This article will discuss something about Android4.2 kernel debugging,i won’t tell you how to set up the environment , if you want to know how,please review this article : Android Linux内核编译调试 , but that article still contains some errors, for example , the command to open an emulator that can be debugged is as below:

After set up the environment,we can use gdb to connect to the emulator:

1.how to get sys_call_table

In kernel mode, sys call is the most important thing that can communicate with user mode, sys call table contains all the sys call’s addr. so, how could we get sys call table’s addr? I got two ways to get that addr:

  1. get sys call table’s addr by calculating the offset.
  2. read from system.map

For the first way,we can use code like below:

The system.map contains kernel function address,you can find sys_call_table’s addr in this file:

use gdb to see sys call table’s items:

Screenshot from 2016-04-12 20_53_34

2.break at sys call’s entry

In Android, r7 register contains sys call num,through instruction “svc 0” to enter kernel mode. so, if we want to debug a sys call directly, just set a breakpoint at sys call’s entry . The entry is at arch/arm/kernel/entry-common.S:

we can set a breakpoint at this instruction:

use conditional breakpoint to monitor some special sys call:

Screenshot from 2016-04-12 20_53_12

 

 

*

+
跳转到评论