https://stackoverflow.com/questions/5314036/how-to-use-addr2line-in-android
Native crash异常,能定位到代码哪个地方报错吗 #18
arm-linux-androideabi-addr2line –e obj/local/armeabi/libhello-jni.so 00004de8 000056c8 00004fb4 00004f58
#这一步就该addr2line出场了。我们从backstrace中拿到了出错时的指令地址,它对应我们程序中某个函数的某行操作。我们需要addr2line将对应文件和对应行数打出来。这个命令的格式是 addr2line -e exefile addr
#在NDK中找到对应的addr2line命令,testapp程序文件取出来,执行命令
[root@localhost]# /opt/android_tools/android-ndk-r20/toolchains/llvm/prebuilt/linux-x86_64/bin/arm-linux-androideabi-addr2line -f -e testapp 000a3f10
testGetEntryById
/home/***/***/***/test.c:220
real command:
$ Sdk/ndk-bundle/toolchains/llvm/prebuilt/windows-x86_64/bin/x86_64-linux-android-addr2line.exe -f -e ~/git/demo/xCrash/src/native/libxcrash/obj/local/x86_64/libxcrash.so 000000000000c2df
xc_test_call_4
git/demo/xCrash/src/native/libxcrash/jni/xc_test.c:64
https://developer.android.com/ndk/guides/ndk-stack?hl=zh-cn
https://help.aliyun.com/knowledge_detail/70180.html
adb shell logcat | ndk-stack -sym $PROJECT_PATH/obj/local/armeabi
//需要-sym指定的目录中存在包含符号的so,系统system/lib下的so默认被strip导致没有符号
ndk-stack -sym ./workspace2/testNdkStack/obj/local/armeabi-v7a/ -dump ./logcat.log > result.log
在result.log中可以分析定位到出现该crash的对应代码文件和具体行数
real command:
git\demo\xCrash\src\native\libxcrash\obj\local>ndk-stack -sym ./x86_64 -dump Desktop\nativeCrash\generate\tombstone_00001584779373143460_1.2.3-beta456-patch789__xcrash.sample.native.xcrash > result.txt
为了进一步定位问题,我们需要将出错函数的汇编取到,这就用到了objdump工具。我们使用objdump将testapp反汇编重定向到文件中。然后查看对应函数的汇编代码。
https://github.com/iqiyi/xHook/blob/master/docs/overview/android_plt_hook_overview.zh-CN.md
https://helpmanual.io/help/objdump/
caikelun@debian:~$ arm-linux-androideabi-objdump -D ./libtest.so
...............
...............
00000f60 <say_hello@@Base>:
f60: b5b0 push {r4, r5, r7, lr}
f62: af02 add r7, sp, #8
f64: f44f 6080 mov.w r0, #1024 ; 0x400
f68: f7ff ef34 blx dd4 <malloc@plt>
f6c: 4604 mov r4, r0
f6e: b16c cbz r4, f8c <say_hello@@Base+0x2c>
f70: a507 add r5, pc, #28 ; (adr r5, f90 <say_hello@@Base+0x30>)
f72: a308 add r3, pc, #32 ; (adr r3, f94 <say_hello@@Base+0x34>)
f74: 4620 mov r0, r4
f76: f44f 6180 mov.w r1, #1024 ; 0x400
f7a: 462a mov r2, r5
f7c: f7ff ef30 blx de0 <snprintf@plt>
f80: 4628 mov r0, r5
f82: 4621 mov r1, r4
f84: e8bd 40b0 ldmia.w sp!, {r4, r5, r7, lr}
f88: f001 ba96 b.w 24b8 <_Unwind_GetTextRelBase@@Base+0x8>
f8c: bdb0 pop {r4, r5, r7, pc}
f8e: bf00 nop
f90: 7325 strb r5, [r4, #12]
f92: 0000 movs r0, r0
f94: 6568 str r0, [r5, #84] ; 0x54
f96: 6c6c ldr r4, [r5, #68] ; 0x44
f98: 0a6f lsrs r7, r5, #9
f9a: 0000 movs r0, r0
...............
real command(windows):
$ Sdk/ndk-bundle/toolchains/llvm/prebuilt/windows-x86_64/bin/x86_64-linux-android-objdump.exe -D ~/git/demo/xCrash/src/native/libxcrash/obj/local/x86_64/libxcrash.so > libxcrash_objdump.log
real command(mac):
/Users/qianpianpian/Library/Android/sdk/ndk/21.1.6352462/toolchains/llvm/prebuilt/darwin-x86_64/bin
(objdump文件位置也可以通过本命令查找:find ~/Library/Android/sdk -name "*objdump*")
bin % ./x86_64-linux-android-objdump -m i386 -D ~/backup/20200818/libart.so > ~/backup/20200818/libart_objdump.log
so来源于三星生产设备,直接adb pull system/lib/libart.so下来进行分析
首先-h查看file format为elf32-little
然后-i查看支持的cpu架构信息找到如下
elf32-little (header little endian, data little endian) i386 l1om k1om iamcu plugin
最后增加-m i386 在-D前面ok