How to do remote debugging via gdbserver running inside the Android phone?

Presently, my phone is a Samsung Galaxy S3 GT-I9300. But in general the following steps should be applicable to any Android device.

First, download Android SDK and NDK. From SDK you can get the “adb” to connect into the phone. From NDK you can get the gdbserver in ARM binary, upload that to the phone via “adb”.

Next mount the /system as read-writeable (you need to be root first, ie, a rooted device is assumed):

mount -o rw,remount /dev/block/mmcblk0p9 /system

(the block device “/dev/block/mmcblk0p9” is specific to my device, yours may differ. Just use “mount” to see which block device the “/system” directory is mounted on. If “/system” does not appear in “mount” command, then most probably the root filesystem block device should be used.)

And then copy the gdbserver from the Android NDK into /system/bin directory.

Next, assuming the process ID of the target process is 16835, then run this inside the Android phone (MUST BE ISSUED AS “root” user again):

gdbserver :4567 --attach 16835
Attached; pid = 16835
Listening on port 4567

In another PC (which is accessible by TCP/IP from the phone, download all the ARM-based libraries from the phone and run the gdb client):

Get all the ARM libraries and the target binaries (to be debugged, and in my case, it is called “debuggerd”) from mobile phone:

adb pull /system/lib /tmp/system_lib

And run the gdb client (which is from the NDK) on the PC side (and remember to disable all firewall via “iptables -F” and “ip6tables -F” just in case they are interfering with the network transfer:

/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi-gdb /tmp/debuggerd
(gdb) set auto-solib-add on
(gdb) target remote 10.10.1.25:7892
(gdb) set solib-search-path /tmp/system_lib

Subsequent messages:

Error while mapping shared library sections:
/system/bin/linker: No such file or directory.
Symbol file not found for /system/bin/linker
Reading symbols from /tmp/system_lib/libc.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libc.so
Reading symbols from /tmp/system_lib/libstdc++.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libstdc++.so

As shown above, all the dynamic libraries files are read and recognized by the gdb client, except for “/system/bin/linker”.

(gdb) info sharedlibrary
From To Syms Read Shared Object Library
No /system/bin/linker
0x4015a0c0 0x401882d4 Yes /tmp/system_lib/libc.so
0x4019e934 0x4019ea3c Yes /tmp/system_lib/libstdc++.so
0x401a1f70 0x401b1db8 Yes /tmp/system_lib/libm.so
0x400332a0 0x4004441c Yes /tmp/system_lib/libz.so
0x400b1a00 0x401172b8 Yes /tmp/system_lib/libcrypto.so
0x4005f530 0x4007798c Yes /tmp/system_lib/libssl.so
(gdb)

After this you can issue “x /100i <addr>” to enumerate the instructions starting from <addr> running on the Android device, or “s” to single step through all the instructions. Just remember that the process is always 16835 as specified earlier.

Done.

How I found my missing network WIFI drivers.

My PC: HP Pavilion dv6 7007tx, is rather new, and so, after installing the latest Ubuntu 10.04-4 LTS, and then followed by a kernel update to the latest kernel – 3.3.0-030300-generic, the WIFI card is still not working.

lspci:

0a:00.0 Network controller: Intel Corporation Device 0887 (rev c4)

The above is the suspected hardware not properly detected.

Doing a general “lshal” and followed by searching for “887”:

udi = '/org/freedesktop/Hal/devices/pci_8086_887'
info.parent = '/org/freedesktop/Hal/devices/pci_8086_1e16' (string)
info.product = 'Unknown (0x0887)' (string)
info.subsystem = 'pci' (string)
info.udi = '/org/freedesktop/Hal/devices/pci_8086_887' (string)
info.vendor = 'Intel Corporation' (string)
linux.hotplug_type = 2 (0x2) (int)
linux.subsystem = 'pci' (string)
linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1c.3/0000:0a:00.0' (string)
pci.device_class = 2 (0x2) (int)
pci.device_protocol = 0 (0x0) (int)
pci.device_subclass = 128 (0x80) (int)
pci.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1c.3/0000:0a:00.0' (string)
pci.product_id = 2183 (0x887) (int)
pci.subsys_product_id = 16482 (0x4062) (int)
pci.subsys_vendor = 'Intel Corporation' (string)
pci.subsys_vendor_id = 32902 (0x8086) (int)
pci.vendor = 'Intel Corporation' (string)
pci.vendor_id = 32902 (0x8086) (int)

From above there is not “linux.driver” which will indicate which driver has acquired the hardware. Not sure which drivers it is, but highly likely to be from Intel. So doing a generic search “modprobe -l | grep intel” to search for all possible intel related drivers.

kernel/arch/x86/crypto/aesni-intel.ko
kernel/arch/x86/kvm/kvm-intel.ko
kernel/drivers/dma/intel_mid_dma.ko
kernel/drivers/char/hw_random/intel-rng.ko
kernel/drivers/net/ethernet/intel/e100.ko
kernel/drivers/net/ethernet/intel/e1000/e1000.ko
kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko
kernel/drivers/net/ethernet/intel/igb/igb.ko
kernel/drivers/net/ethernet/intel/igbvf/igbvf.ko
kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko
kernel/drivers/net/ethernet/intel/ixgbevf/ixgbevf.ko
kernel/drivers/net/ethernet/intel/ixgb/ixgb.ko
kernel/drivers/i2c/busses/i2c-intel-mid.ko
kernel/drivers/platform/x86/intel_menlow.ko
kernel/drivers/platform/x86/intel_ips.ko
kernel/drivers/platform/x86/intel_oaktrail.ko
kernel/drivers/video/intelfb/intelfb.ko
kernel/drivers/mtd/maps/intel_vr_nor.ko
kernel/sound/pci/snd-intel8x0.ko
kernel/sound/pci/snd-intel8x0m.ko
kernel/sound/pci/hda/snd-hda-intel.ko

Manually tried to “modprobe” a few but still not working: “wlan” is not coming up.

Finally, when I “modprobe iwlwifi” I saw this in “dmesg” output:

[ 12.121144] iwlwifi 0000:0a:00.0: pci_resource_len = 0x00002000
[ 12.121146] iwlwifi 0000:0a:00.0: pci_resource_base = f8794000
[ 12.121147] iwlwifi 0000:0a:00.0: HW Revision ID = 0xC4
[ 12.121294] iwlwifi 0000:0a:00.0: irq 46 for MSI/MSI-X
[ 12.121341] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEBUG disabled
[ 12.121343] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEBUGFS enabled
[ 12.121344] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEVICE_TRACING enabled
[ 12.121345] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEVICE_TESTMODE enabled
[ 12.121346] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_P2P disabled
[ 12.121374] iwlwifi 0000:0a:00.0: Detected Intel(R) Centrino(R) Wireless-N 2230 BGN, REV=0xC8
[ 12.121452] iwlwifi 0000:0a:00.0: L1 Enabled; Disabling L0S
[ 12.137817] iwlwifi 0000:0a:00.0: device EEPROM VER=0x81c, CALIB=0x6
[ 12.137819] iwlwifi 0000:0a:00.0: Device SKU: 0x150
[ 12.137821] iwlwifi 0000:0a:00.0: Valid Tx ant: 0x3, Valid Rx ant: 0x3
[ 12.137836] iwlwifi 0000:0a:00.0: Tunable channels: 13 802.11bg, 0 802.11a channels
[ 12.256360] iwlwifi 0000:0a:00.0: request for firmware file 'iwlwifi-2030-5.ucode' failed.
[ 12.256389] iwlwifi 0000:0a:00.0: no suitable firmware found!

Finally, it is complaining that it cannot find wilwifi-2030-5.ucode. Downloaded the latest kernel source code from kernel.org, but still it is not there. So finally I have to download it from http://intellinuxwireless.org/?n=downloads and voila, the 2030 ucode is there.

Copying the firmware into my existing /lib/firmware directory, and finally reloading the iwlwifi kernel module:

1721.114148] iwlwifi 0000:0a:00.0: pci_resource_len = 0x00002000
[11721.114150] iwlwifi 0000:0a:00.0: pci_resource_base = f86f0000
[11721.114153] iwlwifi 0000:0a:00.0: HW Revision ID = 0xC4
[11721.114281] iwlwifi 0000:0a:00.0: irq 47 for MSI/MSI-X
[11721.114339] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEBUG disabled
[11721.114341] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEBUGFS enabled
[11721.114343] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEVICE_TRACING enabled
[11721.114345] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_DEVICE_TESTMODE enabled
[11721.114347] iwlwifi 0000:0a:00.0: CONFIG_IWLWIFI_P2P disabled
[11721.114377] iwlwifi 0000:0a:00.0: Detected Intel(R) Centrino(R) Wireless-N 2230 BGN, REV=0xC8
[11721.114481] iwlwifi 0000:0a:00.0: L1 Enabled; Disabling L0S
[11721.130803] iwlwifi 0000:0a:00.0: device EEPROM VER=0x81c, CALIB=0x6
[11721.130806] iwlwifi 0000:0a:00.0: Device SKU: 0x150
[11721.130808] iwlwifi 0000:0a:00.0: Valid Tx ant: 0x3, Valid Rx ant: 0x3
[11721.130832] iwlwifi 0000:0a:00.0: Tunable channels: 13 802.11bg, 0 802.11a channels
[11721.178443] iwlwifi 0000:0a:00.0: loaded firmware version 18.168.6.1
[11721.178723] Registered led device: phy1-led

and doing a “ifconfig” wlan got detected by the router and setup hence:

wlan0 Link encap:Ethernet HWaddr 68:5d:43:02:11:bf
inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::6a5d:43ff:fe02:11bf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3041 errors:0 dropped:0 overruns:0 frame:0
TX packets:1932 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2525361 (2.5 MB) TX bytes:391475 (391.4 KB)

Enumerating all the notifiable notifier function in the linux kernel

How do you detect detect reboots?
How do you detect kernel module being loaded?
How do you detect OOM condition?
How do you detect hardware problems or being connected?

To answer these question notification functions are available in the kernel:

Looking into /proc/kallsyms:

grep registe.*notif /proc/kallsyms
ffffffff8108a740 T unregister_reboot_notifier
ffffffff8108a870 T register_reboot_notifier
ffffffff8108a8f0 T register_die_notifier
ffffffff8108a990 T unregister_die_notifier
ffffffff81092d70 T clockevents_register_notifier
ffffffff8109ee90 T unregister_module_notifier
ffffffff8109eeb0 T register_module_notifier
ffffffff810a27d0 T unregister_pm_notifier
ffffffff810a27f0 T register_pm_notifier
ffffffff810f6710 T unregister_oom_notifier
ffffffff810f6730 T register_oom_notifier
ffffffff81245f80 T unregister_ipcns_notifier
ffffffff81245fc0 T cond_register_ipcns_notifier
ffffffff81246050 T register_ipcns_notifier
ffffffff81286fe0 T crypto_unregister_notifier
ffffffff81287000 T crypto_register_notifier
ffffffff812e5788 T unregister_acpi_bus_notifier
ffffffff812e57a2 T register_acpi_bus_notifier
ffffffff812ea084 T unregister_dock_notifier
ffffffff812ea0a7 T register_dock_notifier
ffffffff812edc0c T unregister_acpi_notifier
ffffffff812edc26 T register_acpi_notifier
ffffffff813200c0 T unregister_xenstore_notifier
ffffffff813200e0 T register_xenstore_notifier
ffffffff813242f0 T regulator_unregister_notifier
ffffffff81324310 T regulator_register_notifier
ffffffff81338a30 T unregister_keyboard_notifier
ffffffff81338a50 T register_keyboard_notifier
ffffffff8133d650 T unregister_vt_notifier
ffffffff8133d670 T register_vt_notifier
ffffffff81367950 T bus_unregister_notifier
ffffffff81367970 T bus_register_notifier
ffffffff8137e1d0 T da903x_unregister_notifier
ffffffff8137e220 T da903x_register_notifier
ffffffff813e11a0 T usb_unregister_notify
ffffffff813e11c0 T usb_register_notify
ffffffff81431c90 T cpufreq_unregister_notifier
ffffffff81431cd0 T cpufreq_register_notifier
ffffffff8145e280 T unregister_netdevice_notifier
ffffffff8145e2c0 T register_netdevice_notifier
ffffffff81463c20 T unregister_netevent_notifier
ffffffff81463c40 T register_netevent_notifier
ffffffff8147f920 T netlink_unregister_notifier
ffffffff8147f940 T netlink_register_notifier
ffffffff814bb790 T unregister_inetaddr_notifier
ffffffff814bb7b0 T register_inetaddr_notifier
ffffffff814eb360 T unregister_inet6addr_notifier
ffffffff814eb380 T register_inet6addr_notifier
ffffffff8152ce80 T unregister_cpu_notifier
ffffffff8152cec0 T register_cpu_notifier
ffffffff8174e430 r __ksymtab_unregister_cpu_notifier
ffffffff8174e440 r __ksymtab_register_cpu_notifier
ffffffff8174f000 r __ksymtab_unregister_reboot_notifier
ffffffff8174f010 r __ksymtab_register_reboot_notifier
ffffffff8174f460 r __ksymtab_unregister_module_notifier
ffffffff8174f470 r __ksymtab_register_module_notifier
ffffffff81754f90 r __ksymtab_unregister_acpi_notifier
ffffffff81754fa0 r __ksymtab_register_acpi_notifier
ffffffff817578a0 r __ksymtab_cpufreq_unregister_notifier
ffffffff817578b0 r __ksymtab_cpufreq_register_notifier
ffffffff817589c0 r __ksymtab_unregister_netdevice_notifier
ffffffff817589d0 r __ksymtab_register_netdevice_notifier
ffffffff817596f0 r __ksymtab_netlink_unregister_notifier
ffffffff81759700 r __ksymtab_netlink_register_notifier
ffffffff8175a1b0 r __ksymtab_unregister_inetaddr_notifier
ffffffff8175a1c0 r __ksymtab_register_inetaddr_notifier
ffffffff8175a990 r __ksymtab_unregister_inet6addr_notifier
ffffffff8175a9a0 r __ksymtab_register_inet6addr_notifier
ffffffff8175b610 r __ksymtab_unregister_die_notifier
ffffffff8175b620 r __ksymtab_register_die_notifier
ffffffff8175ba90 r __ksymtab_unregister_pm_notifier
ffffffff8175baa0 r __ksymtab_register_pm_notifier
ffffffff8175c310 r __ksymtab_unregister_oom_notifier
ffffffff8175c320 r __ksymtab_register_oom_notifier
ffffffff8175d0f0 r __ksymtab_crypto_unregister_notifier
ffffffff8175d100 r __ksymtab_crypto_register_notifier
ffffffff8175dd70 r __ksymtab_unregister_acpi_bus_notifier
ffffffff8175dd80 r __ksymtab_register_acpi_bus_notifier
ffffffff8175de00 r __ksymtab_unregister_dock_notifier
ffffffff8175de10 r __ksymtab_register_dock_notifier
ffffffff8175e210 r __ksymtab_unregister_xenstore_notifier
ffffffff8175e220 r __ksymtab_register_xenstore_notifier
ffffffff8175e360 r __ksymtab_regulator_unregister_notifier
ffffffff8175e370 r __ksymtab_regulator_register_notifier
ffffffff8175e5b0 r __ksymtab_unregister_keyboard_notifier
ffffffff8175e5c0 r __ksymtab_register_keyboard_notifier
ffffffff8175e610 r __ksymtab_unregister_vt_notifier
ffffffff8175e620 r __ksymtab_register_vt_notifier
ffffffff8175ea90 r __ksymtab_bus_unregister_notifier
ffffffff8175eaa0 r __ksymtab_bus_register_notifier
ffffffff8175f270 r __ksymtab_da903x_unregister_notifier
ffffffff8175f280 r __ksymtab_da903x_register_notifier
ffffffff81760600 r __ksymtab_usb_unregister_notify
ffffffff81760610 r __ksymtab_usb_register_notify
ffffffff817612e0 r __ksymtab_unregister_netevent_notifier
ffffffff817612f0 r __ksymtab_register_netevent_notifier
ffffffff81762210 r __kcrctab_unregister_cpu_notifier
ffffffff81762218 r __kcrctab_register_cpu_notifier
ffffffff817627f8 r __kcrctab_unregister_reboot_notifier
ffffffff81762800 r __kcrctab_register_reboot_notifier
ffffffff81762a28 r __kcrctab_unregister_module_notifier
ffffffff81762a30 r __kcrctab_register_module_notifier
ffffffff817657c0 r __kcrctab_unregister_acpi_notifier
ffffffff817657c8 r __kcrctab_register_acpi_notifier
ffffffff81766c48 r __kcrctab_cpufreq_unregister_notifier
ffffffff81766c50 r __kcrctab_cpufreq_register_notifier
ffffffff817674d8 r __kcrctab_unregister_netdevice_notifier
ffffffff817674e0 r __kcrctab_register_netdevice_notifier
ffffffff81767b70 r __kcrctab_netlink_unregister_notifier
ffffffff81767b78 r __kcrctab_netlink_register_notifier
ffffffff817680d0 r __kcrctab_unregister_inetaddr_notifier
ffffffff817680d8 r __kcrctab_register_inetaddr_notifier
ffffffff817684c0 r __kcrctab_unregister_inet6addr_notifier
ffffffff817684c8 r __kcrctab_register_inet6addr_notifier
ffffffff81768b00 r __kcrctab_unregister_die_notifier
ffffffff81768b08 r __kcrctab_register_die_notifier
ffffffff81768d40 r __kcrctab_unregister_pm_notifier
ffffffff81768d48 r __kcrctab_register_pm_notifier
ffffffff81769180 r __kcrctab_unregister_oom_notifier
ffffffff81769188 r __kcrctab_register_oom_notifier
ffffffff81769870 r __kcrctab_crypto_unregister_notifier
ffffffff81769878 r __kcrctab_crypto_register_notifier
ffffffff81769eb0 r __kcrctab_unregister_acpi_bus_notifier
ffffffff81769eb8 r __kcrctab_register_acpi_bus_notifier
ffffffff81769ef8 r __kcrctab_unregister_dock_notifier
ffffffff81769f00 r __kcrctab_register_dock_notifier
ffffffff8176a100 r __kcrctab_unregister_xenstore_notifier
ffffffff8176a108 r __kcrctab_register_xenstore_notifier
ffffffff8176a1a8 r __kcrctab_regulator_unregister_notifier
ffffffff8176a1b0 r __kcrctab_regulator_register_notifier
ffffffff8176a2d0 r __kcrctab_unregister_keyboard_notifier
ffffffff8176a2d8 r __kcrctab_register_keyboard_notifier
ffffffff8176a300 r __kcrctab_unregister_vt_notifier
ffffffff8176a308 r __kcrctab_register_vt_notifier
ffffffff8176a540 r __kcrctab_bus_unregister_notifier
ffffffff8176a548 r __kcrctab_bus_register_notifier
ffffffff8176a930 r __kcrctab_da903x_unregister_notifier
ffffffff8176a938 r __kcrctab_da903x_register_notifier
ffffffff8176b2f8 r __kcrctab_usb_unregister_notify
ffffffff8176b300 r __kcrctab_usb_register_notify
ffffffff8176b968 r __kcrctab_unregister_netevent_notifier
ffffffff8176b970 r __kcrctab_register_netevent_notifier
ffffffff8176cf0e r __kstrtab_unregister_cpu_notifier
ffffffff8176cf26 r __kstrtab_register_cpu_notifier
ffffffff8176e004 r __kstrtab_unregister_die_notifier
ffffffff8176e01c r __kstrtab_register_die_notifier
ffffffff8176e032 r __kstrtab_unregister_reboot_notifier
ffffffff8176e04d r __kstrtab_register_reboot_notifier
ffffffff8176ea8e r __kstrtab_unregister_module_notifier
ffffffff8176eaa9 r __kstrtab_register_module_notifier
ffffffff8176eb1c r __kstrtab_unregister_pm_notifier
ffffffff8176eb33 r __kstrtab_register_pm_notifier
ffffffff8176fd13 r __kstrtab_unregister_oom_notifier
ffffffff8176fd2b r __kstrtab_register_oom_notifier
ffffffff8177404b r __kstrtab_crypto_unregister_notifier
ffffffff81774066 r __kstrtab_crypto_register_notifier
ffffffff81777364 r __kstrtab_unregister_acpi_bus_notifier
ffffffff81777381 r __kstrtab_register_acpi_bus_notifier
ffffffff81777617 r __kstrtab_unregister_dock_notifier
ffffffff81777630 r __kstrtab_register_dock_notifier
ffffffff8177771a r __kstrtab_unregister_acpi_notifier
ffffffff81777733 r __kstrtab_register_acpi_notifier
ffffffff817785f5 r __kstrtab_unregister_xenstore_notifier
ffffffff81778612 r __kstrtab_register_xenstore_notifier
ffffffff817787e2 r __kstrtab_regulator_unregister_notifier
ffffffff81778800 r __kstrtab_regulator_register_notifier
ffffffff81778f58 r __kstrtab_unregister_keyboard_notifier
ffffffff81778f75 r __kstrtab_register_keyboard_notifier
ffffffff81779103 r __kstrtab_unregister_vt_notifier
ffffffff8177911a r __kstrtab_register_vt_notifier
ffffffff81779eba r __kstrtab_bus_unregister_notifier
ffffffff81779ed2 r __kstrtab_bus_register_notifier
ffffffff8177a9ce r __kstrtab_da903x_unregister_notifier
ffffffff8177a9e9 r __kstrtab_da903x_register_notifier
ffffffff8177ce4d r __kstrtab_usb_unregister_notify
ffffffff8177ce63 r __kstrtab_usb_register_notify
ffffffff8177e093 r __kstrtab_cpufreq_unregister_notifier
ffffffff8177e0af r __kstrtab_cpufreq_register_notifier
ffffffff8177faf7 r __kstrtab_unregister_netdevice_notifier
ffffffff8177fb15 r __kstrtab_register_netdevice_notifier
ffffffff8177fe67 r __kstrtab_unregister_netevent_notifier
ffffffff8177fe84 r __kstrtab_register_netevent_notifier
ffffffff81780af7 r __kstrtab_netlink_unregister_notifier
ffffffff81780b13 r __kstrtab_netlink_register_notifier
ffffffff81781b71 r __kstrtab_unregister_inetaddr_notifier
ffffffff81781b8e r __kstrtab_register_inetaddr_notifier
ffffffff8178276f r __kstrtab_unregister_inet6addr_notifier
ffffffff8178278d r __kstrtab_register_inet6addr_notifier
ffffffffa0f21bf0 t kvm_unregister_irq_mask_notifier [kvm]
ffffffffa0f21d50 t kvm_register_irq_ack_notifier [kvm]
ffffffffa0f21ce0 t kvm_unregister_irq_ack_notifier [kvm]
ffffffffa0f21c50 t kvm_register_irq_mask_notifier [kvm]

And this is from 2.6.32-21-generic kernel, Ubuntu 10.04 LTS version.