效果写在前
 
手机环境为 eng 或 userdebug ,user 版本及 ARM 模拟器我没测试成功过(甚至连 ARM 模拟器都跑不起来!!!
| 
        1
        
        2
        | $ adb shell getprop ro.build.type# 这个命令可以查看版本eng | 
其他方式可以跳到文末参考链接,这里就给出稳妥的方案
准备 debug 所需文件
aosp/bionic C++ 源代码aosp/out/target/product/sailfish/symbols/apex/com.android.runtime.debug 带 debug 信息的 So
| 
          1
          
          2
          
          3
          
          4
          
          5
          
          6
          
          7
          
          8
          
          9
          
          10
          
          11
          
          12
          
          13
          
          14
          
          15
          
          16
          
          17
          
          18
          
          19
          
          20
          
          21
          
          22
          
          23
          
          24
          
          25
          
          26
          
          27
          
          28
          
          29
          
          30
          
          31
          
          32
          
          33
          
          34
          
          35
          
          36
          
          37
          
          38
          
          39
          
          40
          
          41
          | k@k:~/bin/aosp/out/target/product/sailfish/symbols/apex/com.android.runtime.debug/bin$ readelf -S linker64There are 30section headers, starting at offset 0x11c0f00:节头:  [号] 名称              类型             地址              偏移量    大小              全体大小          旗标   链接   信息   对齐  [ 0]                   NULL             00000000000000000000000000000000000000000000000000000000000  [ 1] .note.gnu.bu[...] NOTE             00000000000002380000023800000000000000200000000000000000A       004  [ 2] .dynsym           DYNSYM           00000000000002580000025800000000000002400000000000000018A       418  [ 3] .gnu.hashGNU_HASH         00000000000004980000049800000000000000c00000000000000000A       208  [ 4] .dynstr           STRTAB           00000000000005580000055800000000000002b20000000000000000A       001  [ 5] .relr.dyn         LOOS+0xfffff0000000000000008100000081000000000000001f00000000000000008A       008  [ 6] .rodata           PROGBITS         0000000000000a0000000a000000000000017d0d0000000000000000AMS       0032  [ 7] .gcc_except_table PROGBITS         00000000000187100001871000000000000050dc0000000000000000A       004  [ 8] .eh_frame_hdr     PROGBITS         000000000001d7ec0001d7ec0000000000004bc40000000000000000A       004  [ 9] .eh_frame         PROGBITS         00000000000223b0000223b00000000000014f240000000000000000A       008  [10] .text             PROGBITS         00000000000380000003800000000000000d15280000000000000000AX       0064  [11] .data             PROGBITS         000000000010a0000010a0000000000000000ef80000000000000000WA       0032  [12] .data.rel.ro      PROGBITS         000000000010b0000010b00000000000000062700000000000000000WA       008  [13] .init_array       INIT_ARRAY       00000000001112700011127000000000000000600000000000000008WA       008  [14] .dynamic          DYNAMIC          00000000001112d0001112d000000000000000e00000000000000010WA       408  [15] .got              PROGBITS         00000000001113b0001113b000000000000008200000000000000000WA       008  [16] .bss              NOBITS           000000000011200000111bd00000000000009e700000000000000000WA       004096  [17] .debug_str        PROGBITS         000000000000000000111bd000000000003ae3470000000000000001MS       001  [18] .debug_loc        PROGBITS         0000000000000000004bff1700000000003f6b1c0000000000000000001  [19] .debug_abbrev     PROGBITS         0000000000000000008b6a33000000000003f6ae0000000000000000001  [20] .debug_info       PROGBITS         0000000000000000008f60e100000000006391f20000000000000000001  [21] .debug_ranges     PROGBITS         000000000000000000f2f2d300000000000ed6200000000000000000001  [22] .debug_macinfo    PROGBITS         00000000000000000101c8f300000000000001640000000000000000001  [23] .comment          PROGBITS         00000000000000000101ca57000000000000019c0000000000000001MS       001  [24] .debug_line       PROGBITS         00000000000000000101cbf3000000000011cb4a0000000000000000001  [25] .debug_aranges    PROGBITS         00000000000000000113973d00000000000013e00000000000000000001  [26] .gnu_debuglink    PROGBITS         00000000000000000113ab1d00000000000000200000000000000000001  [27] .shstrtab         STRTAB           0000000000000000011c0dbe000000000000013c0000000000000000001  [28] .symtab           SYMTAB           00000000000000000113ab4000000000000484b0000000000000001829123158  [29] .strtab           STRTAB           000000000000000001182ff0000000000003ddce0000000000000000001Key to Flags:  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),  L (link order), O (extra OS processing required), G (group), T (TLS),  C (compressed), x (unknown), o (OS specific), E (exclude),k@k:~/bin/aosp/out/target/product/sailfish/symbols/apex/com.android.runtime.debug/bin$ ll -hr|grep linker64-rwxrwxr-x 1k k   18M10月  801:09linker64* | 
这里可以把手机里的 linker64 拿出来做一个对比,这里就可以看见手机里的 So 并没有带 debug_xx 的信息
| 
        1
        
        2
        
        3
        
        4
        
        5
        
        6
        
        7
        
        8
        
        9
        
        10
        
        11
        
        12
        
        13
        
        14
        
        15
        
        16
        
        17
        
        18
        
        19
        
        20
        
        21
        
        22
        
        23
        
        24
        
        25
        
        26
        
        27
        
        28
        
        29
        
        30
        
        31
        
        32
        
        33
        
        34
        
        35
        
        36
        | $ adb pull /system/apex/com.android.runtime.debug/bin/linker64$ ll -hr linker64-rw-r--r--1k k 1.6M10月  913:30linker64$ readelf -S linker64There are 23section headers, starting at offset 0x187dd0:节头:  [号] 名称              类型             地址              偏移量    大小              全体大小          旗标   链接   信息   对齐  [ 0]                   NULL             00000000000000000000000000000000000000000000000000000000000  [ 1] .note.gnu.bu[...] NOTE             00000000000002380000023800000000000000200000000000000000A       004  [ 2] .dynsym           DYNSYM           00000000000002580000025800000000000002400000000000000018A       418  [ 3] .gnu.hashGNU_HASH         00000000000004980000049800000000000000c00000000000000000A       208  [ 4] .dynstr           STRTAB           00000000000005580000055800000000000002b20000000000000000A       001  [ 5] .relr.dyn         LOOS+0xfffff0000000000000008100000081000000000000001f00000000000000008A       008  [ 6] .rodata           PROGBITS         0000000000000a0000000a000000000000017d0d0000000000000000AMS       0032  [ 7] .gcc_except_table PROGBITS         00000000000187100001871000000000000050dc0000000000000000A       004  [ 8] .eh_frame_hdr     PROGBITS         000000000001d7ec0001d7ec0000000000004bc40000000000000000A       004  [ 9] .eh_frame         PROGBITS         00000000000223b0000223b00000000000014f240000000000000000A       008  [10] .text             PROGBITS         00000000000380000003800000000000000d15280000000000000000AX       0064  [11] .data             PROGBITS         000000000010a0000010a0000000000000000ef80000000000000000WA       0032  [12] .data.rel.ro      PROGBITS         000000000010b0000010b00000000000000062700000000000000000WA       008  [13] .init_array       INIT_ARRAY       00000000001112700011127000000000000000600000000000000008WA       008  [14] .dynamic          DYNAMIC          00000000001112d0001112d000000000000000e00000000000000010WA       408  [15] .got              PROGBITS         00000000001113b0001113b000000000000008200000000000000000WA       008  [16] .bss              NOBITS           0000000000112000001120000000000000009e700000000000000000WA       004096  [17] .comment          PROGBITS         000000000000000000112000000000000000019c0000000000000001MS       001  [18] .gnu_debuglink    PROGBITS         00000000000000000011219c00000000000000200000000000000000001  [19] .symtab           SYMTAB           0000000000000000001121c00000000000037ed800000000000000182095228  [20] .strtab           STRTAB           00000000000000000014a098000000000003dc4d0000000000000000001  [21] .shstrtab         STRTAB           000000000000000000187ce500000000000000d40000000000000000001  [22] .gnu_debuglink    PROGBITS         000000000000000000187dbc00000000000000100000000000000000004Key to Flags:  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),  L (link order), O (extra OS processing required), G (group), T (TLS),  C (compressed), x (unknown), o (OS specific), E (exclude),  D (mbind), p (processor specific) | 
工程目录
 
 
导入 debug 符号,这里 Debugtype 选择 Native Only ,Symbol Directories 别选择顶级目录 com.android.runtime.debug 会有 bug,某些 So 会无法加载到
 
接下来就是进行 debug 调试,这里有一个需要注意的点就是不要直接打断点,需要先暂停,使用 lldb 进行断点
 
target modules list 查看已加载 So 列表,因为我需要 debug 的 符号在 linker 里面,所以重点查看 linker 加载的情况,如果没有被加载就无法 debug
| 
        1
        
        2
        
        3
        | (lldb) target modules list| grep linker64[  0] C87DDFF9-3A23-6A5B-654C-9182F7C24A0D0x0000007dd64d7000/home/k/Desktop/AndroidStudioProjects/example/com.android.runtime.debug/bin/linker64 [  1] C87DDFF9-3A23-6A5B-654C-9182F7C24A0D0x0000007dd64d7000/home/k/Desktop/AndroidStudioProjects/example/com.android.runtime.debug/bin/linker64 | 
断点命令
| 
        1
        
        2
        
        3
        | br s -n __loader_dlopen # 断点符号br s -f dlfcn.cpp -l 138# 在指定文件数断点:在 dlfcn.cpp 139 行进行drdc # continue 在当前进程中继续执行所有线程 | 
接下来就是常规的一步一步跟进调试了,dlopen 加载流程分析以及 ELF 解析这个我就不多费口舌了,网上资料一大堆~
 
更多【 Android Studio Debug dlopen】相关视频教程:www.yxfzedu.com