Reprinted to describe the source.
1. Exception debugging information
The following information is the information generated when an exception occurs in an Android Application Based on the MIPs processor:
Signal 8 (sigfpe), fault ADDR 5110d61c
ZR
00000000 at 30000400 V0 00000000
V1 1, 00000000
A0 00000000 A1
00000000
A2 32973668 A3 00000000
T0
00000000 T1 3037e7a8 T2
00000000 T3 fffffff4
T4
5154bd58 T5 4ca5cd9a T6
00000028 T7 00000008
S0
00000001 S1 31879008 S2 5156a6d0 S3 00000000
S4
00000001 S5 51460328 S6 51250000
S7 5145ff90
T8
00000000 T9 5110d604 K0 00000024
K1 00000000
GP
51463110 SP 3037e7b0 S8 5145ff4a Ra 5110f708
Hi
00000000 lo 00000000 BVA running f975c
EPC 5110d61c
#00 PC 5110d61c
/Data/COM. Mainframe/lib/test. So
#01 Ra 5110f708/data/COM. Mainframe/lib/test. So
Code
Around PC:
5110d60c
00431023 00441021 00021080 0045001b
5110d61c
00a001f4 03e00008 000010123c1c0035
5110d62c
279c5ae8 0399e021 8f828070 03e00008
Code
Around LR:
5110f6f8 ac620000 8e240028 0320f809 8e250018
5110f7088fbc0010 ae4200008f82b874 24030001
5110f718
Ac430000 8f92bddc
3c026666 8e45002c
2. Exception debugging information parsing:
Where:
"#00 PC511150d0/Data/COM. Test/lib/Test. So"Indicates that the Code pointed to by the PC value in the current program pointer register is in the"/data/COM. Mainframe/lib/test. So "dynamic library,
"#01 Ra 5110f708/data/COM. mainframe/lib/test. "So" indicates that the returned address pointer (also the value in the Link register LR) is in "/data/COM. mainframe/lib/test. so "dynamic library,
It is generally considered that:
The exception is caused by "#01 Ra 5110f708/data/COM. mainframe/lib/test. so "the address specified in the line is the exception code generated. The exception address is 5110f708.
3. disassembly Method
MIPs-Linux-GNU-objdump-DZ data/COM. Mainframe/lib/test. So> test. Dump
Test. Dump is the disassembly code.
4. How to locate code through stack history information
For example:
"
Code around PC:
5110d60c 00431023 00441021 00021080 0045001b
5110d61c00a001f4 03e00008 000010123c1c0035
5110d62c 279c5ae8 0399e021 8f828070 03e00008
"
Address: 5110d60c, 5110d61c, and 5110d62c are virtual addresses, which have no analytical significance. When the same code generates an exception, these three addresses may be different.
Among the three addresses, the four addresses following each address are the real addresses of executable code. Therefore, you need to search for these 4x3 = 12 addresses.
The previous PC history information shows a series of code calls, which represent 12 lines of disassembly code, and these codes are continuously called in a function.
By searching for matching, the located function is:
0010d604 <function1>:
10d604: 00041880 sllv1, A0, 0x2
10d608: 000411c0 sllv0, A0, 0x7
10d60c:00431023Subuv0, V0, V1
10d610:00441021Adduv0, V0, A0
10d614:00021080Sllv0, V0, 0x2
10d618:0045001bDivuzero, V0, A1
10d61c:00a001f4Teqa1, zero, 0x7
10d620:03e00008Jrra
10d624:00001012Mflov0
0010d628 <function2>:
10d628:3c1c0035Luigp, 0x35
10d62c:279c5ae8Addiugp, GP, 23272.
10d630:0399e021Addugp, GP, T9
10d634:8f828070Lwv0,-32656 (GP)
10d638:03e00008Jrra
10d63c: ac443478 swa0, 13432 (v0)
The blacklisted address corresponds to the 12 connection call addresses in the PC history.
Taking a closer look, I found that the functions after positioning are function1 and function2. In my personal opinion, this is called in the program:
Function1 ();
Function2 ();
Therefore, when code segments are loaded, they are connected to the loaded assembly line. This idea can be seen from the virtual memory address on the left of the assembly code. They are continuous.
5. How to locate abnormal code through stack history information
We can use the above information to locate the code that generates an exception from the disassembly file. Because the address that generates the exception is generally the value of the link register, we will focus on the analysis:
"
Code around LR:
5110f6f8 ac620000 8e240028 0320f809 8e250018
5110f708 8fbc0010 ae420000 8f82b874 24030001
5110f718 ac430000 8f92bddc 3c026666 8e45002c
"
You need to find 12 consecutive call addresses in a large disassembly file:
Ac620000 8e240028 0320f809 8e250018
8fbc0010 ae420000 8f82b874 24030001
Ac430000 8f92bddc 3c026666 8e45002c
It is not easy. You can write a small program based on the content format of the disassembly file to help your computer find it..
After careful search, the final code is located:
0010f690 <playwave>:
10f690: 3c1c0035 luigp, 0x35
10f694: 279c3a80 addiugp, GP, 14976
10f698: 0399e021 addugp, GP, T9
10f69c: 27bdffd0 addiusp, SP,-48
10f6a0: afbf002c swra, 44 (SP)
10f6a4: afb40028 sws4, 40 (SP)
10f6a8: afb30024 sws3, 36 (SP)
10f6ac: afb20020 sws2, 32 (SP)
10f6b0: afb1001c sws1, 28 (SP)
10f6b4: afb00018 sws0, 24 (SP)
10f6b8: afbc0010 swgp, 16 (SP)
10f6bc: 00c08021 moves0, A2
10f6c0: 00808821 moves1, A0
10f6c4: 18c00031 bleza2, 10f78c <playwave + 0xfc>
10f6c8: 00a0a021 moves4, A1
10f6cc: 18e0002f bleza3, 10f78c <playwave + 0xfc>
10f6d0: 8f92a91c lws2,-22244 (GP)
10f6d4: 24020bb8 liv0, 3000
10f6d8: 10c20010 beqa2, V0, 10f71c <playwave + 0x8c>
10f6dc: 8e530000 lws3, 0 (S2)
10f6e0: 8f99ba08 lwt9,-17912 (GP)
10f6e4: 0320f809 jalrt9
10f6e8: 00000000 NOP
10f6ec: 8fbc0010 lwgp, 16 (SP)
10f6f0: 8f83cc08 lwv1,-13304 (GP)
10f6f4: 8f99a188 lwt9,-24184 (GP)
10f6f8:Ac620000Swv0, 0 (V1)
10f6fc:8e240028Lwa0, 40 (S1)
10f700:0320f809Jalrt9
10f704:8e250018Lwa1, 24 (S1)
10f708:8fbc0010Lwgp, 16 (SP)
10f70c:Ae420000Swv0, 0 (S2)
10f710:8f82b874Lwv0,-18316 (GP)
10f714:24030001Liv1, 1
10f718:Ac430000Swv1, 0 (v0)
10f71c:8f92bddcLws2,-16932 (GP)
10f720:3c026666Luiv0, 0x6666
10f724:8e45002cLwa1, 44 (S2)
10f728: 34426667 oriv0, V0, 0x6667
10f72c: 00a20018 multa1, V0
10f730: 000537c3 sraa2, A1, 0x1f
10f734: 00001810 mfhiv1
10f738: 24a5ffff addiua1, A1,-1
10f73c: 00032083 sraa0, V1, 0x2
10f740: 00862023 subua0, A0, A2
10f744: 0001_c0 sllv0, A0, 0x3
10f748: 00042040 slla0, A0, 0x1
10f74c: 00822021 addua0, A0, V0
10f750: 10850035 beqa0, A1, 10f828 <playwave + 0x198>
10f754: 24020bb8 liv0, 3000
10f758: 8e430088 lwv1, 136 (S2)
10f75c: 24020001 liv0, 1
10f760: 10620004 beqv1, V0, 10f774 <playwave + 0xe4>
10f764: 24020bb8 liv0, 3000
10f768: 14600023 bnezv1, 10f7f8 <playwave + 0x168>
10f76c: 24020002 liv0, 2
10f770: 24020bb8 liv0, 3000
10f774: 12020032 beqs0, V0, 10f840 <playwave + 0x1b0>
10f778: 8f999334 lwt9,-27852 (GP)
10f77c: 02202021 movea0, S1
10f780: 0320f809 jalrt9
10f784: 00002821 movea1, zero
10f788: 8fbc0010 lwgp, 16 (SP)
10f78c: 24020001 liv0, 1
10f790: 12820008 beqs4, V0, 10f7b4 <playwave + 0x124>
10f794: 8fbf002c lwra, 44 (SP)
10f798: 8fb40028 lws4, 40 (SP)
10f79c: 8fb30024 lws3, 36 (SP)
10f7a0: 8fb20020 lws2, 32 (SP)
10f7a4: 8fb1001c lws1, 28 (SP)
10f7a8: 8fb00018 lws0, 24 (SP)
10f7ac: 03e00008 jrra
10f7b0: 27bd0030 addiusp, SP, 48
10f7b4: 8f84805c lwa0,-32676 (GP)
10f7b8: 3c028000 luiv0, 0x8000
10f7bc: 8483c39c lhv1,-1, 15460 (A0)
10f7c0: 34420001 oriv0, V0, 0x1
10f7c4: 24630001 addiuv1, V1, 1
10f7c8: 00621824 andv1, V1, V0
10f7cc: 04600011 bltzv1, 10f814 <playwave + 0x184>
10f7d0: 2402 fffe liv0,-2
10f7d4: a483c39c shv1,-15460 (A0)
10f7d8: 8fbf002c lwra, 44 (SP)
10f7dc: 8fb40028 lws4, 40 (SP)
10f7e0: 8fb30024 lws3, 36 (SP)
10f7e4: 8fb20020 lws2, 32 (SP)
10f7e8: 8fb1001c lws1, 28 (SP)
10f7ec: 8fb00018 lws0, 24 (SP)
10f7f0: 03e00008 jrra
10f7f4: 27bd0030 addiusp, SP, 48
10f7f8: 1462ffe5 bnev1, V0, 10f790 <playwave + 0x100>
10f7fc: 24020001 liv0, 1
10f800: 24020bb8 liv0, 3000
10f804: 1202ffe2 beqs0, V0, 10f790 <playwave + 0x100>
10f808: 24020001 liv0, 1
10f80c: 1000 ffdb b10f77c <playwave + 0xec>
10f810: 8f999334 lwt9,-27852 (GP)
10f814: 2463 FFFF addiuv1, V1,-1
10f818: 00621825 orv1, V1, V0
10f81c: 24630001 addiuv1, V1, 1
10f820: 1000 ffed b10f7d8 <playwave + 0x148>
10f824: a483c39c shv1,-15460 (A0)
10f828: 1202 ffcb beqs0, V0, 10f758 <playwave + 0xc8>
10f82c: 8f999f34 lwt9,-24780 (GP)
10f830: 0320f809 jalrt9
10f834: 02602021 movea0, S3
10f838: 1000ffc7 b10f758 <playwave + 0xc8>
10f83c: 8fbc0010 lwgp, 16 (SP)
10f840: 02202021 movea0, S1
10f844: 0320f809 jalrt9
10f848: 24050001 lia1, 1
10f84c: 1000 ffcf b10f78c <playwave + 0xfc>
10f850: 8fbc0010 lwgp, 16 (SP)
The red part above (that is, the address is8fbc0010) Is the code that generates exceptions.
Android exception information parsing, Android exception debugging, and Linux exception calls