smalidea是一款 IntelliJ IDEA/Android Studio的 smali 插件
Install plugin from disk選中下載好的壓縮包.apply要調試一個apk里面的dex代碼,必須滿足以下兩個條件中的任何一個:
可選方案:
個人覺得改 boot.img和二次打包比較麻煩,所以這里采用 hook 方式達到開啟所有應用調試的目的,xposed 插件代碼如下
#!java
public class Debug implements IXposedHookLoadPackage {
public boolean debugApps = true ;
public static final int DEBUG_ENABLE_DEBUGGER = 0x1;
public String tag = "IDG";
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if(lpparam.appInfo == null ||
(lpparam.appInfo.flags & (ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_UPDATED_SYSTEM_APP)) !=0){
return;
}
tag = tag + lpparam.packageName;
XposedBridge.hookAllMethods(Process.class, "start", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
int id = 5;
int flags = (Integer) param.args[id];
Log.d(tag,"flags is : "+flags);
if (debugApps) {
if ((flags & DEBUG_ENABLE_DEBUGGER) == 0) {
flags |= DEBUG_ENABLE_DEBUGGER;
}
}
param.args[id] = flags;
Log.d(tag,"flags changed : "+flags);
}
});
}
}
效果如下圖
如果遇到如下錯誤
Adb rejected connection to client
可以使用重啟 adb server 來解決
adb kill-server
adb start-server
如果調試中遇到如下錯誤,確保關閉了其他 IDE 或者 DDMS,解除端口占用
注意:IDEA 14.1及以上版本才支持單步調試
使用 baksmali 反編譯應用
baksmali myapp.apk -o ~/projects/myapp/src
轉到 IDEA 中,導入新工程,選中之前的目錄
~/projects/myapp
導入時選擇Create project from existing sources
成功導入工程后右鍵點擊 src 目錄,設定Mark Directory As->Sources Root
打開Module setting設置對應的 JDK
安裝debug應用
adb install com.zkj.guimi.apk
找到debug應用進程,啟動應用
如果不用 ddms 可以使用如下步驟:
? adb shell am start -D -W -n com.zkj.guimi/.ui.SplashScreen
? adb shell ps |grep guimi 1 ?
u0_a157 9879 242 883420 36360 ffffffff 00000000 S com.zkj.guimi
? adb forward tcp:8700 jdwp:9879
在 IDEA 配置遠程調試(Run->Edit Configurations),更改debug端口為8700
Run->Debug
Connected to the target VM, address: 'localhost:8700', transport: 'socket'
斷點觸發后就可以單步調試
http://www.kanxue.com/bbs/showthread.php?p=1338639
https://github.com/JesusFreke/smali/wiki/smalidea
https://github.com/pylerSM/XInstaller
