Android GDB调试system_server记录

最新推荐文章于 2026-06-16 14:34:41 发布

原创最新推荐文章于 2026-06-16 14:34:41 发布 · 1.8k 阅读

8 ·

本内容遵循CC 4.0 BY-SA版权协议

android 同时被 2 个专栏收录

18 篇文章

订阅专栏

编程基础

2 篇文章

订阅专栏

本文详细介绍了在Android系统上使用gdbserver和gdb调试system_server进程的方法，包括获取进程ID，配置监听端口，设置工程路径和符号路径，以及连接设备进行调试的过程。

这边直接在window 系统上的Android SDK环境上调试，Ubuntu系统也类似，使用中有一些目录的差异。被调试的设备已经root.

设备端：

1.首先确认要调试进程的号：

这边准备使用使用 system_server 进程

rk3399:/ # pidof system_server
442

2.使用gdbserver attach要调试的进程：

1|rk3399:/ # gdbserver64  --help
Usage:  gdbserver [OPTIONS] COMM PROG [ARGS ...]
        gdbserver [OPTIONS] --attach COMM PID
        gdbserver [OPTIONS] --multi COMM

COMM may either be a tty device (for serial debugging),
HOST:PORT to listen for a TCP connection, or '-' or 'stdio' to use
stdin/stdout of gdbserver.
PROG is the executable program.  ARGS are arguments passed to inferior.
PID is the process ID to attach to, when --attach is specified.

Operating modes:

  --attach              Attach to running process PID.
  --multi               Start server without a specific program, and
                        only quit when explicitly commanded.
  --once                Exit after the first connection has closed.
  --help                Print this message and then exit.
  --version             Display version information and exit.

Other options:

  --wrapper WRAPPER --  Run WRAPPER to start new programs.
  --disable-randomization
                        Run PROG with address space randomization disabled.
  --no-disable-randomization
                        Don't disable address space randomization when
                        starting PROG.

Debug options:

  --debug               Enable general debugging output.
  --debug-format=opt1[,opt2,...]
                        Specify extra content in debugging output.
                          Options:
                            all
                            none
                            timestamp
  --remote-debug        Enable remote protocol debugging output.
  --disable-packet=opt1[,opt2,...]
                        Disable support for RSP packets or features.
                          Options:
                            vCont, Tthread, qC, qfThreadInfo and
                            threads (disable all threading packets).

For more information, consult the GDB manual (available as on-line
info or a printed manual).
Report bugs to "<http://www.gnu.org/software/gdb/bugs/>".

rk3399:/ # gdbserver64 :22335 --attach 442
Attached; pid = 442
Listening on port 22335

这边使用22335做为监听端口，在本机调试，格式：HOST:PORT

pc端

1.端口转发配置：

adb forward tcp:22335 tcp:22335

2.打开一个cmd窗口，进入Android SDK的ndk-bundle\prebuilt\windows-x86_64\bin目录，直接执行gdb：

{lamb} gdb
GNU gdb (GDB) 7.11
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-w64-mingw32".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb)

3.查看及配置相关的环境变量：

通过directory 配置工程路径，set sysroot 配置带symbol的so路径，这样在调试中可以定位源码位置。

(gdb)  show directories
Source directories searched: $cdir;$cwd

(gdb) directory $cdir;$cwd;M:\\3399\\Oreo
Source directories searched: $cdir;$cwd;M:\3399\Oreo

(gdb) set sysroot M:\3399\Oreo\out\target\product\rk3399\symbols

4.接下来使用 target remote (Use a remote computer via a serial line) 命令连接被调试设备

(gdb) target remote :22335
Remote debugging using :22335
warning: A handler for the OS ABI "Cygwin" is not built into this configuration
of GDB.  Attempting to continue with the default aarch64 settings.

好了，设备已正常连接，相关so符号及源码路径已关联，可以进行调试了。下面是一些命令的执行情况：

(gdb) info thread
  Id   Target Id         Frame
* 1    Thread 442.442 "system_server" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  2    Thread 442.447 "Signal Catcher" __rt_sigtimedwait () at bionic/libc/arch-arm64/syscalls/__rt_sigtimedwait.S:9
  3    Thread 442.448 "JDWP" recvmsg () at bionic/libc/arch-arm64/syscalls/recvmsg.S:7
  4    Thread 442.449 "ReferenceQueueD" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  5    Thread 442.450 "FinalizerDaemon" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  6    Thread 442.451 "FinalizerWatchd" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  7    Thread 442.452 "HeapTaskDaemon" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  8    Thread 442.455 "Binder:442_1" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  9    Thread 442.456 "Binder:442_2" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  10   Thread 442.458 "android.bg" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  11   Thread 442.459 "ActivityManager" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  12   Thread 442.460 "android.ui" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  13   Thread 442.461 "ActivityManager" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  14   Thread 442.462 "batterystats-wo" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  15   Thread 442.463 "FileObserver" read () at bionic/libc/arch-arm64/syscalls/read.S:7
  16   Thread 442.464 "android.fg" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  17   Thread 442.465 "android.io" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  18   Thread 442.466 "android.display" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  19   Thread 442.467 "CpuTracker" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  20   Thread 442.468 "PowerManagerSer" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  21   Thread 442.469 "system_server" read () at bionic/libc/arch-arm64/syscalls/read.S:9
  22   Thread 442.470 "BatteryStats_wa" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  23   Thread 442.471 "PackageManager" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  24   Thread 442.492 "PackageInstalle" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  25   Thread 442.495 "android.anim" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  26   Thread 442.499 "SensorEventAckR" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  27   Thread 442.500 "SensorService" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  28   Thread 442.506 "AccountManagerS" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  29   Thread 442.507 "SettingsProvide" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  30   Thread 442.508 "AlarmManager" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  31   Thread 442.509 "UEventObserver" __ppoll () at bionic/libc/arch-arm64/syscalls/__ppoll.S:7
  32   Thread 442.519 "HwBinder:442_1" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  33   Thread 442.520 "HwBinder:442_2" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  34   Thread 442.521 "InputDispatcher" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  35   Thread 442.522 "InputReader" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  36   Thread 442.524 "StorageManagerS" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  37   Thread 442.525 "VoldConnector" recvmsg () at bionic/libc/arch-arm64/syscalls/recvmsg.S:7
  38   Thread 442.526 "CryptdConnector" recvmsg () at bionic/libc/arch-arm64/syscalls/recvmsg.S:7
  39   Thread 442.527 "NetdConnector" recvmsg () at bionic/libc/arch-arm64/syscalls/recvmsg.S:7
  40   Thread 442.528 "NetworkStats" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  41   Thread 442.529 "NetworkPolicy" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  42   Thread 442.530 "tworkPolicy.uid" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  43   Thread 442.531 "WifiService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  44   Thread 442.532 "WifiStateMachin" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  45   Thread 442.533 "IpManager.wlan0" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  46   Thread 442.535 "WifiScanningSer" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  47   Thread 442.536 "WifiRttService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
---Type <return> to continue, or q <return> to quit---
  48   Thread 442.537 "WifiP2pService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  49   Thread 442.538 "ConnectivitySer" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  50   Thread 442.539 "roid.pacmanager" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  51   Thread 442.540 "NsdService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  52   Thread 442.541 "mDnsConnector" recvmsg () at bionic/libc/arch-arm64/syscalls/recvmsg.S:7
  53   Thread 442.542 "notification-sq" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  54   Thread 442.543 "ranker" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  55   Thread 442.544 "onProviders.ECP" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  56   Thread 442.545 "DeviceStorageMo" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  57   Thread 442.546 "AudioService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  58   Thread 442.548 "ConnectivityThr" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  59   Thread 442.549 "GraphicsStats-d" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  60   Thread 442.550 "CameraService_p" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  61   Thread 442.551 "SyncHandler-0" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  62   Thread 442.552 "EthernetService" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  63   Thread 442.555 "TaskSnapshotPer" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  64   Thread 442.559 "LazyTaskWriterT" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  65   Thread 442.561 "PhotonicModulat" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  66   Thread 442.596 "UsbService host" read () at bionic/libc/arch-arm64/syscalls/read.S:7
  67   Thread 442.597 "Thread-7" __accept4 () at bionic/libc/arch-arm64/syscalls/__accept4.S:7
  68   Thread 442.598 "Binder:442_3" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  69   Thread 442.599 "Binder:442_4" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  70   Thread 442.614 "SoundPool" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  71   Thread 442.615 "SoundPoolThread" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  72   Thread 442.625 "Binder:442_5" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  73   Thread 442.655 "Binder:442_6" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  74   Thread 442.665 "NetworkStatsObs" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  75   Thread 442.709 "watchdog" syscall () at bionic/libc/arch-arm64/bionic/syscall.S:41
  76   Thread 442.737 "NetworkTimeUpda" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  77   Thread 442.756 "HwBinder:442_3" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  78   Thread 442.764 "Binder:442_7" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  79   Thread 442.846 "BluetoothRouteM" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  80   Thread 442.860 "uteStateMachine" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  81   Thread 442.861 "CallAudioModeSt" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  82   Thread 442.887 "Binder:442_8" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  83   Thread 442.894 "queued-work-loo" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  84   Thread 442.940 "backup" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  85   Thread 442.1010 "Binder:442_9" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  86   Thread 442.1011 "Binder:442_A" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  87   Thread 442.1232 "AsyncQueryWorke" __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
  88   Thread 442.1286 "Binder:442_B" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  89   Thread 442.1293 "Binder:442_C" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7
  90   Thread 442.1614 "Binder:442_D" __ioctl () at bionic/libc/arch-arm64/syscalls/__ioctl.S:7

(gdb) thread
[Current thread is 1 (Thread 442.442)]

(gdb) bt
#0  __epoll_pwait () at bionic/libc/arch-arm64/syscalls/__epoll_pwait.S:9
#1  0x0000007799de83bc in epoll_pwait (fd=-4, events=0x7fec5c96f8, max_events=16, timeout=29924, ss=<optimized out>) at bionic/libc/bionic/epoll_pwait.cpp:42
#2  0x0000007798c2fd4c in android::Looper::pollInner (this=0x77164cc460, timeoutMillis=29924) at system/core/libutils/Looper.cpp:242
#3  0x0000007798c2fc2c in android::Looper::pollOnce (this=0x77164cc460, timeoutMillis=29924, outFd=0x0, outEvents=0x0, outData=0x0) at system/core/libutils/Looper.cpp:210
#4  0x000000779a6f3544 in android::Looper::pollOnce (this=0xfffffffffffffffc, timeoutMillis=<optimized out>) at system/core/libutils/include/utils/Looper.h:265
#5  android::NativeMessageQueue::pollOnce (this=0x7716497480, env=0x77164cc1c0, pollObj=<optimized out>, timeoutMillis=<optimized out>) at frameworks/base/core/jni/android_os_MessageQueue.cpp:110
#6  android::android_os_MessageQueue_nativePollOnce (env=0x77164cc1c0, obj=<optimized out>, ptr=511475020928, timeoutMillis=-329476360) at frameworks/base/core/jni/android_os_MessageQueue.cpp:191
#7  0x0000000072245a20 in android.app.NativeActivity.onWindowFocusChangedNative [DEDUPED] () from M:\3399\Oreo_78\out\target\product\rk3399\symbols/system/framework/arm64/boot-framework.oat
#8  0x00000000729c8b84 in android.os.MessageQueue.next () from M:\3399\Oreo_78\out\target\product\rk3399\symbols/system/framework/arm64/boot-framework.oat
#9  0x00000000729c2a58 in android.os.Looper.loop () from M:\3399\Oreo_78\out\target\product\rk3399\symbols/system/framework/arm64/boot-framework.oat
#10 0x00000077162cbe50 in art_quick_invoke_static_stub () at art/runtime/arch/arm64/quick_entrypoints_arm64.S:1814
#11 0x0000007715e5d5d4 in art::ArtMethod::Invoke (this=0x70ac36d8, self=0x77164bea00, args=0x7fec5c9d0c, args_size=0, result=0x7fec5c9e90, shorty=0x77145c17fd "V") at art/runtime/art_method.cc:369
#12 0x000000771601c4a0 in art::interpreter::ArtInterpreterToCompiledCodeBridge (self=0x77164bea00, caller=<optimized out>, shadow_frame=<optimized out>, arg_offset=<optimized out>,
    result=0x7fec5c9e90) at art/runtime/interpreter/interpreter_common.cc:516
#13 0x0000007716016a94 in art::PerformCall (self=0x77164bea00, caller_method=<optimized out>, first_dest_reg=<optimized out>, result=0x7fec5c9e90, code_item=<optimized out>,
    callee_frame=<optimized out>, use_interpreter_entrypoint=<optimized out>) at art/runtime/common_dex_operations.h:56
#14 art::interpreter::DoCallCommon<false, false> (called_method=<optimized out>, self=<optimized out>, shadow_frame=..., result=<optimized out>, number_of_inputs=<optimized out>, arg=...,
    vregC=<optimized out>) at art/runtime/interpreter/interpreter_common.cc:1124
#15 art::interpreter::DoCall<false, false> (called_method=<optimized out>, self=0x77164bea00, shadow_frame=..., inst=<optimized out>, inst_data=<optimized out>, result=0x7fec5c9e90)
    at art/runtime/interpreter/interpreter_common.cc:1157
#16 0x00000077162b4f54 in art::interpreter::DoFastInvoke<(art::InvokeType)0> (self=0x77164bea00, shadow_frame=..., result=0x7fec5c9e90, inst=<optimized out>, inst_data=<optimized out>)
    at art/runtime/interpreter/interpreter_common.h:156
#17 MterpInvokeStatic (self=0x77164bea00, shadow_frame=0x7fec5c9f90, dex_pc_ptr=0x76fe94e520, inst_data=113) at art/runtime/interpreter/mterp/mterp.cc:205
#18 0x00000077162bda98 in artMterpAsmInstructionStart () at art/runtime/interpreter/mterp/out/mterp_arm64.S:3024
#19 0x0000007715ff6c04 in art::interpreter::Execute (self=0x77164bea00, code_item=0x76fe94e254, shadow_frame=..., result_register=..., stay_in_interpreter=<optimized out>)
    at art/runtime/interpreter/interpreter.cc:314

更多命令，可以使用help:

(gdb) help
List of classes of commands:

aliases -- Aliases of other commands
breakpoints -- Making program stop at certain points
data -- Examining data
files -- Specifying and examining files
internals -- Maintenance commands
obscure -- Obscure features
running -- Running the program
stack -- Examining the stack
status -- Status inquiries
support -- Support facilities
tracepoints -- Tracing of program execution without stopping the program
user-defined -- User-defined commands

Type "help" followed by a class name for a list of commands in that class.
Type "help all" for the list of all commands.
Type "help" followed by command name for full documentation.
Type "apropos word" to search for commands related to "word".
Command name abbreviations are allowed if unambiguous.