Debugging Android Apps with JDB

by Huang Tao of tinylab.org
2015/04/13

Objective

Since there are a variety of IDE tools, program Ape debugging work easier, as long as the IDE click on the two buttons, the various programs run the information are all displayed on the screen, a wonderful thing, we have to thank the development of these IDE tools predecessors, is they make our work so "easy", But for me personally, I don't really like these IDE tools:

• The first is that this kind of IDE tool is changing too fast, we have to spend a lot of time to learn this kind of tool, but when you finally get familiar with a tool, others have a more cow B tool, Google switch from ADT to Android Studio.

• The second is that when you have a problem with such a tool, or if you want to add a feature, it often makes people feel overwhelmed and less flexible.

So instead of using IDE tools, I prefer to use command-line tools, although primitive a little, but from the inside we can learn a lot of things, use more flexible, today we are going to talk about the JDB is a kind of command-line tool, most programmers now debugging Android applications , most of the choice is ADT and Android Studio, these two Ides have integrated a lot of debugging features for us, such as break point, single step debugging, dump virtual machine stack information, these tools are very powerful, is our development process indispensable, but have you ever thought how they do it? In fact, they also take advantage of similar JDB functions, and then display the visual interface in front of people.

JDWP Protocol Introduction

First of all, let us know what is JDWP (Java Debug Line protocol), that is, the JVM or class JVM virtual machine support a protocol, through which the Debugger side can communicate with the target VM, can get the target VM including classes, objects, threads and other information, in debugging Androi D application In this scenario Debugger generally refers to one of your develop machine support JDWP protocol tools such as Android Studio or JDB, and the Target JVM refers to each Ap that runs on your mobile device P (because they are all virtual machines Dalvik or ART), JDWP Agent is generally responsible for listening to a port, when there is Debugger to this port to initiate a request, the agent forwards the request to the Target JVM and ultimately by the JVM to process the request, and the Reply information is returned to the Debugger end.

The above figure is borrowed from others to explain the JVM, for Android may not be particularly accurate, we look at Android above what is the case, when debugging we generally connect to the mobile device through the ADB, so the above JDWP Agent on the Android phone should refer to ADBD process, followed by:

Explains the process of using DDMS to communicate with App VMs, and the instructions for using ADB, which are not detailed here, can be found in Google's official documentation.

Let's talk about the message format of the JDWP protocol, there are two main types of messages in the JDWP Protocol: command packet and Reply Packet,command packet is what we call the request message, Reply Nature is the answer to the Command.

JDWP Packet is divided into two parts: Baotou (header) and data. The structure and length of the Baotou section are fixed, and the length of the data part is variable, depending on the content of the packet. Command packet and reply packet have the same length of Baotou, which is 11 bytes.

The structure of the header of the

1. Command packet

   • Length
     is the length of the entire packet, including the lengths section. Because the length of the Baotou is fixed one-bytes, so if a command packet no data part, then the value of length is 11.

   • Id
     is a unique value that is used to mark and identify the command that the reply belongs to. Reply packet has the same ID as the command packet it responds to, and the asynchronous message is identified by the ID.

   • Flags
     is currently 0 for the command packet value.

   • Command set

   is equivalent to a command grouping, and some command with similar functions is divided into the same command set. The value of command Set is divided into 3 parts:

   • 0-63: command from debugger to target Java Virtual machine
   • 64–127: From Target Java Virtual machine Commands destined for debugger
   • 128–256: Custom and Extended commands reserved

2. Reply structure of the header of packet

   The
   • Length, Id function is the same as in command packet.
   • Flags
     is currently 0x80 for the reply packet value. We can use the value of Flags to determine whether the received packet is command or reply.
   • Error Code
     is used to indicate whether the command being replied to has been executed correctly. Zero indicates correct, non-zero indicates execution error.

The content and structure of Data differs depending on the command and reply. For example, to request a command for an object member variable value, its data contains the ID of the object and the ID of the member variable. The value of the member variable is included in the reply.

How to use JDB

Above said so much, in fact, is to say JDB use principle to do the foreshadowing, JDB is actually JDWP agreement in the Debugger, it runs on develop machine above, it and mobile devices above the App VMs through the JDWP protocol to communicate, JDB general bit Under your JDK installation directory, you can run directly because JDB and mobile devices must communicate via ADB, so there are a few configurations that must be made before using JDB on Android:

1. adb jwdpthe process ID of the JDWP protocol can be executed by listing the mobile device above.
2. adb forward tcp:123456 jdwp:pidUse the 123456 port to communicate with the app VMs (actually ADBD) on the mobile device by using the PID (first step) setting.
3. Perform the jdb -attach localhost:123456 jdb attach to the 123456 port on this machine.

This connection to the mobile app VMs is JDB, and you can use the various commands provided by JDB to interact with the app VMs.

Examples of using JDB

1. adb shell ps | grep com.android.settingsthe PID number used to get the settings process is 3107
2. Performadb forward tcp:12345 jdwp:3107
3. Execution jdb -attach localhost:12345
   After performing the above three steps, the connection between the JDB and the Setup APP is established.

4. Execute the jdb command classes to get a list of all the classes in the App.

5. We are interested in the Com.android.setting.Settings class, so we continue to use jdb commands methods to see which methods this class has.

6. Suppose we want to add a breakpoint to this method in the Com.android.setting.Settings class OnCreate, then we execute the stop in com.android.setting.Settings.onCreate(android.os.Bundle) breakpoint in this method, then we open the setting app,jdb will prompt us to hit the breakpoint, Also tell us which thread, the specific method, which line of information.

7. Executes the next command so that the code executes to the next line.
8. Executes step the command, allowing the code to step into the execution.

9. Executes run a command that causes the program to skip the breakpoint and continue execution.

JDB List of commands

* Command List *

connectors– lists the connectors and transports available in this VM

Run [class [args]]–] starts executing the main class of the application

threads [threadgroup]– Column Outgoing thread

thread– Setting the default thread

suspend [thread ID (s)]– suspend thread (default: All)

Resume [thread ID (s)]– recovery thread (default: All)

where [| all]– the stack of the dump thread

Wherei [| all]– the stack of the dump thread, and the PC information

Up [n frames]– the stack of the thread up

Down [n frames]– the stack for the thread to move down

kill– terminating a thread with the given exception error object

interrupt– in the thread

print– the value of an output expression

dump– output All object information

eval– Evaluation of expressions (same as print)

Set =– Assigning a new value to a field/variable/array element

locals– output all local variables in the current stack frame

classes– lists the currently-known classes

class– displaying details of named classes

methods– Methods for listing classes

fields– list The fields of a class

threadgroups– List of outgoing thread groups

threadgroup– Setting the current thread group

Stop in. [(Argument_type,...)] – Set breakpoints in method

Stop at: – Set a breakpoint in a row

Clear. [(Argument_type,...)] – Clears breakpoints in the method

Clear: – Clears breakpoints in a row

clear– List Breakpoints

catch [Uncaught|caught|all] | – Interrupt when a specified exception error occurs

Ignore [Uncaught|caught|all] | – for the specified exception error, Cancel ' catch '

Watch [Access|all]. – Monitoring Access/modification of fields

Unwatch [Access|all]. – Stop monitoring access/modification of fields

Trace [Go] methods [thread]– Tracking method entry and exit. – Suspend all threads unless ' go ' is specified

Trace [Go] method exit | Exits [thread]– tracks the exit of the current method, or exits all methods-suspends all threads unless ' go ' is specified

Untrace [methods]– Stop Tracking Method entry and/or exit

Step– performing the Forward

Step up– is executed until the current method returns to its caller

stepi– executing the current instruction

Next step – Stepping one line (step over call)

cont– Continue from Breakpoint

list [line number|method]– output source code

Use (or sourcepath) [source file path]– Display or change the origin path

Exclude [, ... | "None"]– for the specified class, no step or method events are reported

classpath– output classpath information from the target VM

monitor– Execute command every time the program is stopped

monitor– List Monitors

Unmonitor

Resources

• Http://www.ibm.com/developerworks/cn/java/j-lo-jpda3/index.html
• http://codeseekah.com/2012/02/16/command-line-android-development-debugging/
• http://resources.infosecinstitute.com/android-hacking-security-part-6-exploiting-debuggable-android-applications/#article
• Http://developer.android.com/tools/debugging/index.html

Debugging Android Apps with JDB