周杰伦 4/10/2023, 9:06:00 PM
文章分类 游戏基址 二进制漏洞 密码应用 智能设备 阅读数 : 440 阅读时长 : 9分钟
android.iml
android.ipr
# 在源码根目录执行
source build
/
envsetup.sh
lunch
22
mmm development
tools
idegen
# or make idegen
sudo development
idegen.sh
sudo chmod
777
sudo deepin-editor android.iml
<excludeFolder url
=
"file://$MODULE_DIR$/bionic"
>
"file://$MODULE_DIR$/bootable"
"file://$MODULE_DIR$/build"
"file://$MODULE_DIR$/cts"
"file://$MODULE_DIR$/dalvik"
"file://$MODULE_DIR$/developers"
"file://$MODULE_DIR$/development"
"file://$MODULE_DIR$/device"
"file://$MODULE_DIR$/docs"
"file://$MODULE_DIR$/external"
"file://$MODULE_DIR$/hardware"
"file://$MODULE_DIR$/kernel"
"file://$MODULE_DIR$/out"
"file://$MODULE_DIR$/pdk"
"file://$MODULE_DIR$/platform_testing"
"file://$MODULE_DIR$/prebuilts"
"file://$MODULE_DIR$/sdk"
"file://$MODULE_DIR$/system"
"file://$MODULE_DIR$/test"
"file://$MODULE_DIR$/toolchain"
"file://$MODULE_DIR$/tools"
"file://$MODULE_DIR$/.repo"
Open an existing Android Studio project
android
-
10.0
.
0_r2
frameworks
base
core
res
AndroidManifest.xml
assets
在源码的根目录创建start_emulator.sh脚本,为了方便的启动模拟器,输入以下内容 后执行
#!/bin/bash
6
emulator
# sudo chmod 777 ./start_emulator.sh
# ./start_emulator.sh
# 第三方app需先以调试模式启动app 点击运行
adb shell am
set
debug
app
w com.example.dexlassloaders
# 等待附加调试 会自动继续运行 直到触发断点
# 系统进程可直接进行附加调试
在系统源码找到ActivityStarter这个类,在startActivityMayWait这个方法打断点
点击菜单的Run–>Attach Debugger to Android Process,勾选Show all processer,选择system_process 随便启动app 触发断点
# 进入源码目录
cd
# 先初始化环境 主要为lunch 目标
# 进入gdbclient.py 脚本目录
cd development
scripts
# 调试模式启动 第三方app 此命令需手动点击
# 以调试模式启动 无需手动点击
adb shell am start
D
n com.example.dexlassloaders
.MainActivity
# 查看进程pid
adb shell
"ps -ef | grep com.example.dexlassloaders"
# u0_a103 6018 1631 0 18:24:11 ? 00:00:00 com.example.dexlassloaders
# root 6046 1677 0 18:25:54 ? 00:00:00 sh -c ps -ef | grep com.example.dexlassloaders
# root 6049 6046 0 18:25:54 ? 00:00:00 grep com.example.dexlassloaders
# 执行此命令等待 输出 vscode launch.json配置 报错 请检查pid
gdbclient.py
p
6018
setup
forwarding vscode
# 没调试完不要 按enter
# 接着使用as 附加调试 或者
adb forward tcp:
12345
jdwp:
# (Where XXX is the PID of the debugged process.)
jdb
attach localhost:
gdbclient.py -p 6018 --setup-forwarding vscode
VScode launch.json
{
"configurations"
: [
{} 复制到这里
"miDebuggerPath"
:
"/android/android/android-10.0.0_r2/prebuilts/gdb/linux-x86/bin/gdb"
,
"program"
"/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/bin/app_process64"
"setupCommands"
"text"
"-enable-pretty-printing"
"description"
"Enable pretty-printing for gdb"
"ignoreFailures"
: true
},
"-environment-directory /android/android/android-10.0.0_r2"
"gdb command: dir"
: false
"-gdb-set solib-search-path /android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/hw:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/ssl/engines:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/drm:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/egl:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/system/lib64/soundfx:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/vendor/lib64/:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/vendor/lib64/hw:/android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols/vendor/lib64/egl"
"gdb command: set solib-search-path"
"-gdb-set solib-absolute-prefix /android/android/android-10.0.0_r2/out/target/product/generic_x86_64/symbols"
"gdb command: set solib-absolute-prefix"
"-interpreter-exec console \"source /android/android/android-10.0.0_r2/development/scripts/gdb/dalvik.gdb\""
"gdb command: source art commands"
}
],
"name"
"(gdbclient.py) Attach app_process64 (port: 5039)"
"miDebuggerServerAddress"
"localhost:5039"
"request"
"launch"
"type"
"cppdbg"
"cwd"
"/android/android/android-10.0.0_r2"
"MIMode"
"gdb"
]
gdbclient.py -p 6018 --setup-forwarding vscode 执行之后 vscode 附加 发现链接失败时
# 1. 进入手机 shell
# 2. 切换root模式 普通手机为su
su
# 3. 手动执行gdbserver
gdbserver64 :
1234
attach
# 出现下面的表示 附加调试成功
# Remote debugging from host 127.0.0.1
# 4. 重新启动一个终端
# 4.1 进行端口映射
5039
tcp:
# 4.2 按照 获取vscodelunch.json 配置 这个做 配置vscode 检查5039端口
# 5. 启动vscode附加调试 - 先下断点
vscode 按 F5 启动调试 查看调试控制台,应该开始Loaded symbols 了
# 6. 使用as 附加调试或者 执行下面的jdb 开始调试
更多【Android - 系统级源码调试】相关视频教程:www.yxfzedu.com