-
-
Save segfault-bilibili/ccb96d888da9e8108deb4e92befff0cb to your computer and use it in GitHub Desktop.
Attaching to fast loading JNI/native code from an Android app without debugging the Dalvik code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The original issue was that some applications (ex. packers) launch the JNI/native code too fast for a person | |
| to attach an IDA Pro instance to the process. The original solution was wrapping the jni code with your own | |
| "surrogate" application so you could load it slower. | |
| New process is to launch the Android/Dalvik activity with the debugger flag; | |
| # adb shell am start -D com.play.goo_w/com.android.netservice.MainActivity | |
| Which will cause the "Waiting for debugger..." mode to start. This starts the process, allowing you to | |
| attach IDA Pro to the process for the native code. | |
| Next attach forward the jdwp process to a tcp socket so you can connect; | |
| # adb jdwp | |
| ... | |
| 3292 | |
| This process returns all available jdwp processes, the last one should be your new pid you want to debug | |
| (you could check this through top/ps) | |
| # adb forward tcp:8700 jdwp:3292 | |
| After you've forwarded the port to the jdwp process, you can connect on your machine via jdb; | |
| # jdb -attach localhost:8700 | |
| Drop the jdb conneciton and let the Android application run as it normal would. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment