• 使用GDB调试Android Native 层代码


    --------------步骤:
    0. adb root
    0. adb shell
    0. ps | grep browser
    1. gdbserver :5039 --attach pid
    2. adb forward tcp:5039 tcp:5039

    1. prebuilts/gcc/linux-x86/arm/arm-eabi-4.7/bin/arm-eabi-gdb out/target/product/scx35l_sp9630ea/symbols/system/bin/app_process
    2. set solib-absolute-prefix out/target/product/scx35l_sp9630ea/symbols
    3. set solib-search-path out/target/product/scx35l_sp9630ea/symbols/system/lib
    4. target remote :5039
    5. shared

    android 5.0:
    prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-gdb out/target/product/scx35_sp7731gea_hd/symbols/system/bin/app_process32
    set solib-absolute-prefix out/target/product/scx35_sp7731gea_hd/symbols
    set solib-search-path out/target/product/scx35_sp7731gea_hd/symbols/system/lib
    target remote :5039

    android6.0以上版本
    android sharkl64
    source ***
    lunch ***
    gdbclient app_process :539 com.android.browser

    查看汇编:
    disassemble /m hanshu


    set var width=47 修改变量

    gdb: 修改函数返回值:
    GNU gdb Fedora (6.8-37.el5)
    Copyright (C) 2008 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law. Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "i386-redhat-linux-gnu"...
    (gdb) b main
    Breakpoint 1 at 0x80483e9: file main.c, line 14.
    (gdb) r 7
    Starting program: /root/program/testgdb/main 7

    Breakpoint 1, main (argc=2, argv=0xbf89e694) at main.c:14
    14 int input_val = 0;
    (gdb) n
    15 if(argc < 2)
    (gdb)
    20 input_val = atoi(argv[1]);
    (gdb)
    21 if(func1(input_val))
    (gdb) s --------------要进入函数内
    func1 (input=7) at main.c:6
    6 if(input < 10)
    (gdb) n
    7 return -1;
    (gdb) disassemble ---- 反编译一下当前函数
    Dump of assembler code for function func1:
    0x080483b4 <func1+0>: push %ebp
    0x080483b5 <func1+1>: mov %esp,%ebp
    0x080483b7 <func1+3>: sub $0x4,%esp
    0x080483ba <func1+6>: cmpl $0x9,0x8(%ebp)
    0x080483be <func1+10>: jg 0x80483c9 <func1+21>
    0x080483c0 <func1+12>: movl $0xffffffff,-0x4(%ebp)
    0x080483c7 <func1+19>: jmp 0x80483d0 <func1+28>
    0x080483c9 <func1+21>: movl $0x0,-0x4(%ebp)
    0x080483d0 <func1+28>: mov -0x4(%ebp),%eax ---- 返回值将保存到eax寄存器中
    0x080483d3 <func1+31>: leave
    0x080483d4 <func1+32>: ret
    End of assembler dump.
    (gdb) i r ---- 查看当前寄存器的值,主要是eax,此时还未执行"return -1"
    eax 0x7 7
    ecx 0x0 0
    edx 0x0 0
    ebx 0x9f8ff4 10457076
    esp 0xbf89e5c4 0xbf89e5c4
    ebp 0xbf89e5c8 0xbf89e5c8
    esi 0x8b0ca0 9112736
    edi 0x0 0
    eip 0x80483c0 0x80483c0 <func1+12>
    eflags 0x293 [ CF AF SF IF ]
    cs 0x73 115
    ss 0x7b 123
    ds 0x7b 123
    es 0x7b 123
    fs 0x0 0
    gs 0x33 51
    (gdb) n
    10 }
    (gdb) i r ----- 查看当前寄存器的信息,此时已执行"return -1",eax的值也变成了-1,函数退出后修改
    eax 0xffffffff -1
    ecx 0x0 0
    edx 0x0 0
    ebx 0x9f8ff4 10457076
    esp 0xbf89e5c4 0xbf89e5c4
    ebp 0xbf89e5c8 0xbf89e5c8
    esi 0x8b0ca0 9112736
    edi 0x0 0
    eip 0x80483d3 0x80483d3 <func1+31>
    eflags 0x293 [ CF AF SF IF ]
    cs 0x73 115
    ss 0x7b 123
    ds 0x7b 123
    es 0x7b 123
    fs 0x0 0
    gs 0x33 51
    (gdb) set $eax = 0 ---- 通过set命令修改eax的值,与变量不同,修改寄存器的值时,需要在寄存器名称前加'$'
    (gdb) i r ---- 再次查看eax的值,eax已变为0.
    eax 0x0 0
    ecx 0x0 0
    edx 0x0 0
    ebx 0x9f8ff4 10457076
    esp 0xbf89e5c4 0xbf89e5c4
    ebp 0xbf89e5c8 0xbf89e5c8
    esi 0x8b0ca0 9112736
    edi 0x0 0
    eip 0x80483d3 0x80483d3 <func1+31>
    eflags 0x293 [ CF AF SF IF ]
    cs 0x73 115
    ss 0x7b 123
    ds 0x7b 123
    es 0x7b 123
    fs 0x0 0
    gs 0x33 51
    (gdb) n ---- 继续执行代码,可看到程序输出"Input numeric is bigger than 10."。我们通过修改寄存器的值,对程序代码的执行过程进行了控制。
    main (argc=2, argv=0xbf89e694) at main.c:24
    24 printf("Input numeric is bigger than 10./n");
    (gdb) c
    Continuing.
    Input numeric is bigger than 10.

    Program exited normally.
    (gdb)
    --------------example:
    gdb 调试:
    $adb shell

    看看它的process id是多少

    #ps | grep browser

    记住你要的pid

    启动gdbserver, 指定在哪个prot上监听client,指定调试哪个进程

    #gdbserver :5039 --attach pid

    开始cient端的工作

    On your workstation, forward port 5039 to the device with adb: 不知道怎么翻译

    打开一个新的终端

    $adb forward tcp:5039 tcp:5039

    $cd ~/mydroid

    找一个最新版本的arm-eabi-gdb

    $find -name arm-eabi-gdb

    记住path

    启动gdbclient

    $/home/peipei/mydroid/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-gdb /home/peipei/mydroid/out/target/product/generic/symbols/system/bin/app_process

    In gdb, Tell gdb where to find the shared libraries that will get loaded:

    (gdb)set solib-absolute-prefix /home/peipei/mydroid/out/target/product/generic/symbols

    (gdb)set solib-search-path /home/peipei/mydroid/out/target/product/generic/symbols/system/lib

    小心,路径别写错,如果错了,gdb是不会告诉你的。

    另外,要注意,两个路径都要指向symbols目录。

    Connect to the device by issuing the gdb command:

    (gdb)target remote :5039

    The :5039 tells gdb to connect to the localhost port 5039, which is bridged to the device by adb.

    You may need to inspire gdb to load some symbols by typing:

    (gdb)shared

  • 相关阅读:
    php大文件分片上传
    ckeditor粘贴上传图片
    视频断点续传+java视频
    php上传文件夹 ​
    批量下载
    PHP上传超大文件解决方案
    js大文件上传
    java+web文件的上传和下载代码
    Webupload+PHP上传大文件
    【hdu1280】前M大的数
  • 原文地址:https://www.cnblogs.com/zliny/p/10137500.html
Copyright © 2020-2023  润新知