabi++.so no libicuuc.so No libicui18n.so no libsqlite.so no LIBDVM.                        So no libglesv1_cm.so no libetc1.so          No libwpa_client.so no libhardware_legacy.so No                        Libsonivox.so No libcrypto.so no libssl.so                        No libstagefright_foundation.so no libspeexresampler.so          No libaudioutils.so no libmedia_native.so No                        Libmedia.so No libusbhost.so no libharfbuzz.so        No  Libhwui.so No libmtkbtextadpa2dp.so no libextjsr82.so                        No libandroid_runtime.so no libjavacore.so          No libdrmframework.so no libdrmmtkwhitelist.so No Libdrmmtkutil.so No libdrmframework_jni.so no Libst Agefright_memutil.so No libstagefright_omx.so no LIBSTAGEF Right_yuv.so No libvorbisidec.so no libstagefright_enc_com Mon.so No libstagefright_avc_common.so no Libstagefright.s          o No libmtp.so no libexif.so No Libstagefright_amrNb_common.so No libmtk_drvb.so no libamr_wrap.so          No libmedia_jni.so no libbcinfo.so No                        Libbcc.so No librs.so no librs_jni.so No libandroid.so no libchromium_net.so no L                                                                                                                    ibwebcore.so0x5dd4a500 0x5dfb591c Yes (*) E:/works/apktools/biecaibaikuaie                        R_an_debug_sign/obj/local/armeabi/libgame.so          No libsoundpool.so no libsrv_um.so No                        Libimgegl.so No libegl_mtk.so no libusc.so     No     Libglesv1_cm_mtk.so No libglesv2_mtk.so no Libpvrandr Oid_wsegl.so no libpvr2d.so no gralloc.mt6589.so (*): Share D Library is missing debugging information.

Can see our target library has been successfully loaded, address 0x5dd5a500---0x5dfb591c, finally can start to play happily
Here we open Ida and look at the disassembly of libgame.so and find the function of Gameover::initscore (Int,bool):

Let's start by explaining what this function does: show the current score at the end of the game! Let's look at its function name export as: _zn8gameover9initscoreeib. Well, we're typing in GDB:
(GDB) BR _zn8gameover9initscoreeibbreakpoint 1 at 0x5dd4c612 (GDB) info bnum Type Disp Enb Address What1 Breakpoint Keep y 0x5dd4c612 <gameover::initscore (int, bool) +26> (GDB) Disas 0x5dd4c612,+20dump of ASSEMBL Er code from 0x5dd4c612 to 0x5dd4c626:0x5dd4c612 <_zn8gameover9initscoreeib+26>: CMP R1, #0 0x5dd4c614 &L T;_zn8gameover9initscoreeib+28&gt: BEQ.N 0x5dd4c61a <_ZN8GameOver9initScoreEib+34> 0x5dd4c616 <_zn8gameov ER9INITSCOREEIB+30&GT: Ldr R3, [PC, #284]; (0x5dd4c734 <_ZN8GameOver9initScoreEib+316>) 0x5dd4c618 <_zn8gameover9initscoreeib+32>: str R3, [SP, # 4] 0x5dd4c61a <_zn8gameover9initscoreeib+34>: Adds R4, R5, #0 0x5dd4c61c &LT;_ZN8GAMEOVER9INITSCOREEIB+36&G t;: adds R4, #252; 0XFC 0x5dd4c61e <_zn8gameover9initscoreeib+38>: BL 0x5dde73d4 <_zn7cocos2d13ccuserdefault17shareduserdef  Aultev> 0x5dd4c622 <_zn8gameover9initscoreeib+42>: LDR R2, [R4, #32] 0x5dd4c624 <_zn8gameover9initscoreeib+44>: Ldr R3, [PC, #272]; (0x5dd4c738 <_ZN8GameOver9initScoreEib+320>) End of assembler dump. (GDB)

Against Ida disassembly, you can see that it is broken in the inside of the function, of course, we can adjust the breakpoint to the function entrance, here is mainly to demonstrate, do not make adjustments.

OK, the breakpoint is OK, we start the game, choose "Arcade" mode to start the game, then a few clicks, then a little bit of white to let the game end.
Look at the output window of GDB:
(GDB) ccontinuing. [New Thread 8720] [Switching to Thread 8720] Breakpoint 1, 0x5dd4c612 in Gameover::initscore (int., BOOL) () from E:/works/apktools/biecaibaikuaier_an_debug_sign/obj /local/armeabi/libgame.so (GDB) info registersr0             0X65CF59F8       1708087800R1             0x0     &NBSP;0R2           &NBS P 0x6e0aeb37       1846209335R3             0X4013D1F4       107 5040756R4             0X65CF5AF4       1708088052R5       &NBS P     0X65CF59F8       1708087800R6             0x7     &NB SP;7R7             0x5dde3b2d       1574845229R8             0X5E1C2C70       1578904688R9       &NBSp     0X5E0C2F3C       1577856828R10            0x5cdd5a88   &NB Sp   1558010504R11            0x5e1c2c84       1578904708R12           &NBSP;0X5E088AFC       1577618172SP             0X5E1C2A F8       0X5E1C2AF8LR             0x5dd4ca0f       1574226447p C             0x5dd4c612       0x5dd4c612 <gameover::initscore (int, bool) + 26&GT;CPSR           0x30     (GDB) set $r 6=99999

YES, the success of the broken! Enter info registers to view the current register status, and note the R6 register with a value of 0x7 (I just ordered 7 black blocks). Let's start with something fun, gdb input: Set $r 6=99999, then let the game continue and see what's there!!!

To summarize:
Here is the main demonstration of the next Android platform, for the non-source third-party dynamic library assembly-level debugging process (not for any game, not for any commercial purposes), the current Google's official debugging tools for the native debugging support is not good, hope that Google can be on this piece of power. The above-mentioned content is used for technical exchange purposes only, not for any commercial purpose.
Reprint please indicate source: Life Show Enjoy it!