http://aospxref.com/android-12.0.0_r3/xref/frameworks/base/core/java/android/os/BinderProxy.java部分APP不会使用常规的framework api调用系统的一些函数获取信息,但是如果他自己构建binder调用的信息获取,最后都会跑到这个函数中去。
关键函数transact
打印调用信息关键函数:
public boolean transact(int code, Parcel data, Parcel reply, int flags) throws RemoteException {}
进入native层监控:
595 public native boolean transactNative(int code, Parcel data, Parcel reply,596 int flags) throws RemoteException;
对应native代码:
http://aospxref.com/android-12.0.0_r3/xref/frameworks/base/core/jni/android_util_Binder.cpp#1553
1548 static const JNINativeMethod gBinderProxyMethods[] = {1549 /* name, signature, funcPtr */1550 {"pingBinder", "()Z", (void*)android_os_BinderProxy_pingBinder},1551 {"isBinderAlive", "()Z", (void*)android_os_BinderProxy_isBinderAlive},1552 {"getInterfaceDescriptor", "()Ljava/lang/String;", (void*)android_os_BinderProxy_getInterfaceDescriptor},1553 这里{"transactNative", "(ILandroid/os/Parcel;Landroid/os/Parcel;I)Z", (void*)android_os_BinderProxy_transact},1554 {"linkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)V", (void*)android_os_BinderProxy_linkToDeath},1555 {"unlinkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)Z", (void*)android_os_BinderProxy_unlinkToDeath},1556 {"getNativeFinalizer", "()J", (void*)android_os_BinderProxy_getNativeFinalizer},1557 {"getExtension", "()Landroid/os/IBinder;", (void*)android_os_BinderProxy_getExtension},1558 };
上面是函数绑定,具体实现是:
1382 static jboolean android_os_BinderProxy_transact(JNIEnv* env, jobject obj,1383 jint code, jobject dataObj, jobject replyObj, jint flags)
发现一个好东西,把java的对象转c++中对象,也就是对象中的一些字段信息转到c++中的class中去。
Parcel* data = parcelForJavaObject(env, dataObj);
发现这里模块有log工具的
1405 ALOGV("Java code calling transact on %p in Java object %p with code %" PRId32 "\n",1406 target, obj, code);
http://aospxref.com/android-12.0.0_r3/xref/frameworks/ex/framesequence/jni/utils/log.h如果编译user版本,log关闭的,通常为了规避检测,我们都会编译user版本的系统。
28 /*29 * Normally we strip ALOGV (VERBOSE messages) from release builds.30 * You can modify this (for example with "#define LOG_NDEBUG 0"31 * at the top of your source file) to change that behavior.32 */33 #ifndef LOG_NDEBUG34 #ifdef NDEBUG35 #define LOG_NDEBUG 136 #else37 #define LOG_NDEBUG 038 #endif39 #endif
LOG_NDEBUG==1表示不打印VERBOSE日志
LOG_NDEBUG==0表示打印VERBOSE日志
在这个头文件顶部,增加
#define LOG_NDEBUG 0主动激活打印日志,或者再增加一个开关来控制是否打印,增加pid过滤也可以的。
推荐阅读
Rockchip平台rk3588源码下载编译(基于Android13)
文章来源: http://mp.weixin.qq.com/s?__biz=Mzg2NzUzNzk1Mw==&mid=2247496555&idx=1&sn=697ccf3afea3d7bbcb4320312864eabe&chksm=ceb8b625f9cf3f337381ea9e41199b17cff7a40f2766f529596d9e28553faec0cf9e62e948b3&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh