一般都是调试system_process进程，同时也是as显示的唯一系统进程，而我就是想调试下zygote进程，结果折腾好久(用as源码调试）。我这里是修改源码在zygote fork进程的时候主动等待调试器。
系统版本4.4.4，修改的文件是：

/home/haidragon/Desktop/android/libcore/dalvik/src/main/java/dalvik/system/Zygote.java

......................................
    public static boolean systemInSafeMode = false;

    private Zygote() {}
//-----------------------haidragon-----------------------//
     private static volatile boolean mWaiting = false;
    public static boolean isDebuggerConnected() {
        return VMDebug.isDebuggerConnected();
    }
    public static void waitForDebugger() {
        if (!VMDebug.isDebuggingEnabled()) {
            //System.out.println("debugging not enabled, not waiting");
            return;
        }
        if (isDebuggerConnected())
            return;

        // if DDMS is listening, inform them of our plight
        System.out.println("Sending WAIT chunk");
        //byte[] data = new byte[] { 0 };     // 0 == "waiting for debugger"
        //Chunk waitChunk = new Chunk(ChunkHandler.type("WAIT"), data, 0, 1);
        //DdmServer.sendChunk(waitChunk);

        mWaiting = true;
        while (!isDebuggerConnected()) {
            try { Thread.sleep(200); }
            catch (InterruptedException ie) {}
        }
        mWaiting = false;

        System.out.println("Debugger has connected");

        /*
         * There is no "ready to go" signal from the debugger, and we‘re
         * not allowed to suspend ourselves -- the debugger expects us to
         * be running happily, and gets confused if we aren‘t.  We need to
         * allow the debugger a chance to set breakpoints before we start
         * running again.
         *
         * Sit and spin until the debugger has been idle for a short while.
         */
        while (true) {
            long delta = VMDebug.lastDebuggerActivity();
            if (delta < 0) {
                System.out.println("debugger detached?");
                break;
            }

            if (delta < 1300) {
                System.out.println("waiting for debugger to settle...");
                try { Thread.sleep(200); }
                catch (InterruptedException ie) {}
            } else {
                System.out.println("debugger has settled ("   delta   ")");
                break;
            }
        }
    }
//-----------------------haidragon-----------------------//
    private static int i=0;
    private static void preFork() {
        i  ;
        if(i>3){
       waitForDebugger();
    }
        Daemons.stop();
        waitUntilAllThreadsStopped();
    }
        ......................................

因为这里是不能用android.os.Debug.waitForDebugger()的，因为没有android.os.debug包。
但是我们可以去看这个实现。发现在4.4.4中它实现就是在 ‘/home/haidragon/Desktop/android/libcore/dalvik/src/main/java/dalvik/system/VMDebug.java‘ 内。通过‘/home/haidragon/Desktop/android/frameworks/base/core/java/android/os/Debug.java‘ 这个类调用的。

其它系统不一样我看了5系统以上dalvik/system目录的东西移动到art的runtime里面去了。
到这里我们重新生成system.img刷入手机。他就会创建三个进程后等待调试器连接。

手机就会一直卡死在那。

然后就是找不到zygote进程，我进手机里看端口附加也没用。原因应该是zygote本身是一个cpp层的执行程序吧（app_process)先写这里。后面还是用 gdb/gdbserver 附加方式调试吧。我这是折腾下as。