使用gdb远程调试android native程序

安装gdbserver

android设备上需要安装gdbserver/gdbserver64（调试arm64程序需要使用）userdebug固件可能会自带gdbserver/gdbserver64程序，而user版android固件并没有把gdbserver编译到系统中，需要我们手动push：

他们的位置分别在android源码的如下位置：

android/prebuilts/misc/android-arm/gdbserver
android/prebuilts/misc/android-arm64/gdbserver64

push操作的整个操作流程如下：

#获取root权限
adb shell reboot bootloader
fastboot ome root
fastboot reboot

#disable verity
adb root
adb disable-verity
adb reboot

#remount system
adb root
adb remount

#推送gdbserver/gdbserver64
adb push gdbserver /system/bin/
adb push gdbserver64 /system/bin/

配置环境

• android设备上执行：

需要先通过pgrep查找到对应程序的进程pid号，举例我们想要调试audioserver，先确定该进程的pid。

root@16s:/ # ps -ef | grep audioserver
audioserver    801     1 0 11:57:57 ?     00:00:00 audioserver

然后启动gdbserver，并且与手机端的1234端口建立通信:

gdbserver remote:1234 --attach 801

• PC host端准备：

adb forward tcp:1234 tcp:1234

这条命令会把PC上的1234端口绑定到到手机1234端口上，这样数据都会被重定向过去。这一步很重要，它是建立PC和手机端通信的关键。

PC:1234--------------DEV:1234

配置gdb路径

编写gdb.config:

set solib-absolute-prefix /media/xiehaocheng/work/1973/out/target/product/m1973/symbols/

在本例中，只需要配置这一个参数即可，那么两个问题：

• 为什么不需要通过file命令指定调试文件？

因为调试文件已经由手机端的gdbserver64指定并且attach了，不需要再次指定。

• 为什么不需要通过dir命令指定代码文件路径？

因为涉及到很多库文件，代码也处于不同的目录，很难一一添加，更重要的是没有必要，我们已经指定了 solib-absolute-prefix ，gdb就会从指定的位置读取symbol了：

Reading symbols from /media/xiehaocheng/work/1973/out/target/product/m1973/symbols/system/bin/audioserver...done.
Reading symbols from /media/xiehaocheng/work/1973/out/target/product/m1973/symbols/system/bin/linker...done.
Reading symbols from /media/xiehaocheng/work/1973/out/target/product/m1973/symbols/system/lib/libaaudioservice.so...done.

而这些symbol中已经包含了代码文件的路径，因此对于本机编译的android环境，不需要配置代码路径了。单独使用NDK调试单个库的时候才需要。

开始调试

启动gdb：

$ gdb -x gdb.config

在gdb命令行下连接本地端口1234：

(gdb) target remote localhost:1234

完整的打印如下：

xiehaocheng@xiehaocheng:/media/xiehaocheng/work/1973/prebuilts/gdb/linux-x86/bin$ ./gdb -x gdb.config
GNU gdb (GDB) 7.11
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".

(gdb) target remote localhost:1234
Remote debugging using localhost:1234

Reading symbols from /media/xiehaocheng/work/1973/out/target/product/m1973/symbols/system/bin/audioserver...done.
warning: Could not load shared library symbols for 6 libraries, e.g. /system/lib/libvraudio.so.
Use the "info sharedlibrary" command to see the complete listing.

(gdb) bt
#0  __ioctl () at bionic/libc/arch-arm/syscalls/__ioctl.S:9
#1  0xef6addba in ioctl (fd=5, request=-1070571007) at bionic/libc/bionic/ioctl.cpp:39
#2  0xef309c54 in android::IPCThreadState::talkWithDriver (this=0xeeab20e0, doReceive=<optimized out>) at frameworks/native/libs/binder/IPCThreadState.cpp:905
#3  0xef309db0 in android::IPCThreadState::getAndExecuteCommand (this=0xeeab20e0) at frameworks/native/libs/binder/IPCThreadState.cpp:440
#4  0xef30a31c in android::IPCThreadState::joinThreadPool (this=0xeeab20e0, isMain=true) at frameworks/native/libs/binder/IPCThreadState.cpp:538
#5  0xb9fa774e in main (argc=<optimized out>, argv=0xffebebd4) at frameworks/av/media/audioserver/main_audioserver.cpp:213

(gdb) 
....

注意点

最后提一点，gdb必须要是能够支持arm、arm64平台的版本，android代码中是带有该版本的，路径在andorid：

prebuilts/gdb/linux-x86/bin