android native c++ debug

adb源码编译ADB是AndroidDebugBridge的缩写，是一种用于Android设备与开发计算机（通常是PC）进行通信的工具。

ADB可以实现设备端口映射、文件传输、安装、调试等功能。

ADB源码编译是指在自己的电脑上编译ADB程序，以便在开发过程中使用。

一、环境搭建在进行ADB源码编译之前，需要先搭建好相关环境。

具体步骤如下：1.安装Java SDKADB源码编译需要使用Java SDK，可以从Oracle官网下载并安装。

2.安装Android SDKADB源码编译还需要使用Android SDK，也可从官网下载并安装。

3.安装NDKNDK是Android Native Development Kit的缩写，它可以帮助开发者使用C/C++语言编写本地代码，并将其与Java代码一起编译成APK。

在进行ADB源码编译之前，需要先安装NDK。

4.安装PythonADB源码编译还需要使用Python，建议安装2.7版本。

二、获取源码获取ADB源码的方式有多种，可以从官网下载，也可以从Github 上下载。

这里以从Github上获取源码为例。

1.打开Github网站，搜索“android_platform_system_core”。

2.选择最新版本的源码，并下载到本地电脑。

三、编译源码获取到ADB源码后，可以开始编译源码了。

具体步骤如下：1.打开终端或命令行窗口，进入ADB源码所在的目录。

2.执行以下命令，编译源码：make adb3.编译完成后，在源码目录的out/host/linux-x86/bin/目录下，就可以找到编译后生成的adb可执行文件。

四、使用ADB工具编译完成后，就可以使用ADB工具进行Android开发调试了。

以下是一些ADB常用命令：1.adb devices：查看连接的Android设备列表。

2.adb install apkname：安装指定的APK文件。

3.adb uninstall packagename：卸载指定的应用程序。

如何用trace32调试native和kernel异常---------- for Android System Debug众所周知gdb功能强大，但相对于gdb的指令式调试，trace32的图形界面要更方便易上手，而且不用查记那些繁复的指令，虽然效率上不及gdb，但对于新手而言，使用trace32要比gdb 快捷。

下面就介绍如何使用trace32加载symbol文件。

1.启动trace32默认安装好trace32后，在开始菜单中选择“Trace32 Simulator for ARM”，如图1图12.启动模拟器在CPU菜单中选择“System Settings…”，如图2，图2在弹出窗口中的CPU框选择对应的CPU，如图3，对于MT6589平台选择CortexA9MPCore，图3然后点击UP即可启动模拟器，右下角会显示“system ready”，如图4。

图43.加载symbol文件加载的指令为“data.load.elf <symbol路径> <加载地址> /gnu /noclear /nocode”，symbol 文件可以是boot、lk等的elf文件，kernel的vmlinux，native so的symbol库；加载地址是可选项，可从PROCESS_MAP获取，也可从问题log获取。

加载完成后点击工具条上的蓝色感叹号就会显示出该symbol文件所对应的symbol，如图5，双击symbol符号可进入该symbol的具体内容。

图54.设置资源路径symbol文件加载完了，但对应的内容是十分难读的汇编语言，如图6，图6不过不用担心trace32支持symbol与code映射，可以将symbol与代码对应起来，在图6界面滑动鼠标滚轮，在命令框下方会提示该段symbol所对应的文件，如图7，图7将与symbol文件对应的同一版本的代码放到提示的路径下，在View菜单选择“Symbols”-> “Source Search Paths”，如图8，图8在弹出的对话框中点击“Add Dir…”按钮将路径设置到代码路径，然后点击“Reload”按钮，如图9，图9回到刚才symbol 界面，汇编语言就变成对应的代码了，如图10，图10点击 “Mode ” 按钮可切换到纯代码模式，如图11。

AndroidStudio⽤Cmake⽅式编译NDK代码（cmake配置.a库）1.cmake是什么？CMake是⼀个跨平台的安装（）⼯具，可以⽤简单的语句来描述所有平台的安装(编译过程)。

他能够输出各种各样的makefile或者project⽂件，能测试所⽀持的C++特性,类似UNIX下的automake。

⾕歌从AndroidStudio2.2以上就添加了Cmake⽅式来编译NDK代码，并从NDK例⼦看出，默认编译的⽅式就是cmake⽅式。

2.⾕歌官⽅的⽤cmake⽅式编译NDK的教程⾕歌从AndroidStudio2.2以上就添加了Cmake⽅式来编译NDK代码，并从NDK例⼦看出，默认编译的⽅式就是cmake⽅式。

如果您希望向现有项⽬添加原⽣代码，请执⾏以下步骤：1. 并将其添加到您的 Android Studio 项⽬中。

如果您已经拥有原⽣代码或想要导⼊预构建的原⽣库，则可以跳过此步骤。

2. ，将您的原⽣源代码构建到库中。

如果导⼊和关联预构建库或平台库，您也需要此构建脚本。

如果您的现有原⽣库已经拥有CMakeLists.txt构建脚本或者使⽤ ndk-build 并包含构建脚本，则可以跳过此步骤。

3. 提供⼀个指向您的 CMake 或 ndk-build 脚本⽂件的路径，。

Gradle 使⽤构建脚本将源代码导⼊您的 Android Studio 项⽬并将原⽣库（SO ⽂件）封装到 APK 中。

配置完项⽬后，您可以使⽤从 Java 代码中访问您的原⽣函数。

要构建和运⾏应⽤，只需点击 Run 。

Gradle 会以依赖项的形式添加您的外部原⽣构建流程，⽤于编译、构建原⽣库并将其随 APK ⼀起封装。

创建新的原⽣源⽂件要在应⽤模块的主源代码集中创建⼀个包含新建原⽣源⽂件的cpp/⽬录，请按以下步骤操作：1. 从 IDE 的左侧打开 Project 窗格并从下拉菜单中选择 Project 视图。

2. 导航到您的模块 > src，右键点击 main ⽬录，然后选择 New > Directory。

/** Copyright (C) 2010 The Android Open Source Project** Licensed under the Apache License, Version 2.0 (the "License");* you may not use this file except in compliance with the License.* You may obtain a copy of the License at** /licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.**/#include <jni.h>#include <errno.h>#include <string.h>#include <unistd.h>#include <sys/resource.h>#include "android_native_app_glue.h"#include <android/log.h>#define LOGI(...) ((void)__android_log_print(ANDROID_LOG_INFO, "threaded_app", __V A_ARGS__))#define LOGE(...) ((void)__android_log_print(ANDROID_LOG_ERROR, "threaded_app", __V A_ARGS__))/* For debug builds, always enable the debug traces in this library */#ifndef NDEBUG# define LOGV(...) ((void)__android_log_print(ANDROID_LOG_VERBOSE, "threaded_app", __V A_ARGS__))#else# define LOGV(...) ((void)0)#endifstatic void free_saved_state(struct android_app* android_app) {pthread_mutex_lock(&android_app->mutex);if (android_app->savedState != NULL) {free(android_app->savedState);android_app->savedState = NULL;android_app->savedStateSize = 0;}pthread_mutex_unlock(&android_app->mutex);}int8_t android_app_read_cmd(struct android_app* android_app) {int8_t cmd;if (read(android_app->msgread, &cmd, sizeof(cmd)) == sizeof(cmd)) {switch (cmd) {case APP_CMD_SA VE_STATE:free_saved_state(android_app);break;}return cmd;} else {LOGE("No data on command pipe!");}return -1;}static void print_cur_config(struct android_app* android_app) {char lang[2], country[2];AConfiguration_getLanguage(android_app->config, lang);AConfiguration_getCountry(android_app->config, country);LOGV("Config: mcc=%d mnc=%d lang=%c%c cnt=%c%c orien=%d touch=%d dens=%d ""keys=%d nav=%d keysHid=%d navHid=%d sdk=%d size=%d long=%d ""modetype=%d modenight=%d",AConfiguration_getMcc(android_app->config),AConfiguration_getMnc(android_app->config),lang[0], lang[1], country[0], country[1],AConfiguration_getOrientation(android_app->config),AConfiguration_getTouchscreen(android_app->config),AConfiguration_getDensity(android_app->config),AConfiguration_getKeyboard(android_app->config),AConfiguration_getNavigation(android_app->config),AConfiguration_getKeysHidden(android_app->config),AConfiguration_getNavHidden(android_app->config),AConfiguration_getSdkVersion(android_app->config),AConfiguration_getScreenSize(android_app->config),AConfiguration_getScreenLong(android_app->config),AConfiguration_getUiModeType(android_app->config),AConfiguration_getUiModeNight(android_app->config));}void android_app_pre_exec_cmd(struct android_app* android_app, int8_t cmd) { switch (cmd) {case APP_CMD_INPUT_CHANGED:LOGV("APP_CMD_INPUT_CHANGED\n");pthread_mutex_lock(&android_app->mutex);if (android_app->inputQueue != NULL) {AInputQueue_detachLooper(android_app->inputQueue);}android_app->inputQueue = android_app->pendingInputQueue;if (android_app->inputQueue != NULL) {LOGV("Attaching input queue to looper");AInputQueue_attachLooper(android_app->inputQueue,android_app->looper, LOOPER_ID_INPUT, NULL,&android_app->inputPollSource);}pthread_cond_broadcast(&android_app->cond);break;case APP_CMD_INIT_WINDOW:LOGV("APP_CMD_INIT_WINDOW\n");pthread_mutex_lock(&android_app->mutex);android_app->window = android_app->pendingWindow;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);break;case APP_CMD_TERM_WINDOW:LOGV("APP_CMD_TERM_WINDOW\n");pthread_cond_broadcast(&android_app->cond);break;case APP_CMD_RESUME:case APP_CMD_START:case APP_CMD_PAUSE:case APP_CMD_STOP:LOGV("activityState=%d\n", cmd);pthread_mutex_lock(&android_app->mutex);android_app->activityState = cmd;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);break;case APP_CMD_CONFIG_CHANGED:LOGV("APP_CMD_CONFIG_CHANGED\n");AConfiguration_fromAssetManager(android_app->config,android_app->activity->assetManager);print_cur_config(android_app);break;case APP_CMD_DESTROY:LOGV("APP_CMD_DESTROY\n");android_app->destroyRequested = 1;break;}}void android_app_post_exec_cmd(struct android_app* android_app, int8_t cmd) { switch (cmd) {case APP_CMD_TERM_WINDOW:LOGV("APP_CMD_TERM_WINDOW\n");pthread_mutex_lock(&android_app->mutex);android_app->window = NULL;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);break;case APP_CMD_SA VE_STA TE:LOGV("APP_CMD_SA VE_STATE\n");android_app->stateSaved = 1;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);break;case APP_CMD_RESUME:free_saved_state(android_app);break;}}void app_dummy() {}static void android_app_destroy(struct android_app* android_app) {LOGV("android_app_destroy!");free_saved_state(android_app);pthread_mutex_lock(&android_app->mutex);if (android_app->inputQueue != NULL) {AInputQueue_detachLooper(android_app->inputQueue);}AConfiguration_delete(android_app->config);android_app->destroyed = 1;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);// Can't touch android_app object after this.}static void process_input(struct android_app* app, struct android_poll_source* source) { AInputEvent* event = NULL;int processed = 0;while (AInputQueue_getEvent(app->inputQueue, &event) >= 0) {LOGV("New input event: type=%d\n", AInputEvent_getType(event));if (AInputQueue_preDispatchEvent(app->inputQueue, event)) {continue;}int32_t handled = 0;if (app->onInputEvent != NULL) handled = app->onInputEvent(app, event);AInputQueue_finishEvent(app->inputQueue, event, handled);processed = 1;}if (processed == 0) {LOGE("Failure reading next input event: %s\n", strerror(errno));}}static void process_cmd(struct android_app* app, struct android_poll_source* source) { int8_t cmd = android_app_read_cmd(app);android_app_pre_exec_cmd(app, cmd);if (app->onAppCmd != NULL) app->onAppCmd(app, cmd);android_app_post_exec_cmd(app, cmd);static void* android_app_entry(void* param) {struct android_app* android_app = (struct android_app*)param;android_app->config = AConfiguration_new();AConfiguration_fromAssetManager(android_app->config,android_app->activity->assetManager);print_cur_config(android_app);android_app->cmdPollSource.id = LOOPER_ID_MAIN;android_app->cmdPollSource.app = android_app;android_app->cmdPollSource.process = process_cmd;android_app->inputPollSource.id = LOOPER_ID_INPUT;android_app->inputPollSource.app = android_app;android_app->inputPollSource.process = process_input;ALooper* looper = ALooper_prepare(ALOOPER_PREPARE_ALLOW_NON_CALLBACKS);ALooper_addFd(looper, android_app->msgread, LOOPER_ID_MAIN, ALOOPER_EVENT_INPUT, NULL,&android_app->cmdPollSource);android_app->looper = looper;pthread_mutex_lock(&android_app->mutex);android_app->running = 1;pthread_cond_broadcast(&android_app->cond);pthread_mutex_unlock(&android_app->mutex);android_main(android_app);android_app_destroy(android_app);return NULL;}// --------------------------------------------------------------------// Native activity interaction (called from main thread)// --------------------------------------------------------------------static struct android_app* android_app_create(ANativeActivity* activity,void* savedState, size_t savedStateSize) {struct android_app* android_app = (struct android_app*)malloc(sizeof(struct android_app));memset(android_app, 0, sizeof(struct android_app));android_app->activity = activity;pthread_mutex_init(&android_app->mutex, NULL);pthread_cond_init(&android_app->cond, NULL);if (savedState != NULL) {android_app->savedState = malloc(savedStateSize);android_app->savedStateSize = savedStateSize;memcpy(android_app->savedState, savedState, savedStateSize);}int msgpipe[2];if (pipe(msgpipe)) {LOGE("could not create pipe: %s", strerror(errno));return NULL;}android_app->msgread = msgpipe[0];android_app->msgwrite = msgpipe[1];pthread_attr_t attr;pthread_attr_init(&attr);pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);pthread_create(&android_app->thread, &attr, android_app_entry, android_app);// Wait for thread to start.pthread_mutex_lock(&android_app->mutex);while (!android_app->running) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}pthread_mutex_unlock(&android_app->mutex);return android_app;}static void android_app_write_cmd(struct android_app* android_app, int8_t cmd) { if (write(android_app->msgwrite, &cmd, sizeof(cmd)) != sizeof(cmd)) {LOGE("Failure writing android_app cmd: %s\n", strerror(errno));}}static void android_app_set_input(struct android_app* android_app, AInputQueue* inputQueue) { pthread_mutex_lock(&android_app->mutex);android_app->pendingInputQueue = inputQueue;android_app_write_cmd(android_app, APP_CMD_INPUT_CHANGED);while (android_app->inputQueue != android_app->pendingInputQueue) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}pthread_mutex_unlock(&android_app->mutex);}static void android_app_set_window(struct android_app* android_app, ANativeWindow* window) { pthread_mutex_lock(&android_app->mutex);if (android_app->pendingWindow != NULL) {android_app_write_cmd(android_app, APP_CMD_TERM_WINDOW);}android_app->pendingWindow = window;if (window != NULL) {android_app_write_cmd(android_app, APP_CMD_INIT_WINDOW);}while (android_app->window != android_app->pendingWindow) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}pthread_mutex_unlock(&android_app->mutex);static void android_app_set_activity_state(struct android_app* android_app, int8_t cmd) { pthread_mutex_lock(&android_app->mutex);android_app_write_cmd(android_app, cmd);while (android_app->activityState != cmd) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}pthread_mutex_unlock(&android_app->mutex);}static void android_app_free(struct android_app* android_app) {pthread_mutex_lock(&android_app->mutex);android_app_write_cmd(android_app, APP_CMD_DESTROY);while (!android_app->destroyed) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}pthread_mutex_unlock(&android_app->mutex);close(android_app->msgread);close(android_app->msgwrite);pthread_cond_destroy(&android_app->cond);pthread_mutex_destroy(&android_app->mutex);free(android_app);}static void onDestroy(ANativeActivity* activity) {LOGV("Destroy: %p\n", activity);android_app_free((struct android_app*)activity->instance);}static void onStart(ANativeActivity* activity) {LOGV("Start: %p\n", activity);android_app_set_activity_state((struct android_app*)activity->instance, APP_CMD_START); }static void onResume(ANativeActivity* activity) {LOGV("Resume: %p\n", activity);android_app_set_activity_state((struct android_app*)activity->instance, APP_CMD_RESUME); }static void* onSaveInstanceState(ANativeActivity* activity, size_t* outLen) {struct android_app* android_app = (struct android_app*)activity->instance;void* savedState = NULL;LOGV("SaveInstanceState: %p\n", activity);pthread_mutex_lock(&android_app->mutex);android_app->stateSaved = 0;android_app_write_cmd(android_app, APP_CMD_SA VE_STATE);while (!android_app->stateSaved) {pthread_cond_wait(&android_app->cond, &android_app->mutex);}if (android_app->savedState != NULL) {savedState = android_app->savedState;*outLen = android_app->savedStateSize;android_app->savedState = NULL;android_app->savedStateSize = 0;}pthread_mutex_unlock(&android_app->mutex);return savedState;}static void onPause(ANativeActivity* activity) {LOGV("Pause: %p\n", activity);android_app_set_activity_state((struct android_app*)activity->instance, APP_CMD_PAUSE); }static void onStop(ANativeActivity* activity) {LOGV("Stop: %p\n", activity);android_app_set_activity_state((struct android_app*)activity->instance, APP_CMD_STOP); }static void onConfigurationChanged(ANativeActivity* activity) {struct android_app* android_app = (struct android_app*)activity->instance;LOGV("ConfigurationChanged: %p\n", activity);android_app_write_cmd(android_app, APP_CMD_CONFIG_CHANGED);}static void onLowMemory(ANativeActivity* activity) {struct android_app* android_app = (struct android_app*)activity->instance;LOGV("LowMemory: %p\n", activity);android_app_write_cmd(android_app, APP_CMD_LOW_MEMORY);}static void onWindowFocusChanged(ANativeActivity* activity, int focused) {LOGV("WindowFocusChanged: %p -- %d\n", activity, focused);android_app_write_cmd((struct android_app*)activity->instance,focused ? APP_CMD_GAINED_FOCUS : APP_CMD_LOST_FOCUS);}static void onNativeWindowCreated(ANativeActivity* activity, ANativeWindow* window) { LOGV("NativeWindowCreated: %p -- %p\n", activity, window);android_app_set_window((struct android_app*)activity->instance, window);}static void onNativeWindowDestroyed(ANativeActivity* activity, ANativeWindow* window) { LOGV("NativeWindowDestroyed: %p -- %p\n", activity, window);android_app_set_window((struct android_app*)activity->instance, NULL);}static void onInputQueueCreated(ANativeActivity* activity, AInputQueue* queue) { LOGV("InputQueueCreated: %p -- %p\n", activity, queue);android_app_set_input((struct android_app*)activity->instance, queue);}static void onInputQueueDestroyed(ANativeActivity* activity, AInputQueue* queue) { LOGV("InputQueueDestroyed: %p -- %p\n", activity, queue);android_app_set_input((struct android_app*)activity->instance, NULL);}void ANativeActivity_onCreate(ANativeActivity* activity,void* savedState, size_t savedStateSize) {LOGV("Creating: %p\n", activity);activity->callbacks->onDestroy = onDestroy;activity->callbacks->onStart = onStart;activity->callbacks->onResume = onResume;activity->callbacks->onSaveInstanceState = onSaveInstanceState;activity->callbacks->onPause = onPause;activity->callbacks->onStop = onStop;activity->callbacks->onConfigurationChanged = onConfigurationChanged;activity->callbacks->onLowMemory = onLowMemory;activity->callbacks->onWindowFocusChanged = onWindowFocusChanged;activity->callbacks->onNativeWindowCreated = onNativeWindowCreated;activity->callbacks->onNativeWindowDestroyed = onNativeWindowDestroyed;activity->callbacks->onInputQueueCreated = onInputQueueCreated;activity->callbacks->onInputQueueDestroyed = onInputQueueDestroyed;activity->instance = android_app_create(activity, savedState, savedStateSize);}。

ndk-stack使⽤（分析native代码stack）简介： ndk r6 版本之后开始提供该功能。

作⽤： ndk-stack可以把不认识的内存地址信息转换成可读的信息。

⽐如，把下列内容I/DEBUG ( 31): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***I/DEBUG ( 31): Build fingerprint: 'generic/google_sdk/generic/:2.2/FRF91/43546:eng/test-keys'I/DEBUG ( 31): pid: 351, tid: 351 %gt;%gt;%gt; /data/local/ndk-tests/crasher <<<I/DEBUG ( 31): signal 11 (SIGSEGV), fault addr 0d9f00d8I/DEBUG ( 31): r0 0000af88 r1 0000a008 r2 baadf00d r3 0d9f00d8I/DEBUG ( 31): r4 00000004 r5 0000a008 r6 0000af88 r7 00013c44I/DEBUG ( 31): r8 00000000 r9 000000001000000000 fp 00000000I/DEBUG ( 31): ip 0000959c sp be956cc8 lr 00008403 pc 0000841e cpsr 60000030I/DEBUG ( 31): #00 pc 0000841e /data/local/ndk-tests/crasherI/DEBUG ( 31): #01 pc 000083fe /data/local/ndk-tests/crasherI/DEBUG ( 31): #02 pc 000083f6 /data/local/ndk-tests/crasherI/DEBUG ( 31): #03 pc 000191ac /system/lib/libc.soI/DEBUG ( 31): #04 pc 000083ea /data/local/ndk-tests/crasherI/DEBUG ( 31): #05 pc 00008458 /data/local/ndk-tests/crasherI/DEBUG ( 31): #06 pc 0000d362 /system/lib/libc.soI/DEBUG ( 31):转换成可读信息后：********** Crash dump: **********Build fingerprint: 'generic/google_sdk/generic/:2.2/FRF91/43546:eng/test-keys'pid: 351, tid: 351 >>> /data/local/ndk-tests/crasher <<<signal 11 (SIGSEGV), fault addr 0d9f00d8Stack frame #00 pc 0000841e /data/local/ndk-tests/crasher : Routine zoo in /tmp/foo/crasher/jni/zoo.c:13Stack frame #01 pc 000083fe /data/local/ndk-tests/crasher : Routine bar in /tmp/foo/crasher/jni/bar.c:5Stack frame #02 pc 000083f6 /data/local/ndk-tests/crasher : Routine my_comparison in /tmp/foo/crasher/jni/foo.c:9Stack frame #03 pc 000191ac /system/lib/libc.soStack frame #04 pc 000083ea /data/local/ndk-tests/crasher : Routine foo in /tmp/foo/crasher/jni/foo.c:14Stack frame #05 pc 00008458 /data/local/ndk-tests/crasher : Routine main in /tmp/foo/crasher/jni/main.c:19Stack frame #06 pc 0000d362 /system/lib/libc.so使⽤⽅法：前提：你的代码必须是使⽤ndk build打包出来的。

华为⼿机内核代码的编译及刷⼊教程【通过魔改华为P9AndroidKernel对抗反调试机制】0x00 写在前⾯攻防对⽴。

程序调试与反调试之间的对抗是⼀个永恒的主题。

在安卓逆向⼯程实践中，通过修改和编译安卓内核源码来对抗反调试是⼀种常见的⽅法。

但⽹上关于此类的资料⽐较少，且都是基于AOSP（即"Android 开放源代码项⽬",可以理解为原⽣安卓源码）进⾏修改，然后编译成⼆进制镜像再刷⼊Nexus 或者Pixel 等⾕歌亲⼉⼦⼿机。

但因为⾕歌的亲⼉⼦在国内没有⾏货销售渠道，市场占有率更多的是国产⼿机，⽽修改国产⼿机系统内核的教程却很少，加之部分国产⼿机的安卓内核和主线 AOSP 存在些许差异，照搬原⽣安卓代码的修改⽅法⽆法在国产⼿机上实现某些功能，甚⾄⽆法编译成功。

所以本⽂以某国产⼿机为例，通过研究其内核源码，对关键代码进⾏分析、修改，编译内核、打包成刷机镜像，对全过程予以展⽰。

0x01 常见反调试⼿段及对抗策略简介在安卓程序的开发过程中，反调试的⼿段有很多种，简单列举若⼲：(1) 检测特定进程或端⼝号。

如 IDA Pro 在对安卓应⽤进⾏调试时，需要在⼿机端启动调试程序 android_server ，该调试程序默认开启端⼝23946。

⽬标程序若发现⼿机⾥有 android_server 进程或开启了端⼝23946，⽬标程序就⾃动退出，以达到反调试的⽬的。

(2)检测某些关键⽂件的状态。

如⽬标程序在调试状态时，Linux内核会向部分系统⽂件内写⼊⼀些进程状态信息，包括但不限于向 “ /proc/⽬标程序pid/status ” 这⼀⽂件的 TracerPid 字段写⼊调试进程的 pid 。

有部分程序会检查这些字段，⽐如⽬标程序发现对应的 TracerPid 不等于 0 ，则说明⾃⼰本⾝正在被别的程序调试，⽐如：（Pid为19707的进程正在被Pid为24741的进程调试）(3)检测软件断点。

DA-05628-001_v03 | February 2011 Installation GuideDOCUMENT CHANGE HISTORYTABLE OF CONTENTS Software Requirements (1)Software Components (1)Pre-Installation Requirements (1)Installation (3)Installing Eclipse SDK (3)Installing C/C++ Development Tools (3)Installing ADT (5)Installing NVIDIA Debug Manager for Android NDK Eclipse Plugin (8)Installing Cygwin (9)Getting Started (14)Debugging Tegra Pack Samples (14)Debugging Android NDK Samples (14)Debugging your own project built outside of Eclipse (14)Troubleshooting (17)Limitations (17)Reporting Issues (17)SOFTWARE COMPONENTSThe NVIDIA Debug Manager for Android NDK Eclipse plugin expects very specific components to be installed – in order to operate as expected. Please make sure that your Android application development environment is conformant with the following components versions:④Android SDK r09(or r08)④Android NDK r4b, Android NDK r5b④Eclipse Classic 3.6.1 (Helios)④Eclipse C/C++ Development Tools 7.0.1④Android Development Tools (ADT) 9.0.0(or 8.0.1)PRE-INSTALLATION REQUIREMENTSBefore you install the NVIDIA Debug Manager for Android NDK Eclipse plugin, please make sure that the following components and environment variables are properly installed and configured:④Install the Android SDK r09 and the Android NDK r4b or NDK r5b. See/sdk/installing.html and/sdk/ndk/index.html for installation instructions.④Download SDK and NDK from /android/android-sdk_r09-windows.zip and /android/ndk/android-ndk-r5b-windows.zip ( or /android/ndk/android-ndk-r4b-windows.zip )④The NDKROOT environment variable should be set to the location of the AndroidNDK.Software Requirements You should have a Tegra 2 board connected and available to adb. This can be verified by running two commands:adb devices –this command should output at least one available device.adb shell ps –this command should output the list of processes running on the Tegra 2 board.To run adb your PATH environment variable should contain the tools subdirectory from the Android SDK.INSTALLING ECLIPSE SDK1.Download Eclipse Classic 3.6.1 (Helios) from /downloads/2.Unpack the downloaded archive by 7zip or any other compress tool.3.Start Eclipse, for instance by double-clicking eclipse.exe in the “eclipse” directorywhich is unpacked above.4.Select a workspace location.5.Verify the Eclipse version number by opening Help / About Eclipse SDK. Close thedialog.INSTALLING C/C++ DEVELOPMENT TOOLS6.Open Help / Install New Software. This shows the “Install” dialog.7.In the “Work with” dropdown list choose “Helios –/releases/helios” and wait while the list of available software is loaded.8.From the list of available software select “Programming Languages” / “C/C++Development Tools 7.0.1”.9.Press the “Next >” button. Then press the “Next >” button again and then accept thelicense agreement and press the “Finish” button.10.Wait while the software is installed and then agree to restart Eclipse by pressing“Restart Now”.11.Verify that C/C++ Development Tools 7.0.1 is installed by opening Help / AboutEclipse SDK / Installation Details. You should see C/C++ Development Tools 7.0.1 in the list of installed software. Close the “Eclipse SDK Installation Details” dialog and then the “About Eclipse SDK” dialog.INSTALLING ADTADT needs be installed according to /sdk/eclipse-adt.html12.Open Help / Install New Software and press the “Add” button.13.Type in “ADT” into the “Name” field and “https://dl-/android/eclipse/” into “Location” and press “Ok”.Note: if the version 9.0.0 and 8.0.1 are not available on this site, you can download an archive zip at:/android/ADT-9.0.0.zip or/android/ADT-8.0.1.zipP ress “Archive…” and enter the proper path of ADT-x.0.0.zip when “Add Repository”14.Open the “Developer Tools” folder in the available software list and select “AndroidDDMS” and “Android Development Tools”.15.Press Next, then Next again, then read and accept End User License Agreement andpress the “Finish” button.16.Press the “Ok” button on the security warning claiming that you are installingunsigned content. Wait for installation to complete, then agree to restart Eclipse by pressing “Restart Now”.17.After Eclipse restarts open “Window” / “Preferences”, select “Android” on the left.Enter the correct Android SDK location on the right and press “Ok”.18.Verify that ADT 9.0.0 is installed by opening Help / About Eclipse SDK / InstallationDetails. You should see “Android DDMS 9.0.0” , “Android Development Tools9.0.0” and “Android Hierarchy Viewer 9.0.0”in the list of installed software. Closethe “Eclipse SDK Installation Details” dialog and then the “About Eclipse SDK”dialog.INSTALLING NVIDIA DEBUG MANAGER FOR ANDROID NDK ECLIPSE PLUGIN19.Open Help / Install New Software and press the “Add” button.20.Press “Archive” and enter the location of the supplied update site archive (zip file).Then press “Ok”.21.Open the “Developer Tools” folder in the available software list and select “NVIDIADebug Manager for Android NDK”.22.Press Next, then Next again, then read and accept the End User License Agreementand press “Finish”.23.Press “Ok” button on the security warning claiming that you are installing unsignedcontent. Wait for installation to complete, then agree to restart Eclipse by pressing “Restart Now”.INSTALLING CYGWIN24.Install Cygwin and make sure Python 2.6 and Ncurses are selected to be installed.25.Add $CYGWIN_HOME/bin to your PATH environment variable.26.In Eclipse, select the menu item “Window->Preferences”, select “C/C++ -> Debug ->Common Source Lookup Path”, click “Add” and select “Path Mapping”.Under “Compilation path”, type “\cygdrive\c” and under “Local file system path”,select “C:”. This ensures that gdb and Eclipse are on the same p age with regards to source code. If your source code resides on other drives than C:, please add thosedrives too in a similar manner. The installation now is complete.DEBUGGING TEGRA PACK SAMPLESTo debug Tegra sample projects, simply import the project into eclipse, build the project, and then right click the project -> Debug as -> Android NDK application, the debug configuration will be properly created and you can start debugging. DEBUGGING ANDROID NDK SAMPLESTo debug Android NDK sample projects, you need to create Android project from existing source, convert it to C/C++ project (refer “Tegra Android Setup Guide”which can be downloaded from /tegra/downloads for details) and then start debugging.DEBUGGING YOUR OWN PROJECT BUILT OUTSIDE OF ECLIPSEAPK projects built using build systems other than Eclipse (such as those built using command-line ndk-build and Java “ant”) must be imported into Eclipse in order to debug them via NVDM. Generally, the process is analogous to that for setting up a debugging project for the Android NDK samples: importing the Android Java/APK project into Eclipse from existing source and then converting to a C/C++ project.Note that Eclipse C/C++ projects include a C/C++ build command. Since yourcustom-built application does not use Eclipse’s build system, you may need to set the C/C++ build command to be custom (and set it to be blank). Failing to do so willcause Eclipse to run “make” on your project directory, which is likely to fail. Finally, NVDM’s default search paths for native code symbols may not match your application’s custom build tree. This can cause missed breakpoints. In t his case, you may need to set the shared library search path manually after you create the debug configuration, before launching your first debugging session.LIMITATIONSMissing BreakpointsThe current version of the plugin may be missing breakpoint in native code executed before GDB is attached. We recommend that the developer wanting to debug native code that could be executed during this transient period add a while(i) with int i would be initialized to a non-zero value, and changing the i to zero once GDB is attached, in order to resume the debugging session and hit the breakpoint. REPORTING ISSUESIn case of problems working with the NVIDIA Debug Manager for Android NDK plugin the following information might be helpful to provide with a bug report:④Exact versions of Android SDK and Android NDK.④Exact versions of installed Eclipse software (From Eclipse it is easy to obtain thisinformation from “Help” / “About Eclipse SDK” / “Installation Details” /“Configuration”.④Eclipse error log which resides in $workspace_location/.metadata/.log, where$workspace_location is the location of your Eclipse workspace.④Android console output.④General description what the problem is and how to reproduce the problem.and post the issue to the following Tegra Android Development support forum with a subject line referring to the Debug Manager plugin:/tegra/forums/tegra-forums/android-development NoticeALL NVIDIA DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESSED, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY, AND FITNESS FORA PARTICULAR PURPOSE.Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication of otherwise under any patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all other information previously supplied. NVIDIA Corporation products are not authorized as critical components in life support devices or systems without express written approval of NVIDIA Corporation.TrademarksNVIDIA, the NVIDIA logo, and <add all the other product names listed in this document> are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries. Other company and product names may be trademarks of the respective companies with which they are associated.Copyright© 2010 NVIDIA Corporation. All rights reserved.。

android native原理Android Native，也就是使用C/C++语言编写的Android应用程序，相对于Java/Kotlin等高级语言，具有更高的执行效率和更好的性能。

在Android系统中，Native应用程序通过使用Android NDK（Native Development Kit）来编译和运行C/C++代码。

NDK提供了一系列的工具和库，使得开发者可以使用C/C++语言编写Android应用程序的核心逻辑。

Android Native应用程序的原理包括以下几个方面：1. JNI（Java Native Interface）JNI是Java平台上的本地接口，它允许Java代码与其他语言编写的代码进行交互。

在Android Native应用程序中，JNI用于将Java代码和C/C++代码进行连接和通信。

JNI在Android应用程序中实现了一个Java虚拟机（JVM），这个虚拟机可以运行Java代码，同时也可以通过JNI调用C/C++代码。

2. Native ActivityNative Activity是Android系统提供的一个组件，它允许开发者使用C/C++代码实现Android应用程序的界面和逻辑。

Native Activity通过使用JNI来与Java 代码进行交互，从而实现与Android系统的集成。

3. Native ServiceNative Service是Android系统提供的一个服务组件，它允许开发者使用C/C++代码实现后台运行的服务。

Native Service可以与Java代码进行交互，同时也可以独立于Java应用程序运行。

4. Native LibraryNative Library是使用C/C++语言编写的一组函数库，它们可以被Java代码通过JNI调用。

在Android Native应用程序中，Native Library通常用于实现核心算法和性能敏感的代码。

androidCTS测试FAIL项解决集锦/z_guijin/article/details/161136491、直接设置问题estUnknownSour cesOffByDefaul t failjunit.framework.AssertionFailedError: Deviceshould not ship with 'Unknown Sources' enabled by default.expected:<0> butwas:<1> atandroid.provider.cts.Settings_SecureTest.testUnkno wnSourcesOffByDefault(Settings_SecureTest.java:183)这种fail最好解决，直接按照字面理解就OK，设置---安全---默认关闭：未知来源。

2、permission-- testSenso rFeatures failjunit.framework.AssertionFailedError:PackageManager#hasSys temFeature(android.hardware.sensor.accelerometer)returns true but SensorManager#getSensorList(1) shows sensors []expected:<true> butwas:<false> atandroid.app.cts.SystemFeaturesTest.assertFeatureForSenso r(SystemFeaturesTest.java:300)一般情况修改 - > frameworks/base/data/etc/*.xml 文件，例如android.hardware.camera.xml,platform.xml等文件，这边的文件定义了设备具有的一些权限。

VSCode搭建ReactNative环境安装 React Native Tools在插件市场搜索 react 找到 React Native Tools 进⾏安装：创建的react-native的⼯程拖⼊vscode中点击F5即可运⾏react-native此时可能出现如下界⾯，这是因为没有配置运⾏⽂件在debug 页⾯，点击如下位置，添加configurations然后点击添加配置，选择debug android此时点击F5,则可出现如下界⾯，表⽰ react-native以运⾏起来此时发现断点⽆法⽣效，且log的信息感觉特别难看，和使⽤chrome⽐起来更难⽤。

进⾏断点调试在模拟器界⾯，按 Ctrl + m，打开js调试（点击 Debug JS Remotely）再看控制台，就⽤ console.log 的⽇志内容了此时进⾏断点也是⽣效的了。

打开安卓模拟器在as⾥创建安卓模拟器过程就不说了，使⽤as打开模拟器⽆疑是最简单的⽅式，但是vs + as + 模拟器，电脑受不了啊，所以这⾥有两种不开as打开模拟器的⽅式：在Android\SDK\emulator新建⼀个bat⽂件，内容如下，Nexus_5X_API_28 是模拟器的名字（在avd⽬录可查看名字），然后运⾏此bat⽂件就 ok啦。

emulator.exe -netdelay none -netspeed full -avd Nexus_5X_API_28如果安装过flutter的环境，且vs也进⾏了相关配置，可以直接使⽤vs打开模拟器，进⼊flutter的⼯程中，点击右下⾓的 No Devices 选择想要打开的模拟器即可：使⽤bat打开模拟器的⽅式有时会使react-native的找不到设备，此时是⽤as打开或使⽤flutter的⽅式打开就没这个问题了，在或者清除下模拟器的数据。

记录⼀些奇葩的错误出现如下错误：⽆法进⾏调试。

执⾏命令 react-native.cmd run-android --no-packager 时出错: 执⾏命令 react-native.cmd run-android --no-packager 时出错 (error code 101)可能原因：1. 查找不到模拟器了，我试了下重启模拟器就没问题了。