一、linker
1.源码位置
Andorid2.3/bionic/linker/arch/arm/begin.S
Andorid2.3/bionic/linker/linker.c
Andorid2.3/bionic/linker/debugger.c
2.调用逻辑2.1、Andorid2.3/bionic/linker/arch/arm/begin.S
.text
.align 4
.type _start,#function
.globl _start
_start:
mov r0, sp
mov r1, #0
bl __linker_init /*启动部分*/
/* linker init returns the _entry address in the main image */
mov pc, r0
.section .ctors, "wa"
.globl __CTOR_LIST__
__CTOR_LIST__:
.long -12.2、Andorid2.3/bionic/linker/linker.c
unsigned __linker_init(unsigned **elfdata)
{
debugger_init();
}
2.3、Andorid2.3/bionic/linker/debugger.c
void debugger_init()
{
signal(SIGILL, debugger_signal_handler); //#define SIGILL 4
signal(SIGABRT, debugger_signal_handler); //#define SIGABRT 6
signal(SIGBUS, debugger_signal_handler); //#define SIGBUS 7
signal(SIGFPE, debugger_signal_handler); //#define SIGFPE 8
signal(SIGSEGV, debugger_signal_handler); //#define SIGSEGV 11
signal(SIGSTKFLT, debugger_signal_handler); //#define SIGSTKFLT 16
signal(SIGPIPE, debugger_signal_handler); //#define SIGPIPE 13
//add by tank bionic/libc/kernel/arch-arm/asm/signal.h
signal(1, debugger_signal_handler);
signal(2, debugger_signal_handler);
signal(3, debugger_signal_handler);
signal(5, debugger_signal_handler);
signal(9, debugger_signal_handler);
signal(10, debugger_signal_handler);
signal(12, debugger_signal_handler);
signal(14, debugger_signal_handler);
signal(15, debugger_signal_handler);
signal(17, debugger_signal_handler);
signal(18, debugger_signal_handler);
signal(19, debugger_signal_handler);
signal(20, debugger_signal_handler);
signal(21, debugger_signal_handler);
signal(22, debugger_signal_handler);
signal(23, debugger_signal_handler);
signal(24, debugger_signal_handler);
signal(25, debugger_signal_handler);
signal(26, debugger_signal_handler);
signal(27, debugger_signal_handler);
signal(28, debugger_signal_handler);
signal(29, debugger_signal_handler);
signal(30, debugger_signal_handler);
signal(31, debugger_signal_handler);
signal(32, debugger_signal_handler);
//end tank
}
void debugger_signal_handler(int n)
{
......
s = socket_abstract_client("android:debuggerd", SOCK_STREAM); //客户端发送
......
}
linker添加打印信息方法,可以参考网友blog:如何让android的bionic中的linker输出调试信息
二、debuggerd
1.源码位置
Andorid2.3/system/core/debuggerd/debuggerd.c
2.调用逻辑
int main()
{
s = socket_local_server("android:debuggerd", ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
for(;;) {
struct sockaddr addr;
socklen_t alen;
int fd;
alen = sizeof(addr);
fd = accept(s, &addr, &alen);
if(fd < 0) continue;
fcntl(fd, F_SETFD, FD_CLOEXEC);
LOG("TK-------->>>>/system/core/debuggerd/>>>>main\n");
handle_crashing_process(fd);
}
}
static void handle_crashing_process(int fd)
{
LOG("TK------->>>>>>/system/core/debuggerd>>handle_crashing_process\n");
tid_attach_status = ptrace(PTRACE_ATTACH, tid, 0, 0); //ptrace是关键
need_cleanup = engrave_tombstone(cr.pid, tid, debug_uid, n); //打印堆栈信息
}
static bool engrave_tombstone(unsigned pid, unsigned tid, int debug_uid,
int signal)
{
dump_crash_banner(fd, pid, tid, signal); //打印进程号
dump_crash_report(fd, pid, tid, true); //打印最后的堆栈信息
}