本文描述了搭建android核心除錯的過程,最終達到原始碼級除錯的目的。由於真機除錯核心的步驟比較複雜,這裡先用模擬器為例。
硬體環境
軟體環境
工具模擬器
android 4.4.2,核心:goldfish3.4
aosp prebuilt
使用/arch/arm/configs/goldfish_armv7_defconfig作為核心配置檔案進行配置,
root@tangxx
:~/android_source/android_442/kernel/goldfish
# export cross_compile=arm-eabi-
root@tangxx
:~/android_source/android_442/kernel/goldfish
# export subarch=arm
root@tangxx
:~/android_source/android_442/kernel/goldfish
# export arch=arm
root@tangxx
:~/android_source/android_442/kernel/goldfish
# make goldfish_armv7_defconfig
hostcc scripts/basic/fixdep
hostcc scripts/kconfig/conf.o
shipped scripts/kconfig/zconf.tab.c
shipped scripts/kconfig/zconf.lex.c
shipped scripts/kconfig/zconf.hash.c
hostcc scripts/kconfig/zconf.tab.o
hostld scripts/kconfig/conf
## configuration written to .config
#
修改goldfish/.config配置檔案,確保一下幾項配置選項開啟,
config_highmem=y #允許設定模擬器記憶體
config_debug_info=y #顯示vmlinux符號
config_debug_kernel=y #開啟核心除錯
config_kgdb=y #開啟kgdb
root@tangxx
:~/android_source/android_442/kernel/goldfish
#make
…kernel
: arch/arm/boot/zimage is ready
root@tangxx
:~/android_source/android_442/kernel/goldfish
# emulator -verbose -show-kernel -kernel ./arch/arm/boot/zimage -qemu -s –s
啟動時間有點長,耐心等待,啟動完成後開啟手機設定驗證一下,
開啟另外乙個終端啟動偵錯程式,載入核心符號,
root@tangxx:~/android_source/android_442# cd kernel/goldfish
root@tangxx:~/android_source/android_442/kernel/goldfish# arm-eabi-gdb ./vmlinuxgnu gdb (gdb) 7.3.1-gg2
license gplv3+: gnu gpl version
3or later
this is free software: you are free to change and redistribute it.
there is no warranty, to
the extent permitted by law. type "show copying"
and"show warranty"
for details.
this gdb was configured as
"--host=x86_64-linux-gnu --target=arm-linux-android".
for bug reporting instructions, please see:
...reading symbols from /root/android_source/android_442/kernel/goldfish/vmlinux...done.
鏈結預設的1234埠就可以進行除錯核心了,
(gdb) target remote :1234
remote debugging using :1234
?? () at arch/arm/kernel/entry-armv.s:1181
1181 w(b) vector_rst
(gdb) list
1176
.globl vector_fiq_offset
1177
.equ vector_fiq_offset, vector_fiq
1178
1179
.section
.vectors, "ax", %progbits
1180 __vectors_start:
1181 w(b) vector_rst
1182 w(b) vector_und
1183 w(ldr) pc, __vectors_start + 0x1000
1184 w(b) vector_pabt
1185 w(b) vector_dabt
(gdb) c
continuing.
^cprogram received signal sigint, interrupt.
cpu_v7_do_idle () at arch/arm/mm/proc-v7.s:74
74mov pc, lr
(gdb) list
69 * irqs are already disabled.
70 */
71 entry(cpu_v7_do_idle)
72 dsb @ wfi may enter a low-power mode
73 wfi
74mov pc, lr
75 endproc(cpu_v7_do_idle)
7677 entry(cpu_v7_dcache_clean_area)
78#ifndef tlb_can_read_from_l1_cache
(gdb) disas
dump of assembler code for function cpu_v7_do_idle:
0xc00158e0
: dsb sy
0xc00158e4
: wfi
=> 0xc00158e8
: mov pc, lr
end of assembler dump.
Delphi原始碼級動態反彙編除錯
ollydbg是乙個動態反 彙編除錯工具,由於功能非常強大,常常被黑客用來破解軟體。但是一般情況下用它反彙編出來的程式是非常難理解的彙編形式,只有系統api呼叫部份可以看出函式名稱,其它的函式呼叫都是以位址形式出現,這使我們很難分析程式的功能。經過反覆試驗,我終於解決了原始碼級除錯這一難題。這樣就可...
android4 4核心編譯(附原始碼)
編譯環境如下圖所示 git checkout remotes origin android msm hemmerhead 3.4 根據實際的項行進設定 2.設定環境 1 終端進入原android原始碼目錄設定編譯環境 cd android src android4.4 source build en...
除錯RocketMQ原始碼
拷貝namesrv broker的配置檔案到指定目錄,為了避免直接修改 中的配置檔案。1.1 在f盤建立rocketmq資料夾,建立三個子資料夾conf logs store,我的 中多了dev data的資料夾 1.2 將distribution原始碼conf目錄下的broker.conf log...