Binary-level analysis and debugging in Android

 

 

If you have the source code, you can do it easily, but you do not have the source code to tune bugs or reverse the code. This article lists some binary-level analysis and debugging tools and methods in Android.

 

Logcat:

In most cases, no direct answer is found in logcat, but the direction for further analysis is often obtained. By default, logcat outputs all of them together, making it easier to read the Output Using loglevel and filter.

Refer:

Http://developer.android.com/tools/help/logcat.html
Http://developer.android.com/tools/debugging/debugging-log.html

 

Java layer Static Analysis

There are two ways: one is to decompress the apk package with unzip and use dex2jar (http://code.google.com/p/dex2jar/) and jd-gui (http://jd.benow.ca/) to reverse the form of similar Java source code, but after all, it is reverse-formed, so it cannot be viewed in detail. Some errors may not be reversed. In general, it is suitable to narrow down the scope of reading. The other is to use Android apktool (http://code.google.com/p/android-apktool ). In this way, the extracted resources and configuration files are more readable. For example, AndroidManifest. xml is readable, but it is not garbled from the previous method. Java code is also in the form of smali code. The smali code is more accurate than the reverse code, and is suitable for intensive reading.

The advantage of apktool is that it can be decompressed into an apk after decompression. Sometimes the application actually has a global variable (such as the Boolean variable "enable_debug") that controls the debugging output. You only need to decompress the package first, set it to true in smali code, and then package it back to view the output in logcat. After packaging the package, you need to sign http://blog.csdn.net/jinzhuojun/article/details/7654835. if no value is set, the installation will be incorrect.

Reference: Android apk package disassembly (http://blog.csdn.net/ariesjzj/article/details/7311340)

 

Java layer dynamic analysis:

Jdb allows you to set breakpoints, change the volume, and view class information.

Reference: JDB debugging (http://blog.csdn.net/jinzhuojun/article/details/7399249) in Android)

 

Native layer Static Analysis

Naturally, it is the Binutils suite, such as objdump and readelf. The For arm version is in the prebuilts directory of the Android source code. If it is too large, it can be stored separately.

 

Native layer Dynamic Analysis

Gdb. Reference: Android with gdb system-level Source Code debugging (http://blog.csdn.net/jinzhuojun/article/details/7375048)

JIT engines like Mono dynamically generate code, and these dynamically generated code cannot be seen through static analysis. However, we can use gdb to check whether disassemble or x/ni commands are used.

Sometimes the program is separated, and you can use the dual-debugger debugging method. Use jdb to stop (with the Wait for debugger option in Settings-> Developer Options), use gdb to set breakpoints, and then continue in jdb. See: Android dual debugger (gdb + jdb) debugging applications (http://blog.csdn.net/ariesjzj/article/details/7402832)

 

Other dynamic analysis tools

Android, as a Linux kernel system, is applicable to most of the dynamic analysis tools in Linux. For example, strace can monitor system calls (such as open and mmap) and signals. Tcpdump can intercept data transmitted over the network.

The/proc/pid/directory provides the OS-level runtime information of the process. For example, the maps file displays the virtual address space ing information of the process and the status includes memory usage information, execute line and exe can see the corresponding execution file of the process. Net, fd, and task directories can view network, file, and thread information respectively.

/Data/tombstones/: the "Tombstone" after the program exits due to an error, which records the "dead phase" of the program ".

Analysis and debugging tools provided by Android

Settings-> Developer Options: There is a debugging analysis tool in it. Functions such as displaying touch point coordinates and displaying application Layout are very practical.

Tools/monitor in the SDK, formerly called DDMS, can view information such as memory, thread, network, and other practical functions. Refer:

Http://developer.android.com/tools/debugging/ddms.html

Http://developer.android.com/tools/debugging/debugging-memory.html

The dumpsys command not only outputs a lot of system information (such as hardware parameters), but also displays the running status of the service by adding a service name (such as SurfaceFlinger.

The Dev Tools App contains some debugging and analysis functions. In fact, many of them are moved to Developer Options. Reference: http://developer.android.com/tools/debugging/debugging-devtools.html

Android Emulator: The advantage is that it can be changed from analog hardware to API implementation. The disadvantage is that the arm version is slow and OpenGLES support is poor, so many games cannot run. Because the x86 version can be virtualized faster, you can also enable gpu on host to improve gpu performance.

The hierarchyviewer In the SDK can be used to analyze the UI. Reference: http://developer.android.com/tools/help/hierarchy-viewer.html

 

Performance analysis tools

All are profiling tools:

Systrace, see http://developer.android.com/tools/help/systrace.html

Traceview, see http://developer.android.com/tools/debugging/debugging-tracing.html

Oprofile, reference: http://blog.csdn.net/dongjun7357/article/details/6400549

In addition, ANR is generated when the application is too late to respond, and the log is located in/data/anr/trace.txt.

 

OpenGL rendering Analysis

OpenGL ES tracer: intercepts all OpenGL calls. The disadvantage is that it is slow and intuitive. Each frame and each GL command has a corresponding result image, so it is easy to find out which GL command has a problem. Reference: http://developer.android.com/tools/help/gltracer.html

Settings-> Enable OpenGL traces in Developer Options, which can be output in logcat. The advantage is fast, but the disadvantage is that the output is not intuitive.

 

Android apps that support debugging

Busybox: the default adb shell function is weak, which allows developers to find a way to use Linux.

Terminal: the Android shell that can be used without the host directly on the guest device.