-
-
Save zysyyz/adb4a5be69f786c631350f69a5a95d5f to your computer and use it in GitHub Desktop.
Attaching to fast loading JNI/native code from an Android app without debugging the Dalvik code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The original issue was that some applications (ex. packers) launch the JNI/native code too fast for a person to attach an IDA Pro instance to the process. The original solution was wrapping the jni code with your own "surrogate" application so you could load it slower. | |
| New process is to launch the Android/Dalvik activity with the debugger flag; | |
| #am -D com.strazzere.different / .MainActivity | |
| Which will cause the "Waiting for debugger..." mode to start. This starts the process, allowing you to attach IDA Pro to the process for the native code. | |
| Next attach a jdwp debugger and continue; | |
| jdb -connect com.sun.jdi.SocketAttach: hostname = 127.0.0.1, port = 8700 | |
| Drop the jdb conneciton and let the Android application run as it normal would. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment