APP debugging in Android: How does GDB set breakpoints in the dynamic link library?

Address: http://blog.csdn.net/ariesjzj/article/details/7419776

This method is suitable for debugging the. So library used by the app in Android, especially when a problem occurs after loading the database. If GDB is directly loaded into the symbol table of the Dynamic Link Library, the symbol address is incorrect. In this article, an app is used as an example. Therefore, the specific function name must vary with the instance name.

 

Step 1: Dev tools-> development settings, set the program to be called to wait for debugger. At this time, the program will stop and wait for the jdb signal. For more information, see (http://blog.csdn.net/ariesjzj/article/details/7393573 ).

 

Step 2: Start jdb and use PS to find the PID (assuming 1476 ). Then open ~ /. Jdbrc (if not, create one). The breakpoint is set when the dynamic library is loaded:

Stop in Java. Lang. system. loadlibrary

Save and exit and execute:

$ ADB forward TCP: 29882 jdwp: 1476
$ Jdb-Attach localhost: 29882

After jdb is started, it will automatically read./jdbrc and set a breakpoint. In general, the following display will appear:

Jzj @ jzj-desktop :~ $ Jdb-Attach localhost: 29882
Set uncaught java. Lang. throwable
Set deferred uncaught java. Lang. throwable
Initializing jdb...
> *** Reading commands from/home/zjin/. jdbrc
It will be set after the class is loaded.
> Set breakpoint java. Lang. system. loadlibrary
>

The breakpoint is successfully set. For more operations on jdb, see (http://blog.csdn.net/ariesjzj/article/details/7399249 ).

 

Step 3: wait until the program triggers the breakpoint because of the Load Library. At this time, you can confirm whether it is the library we are looking. For example, check the local variables in jdb:
<1> main [1] locals
Method arguments:
Local variables:
Libname = "bigelib"

Then, the APK of the program is decomassembled using dex2jar and JD-Gui to find out the code for loading. So:
Package com. bz. bige;
Import com. bz. bige. Sound. bzsoundmanager;
Public class bigejni
{
Static
{
System. loadlibrary ("bigelib ");
}

}
This shows that we are correct, and then we run the current function in jdb, that is, let the dynamic library load:

<1> main [1] Step Up

 

Step 4: Run GDB. If the PID of the program to be debugged is 1390:

Run on the target (if there is no gdbserver, push it first ):

#./Gdbserver: 1234 -- attach 1390

Run the following command on the host:
$ Arm-Eabi-GDB-x init. GDB

Load the. So symbol table. The address of each symbol is already relocate. It can be used in GDB. For details about GDB, see (http://blog.csdn.net/ariesjzj/article/details/7375048 ).

(GDB) shared

If necessary, you can use the following command to view the function list:

(GDB) info Functions

There may be a lot of output, and you can redirect the output to a file (see the http://blog.csdn.net/ariesjzj/article/details/7419479 for details ).

Now you can use the function name to set a breakpoint:

(GDB) B bzgame: Init ()
Breakpoint 1 at 0x4965f9fc
(GDB) B bzgame: Init ()
Note: breakpoint 1 also set at PC 0x4965f9fc.
Breakpoint 2 at 0x4965f9fc
(GDB) Delete 2
(GDB) B bzgame: setstate (STD: String const &)
Breakpoint 3 at 0x496600ba
(GDB) I B
Num type disp ENB address what
1 breakpoint keep y 0x4965f9fc <bzgame: Init () + 12>
3 breakpoint keep y 0x496600ba <bzgame: setstate (STD: String const &) + 2>

Then you can execute continue to continue. The program stops at the breakpoint.