Friday, September 19, 2014

Debug Android executables using gdb and gdbserver

About 3 monthes ago I created a POC which is a cross-built executable running on a rooting Android device, but it crashed unexpectedly with only "Segmentation fault" messages. Because there is no GDB available in my Google Nexus 7, so after some studies, I found that I can cross debugging with GDB and GDBServer in NDK folder:
$ find ndk9c/ -name "gdbserver" -type f
ndk9c/prebuilt/android-mips/gdbserver/gdbserver
ndk9c/prebuilt/android-arm/gdbserver/gdbserver
ndk9c/prebuilt/android-x86/gdbserver/gdbserver
$ find ndk9c/ -name "arm*gdb" -type f
ndk9c/toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gdb
ndk9c/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gdb

Here are my steps:

On Host

$ adb push ndk9c/prebuilt/android-arm/gdbserver/gdbserver /data/working
$ adb forward tcp:1234 tcp:1234

On Device

$ cd /data/working
$ ./gdbserver localhost:1234 MyProgram
Process ./MyProgram created; pid = 729
Listening on port 1234

On Host

$ ./arm-linux-androideabi-gdb ./MyProgram
GNU gdb (GDB) 7.3.1-gg2
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=x86_64-linux-gnu --target=arm-linux-android".
For bug reporting instructions, please see:
...
Reading symbols from /home/steven/working/bin/MyProgram...done.

(gdb) target remote 169.254.255.1:1234
Remote debugging using 169.254.255.1:1234
warning: Unable to find dynamic linker breakpoint function.
GDB will retry eventurally.  Meanwhile, it is likely
that GDB is unable to debug shared library initializers
or resolve pending breakpoints after dlopen().
0xb0001000 in ?? ()

(gdb)

On Device

After Host machine "target remote 169.254.255.1:1234", Device gdbserver will show below message:
...
Listening on port 1234
Remote debugging from host 169.254.255.2

On Host

Finally you can start the executable on Host machine and waiting for the crashed, then debug it:
(gdb) b UnicodeConversion.cpp:373
(gdb) c
Continuing.
...
Program received signal SIGSEGV, Segmentation fault.
...
(gdb) bt
...
(gdb)

References

http://www.kandroid.org/online-pdk/guide/debugging_gdb.html
http://appleapplecat.pixnet.net/blog/post/32464205-gdbserver-on-android [Chinese]
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)