Dalvik debugger

The Dalvik debugger is a plugin to debug Android applications written for the Dalvik Virtual Machine. It includes the source level debugging too.

Dalvik debugger specific options:

    ADB executable

        IDA needs to know where the 'adb' utility resides, and tries various
        methods to locate it automatically. Usually IDA finds the path to adb,
        but if it fails then we can define the ANDROID_SDK_HOME or the
        ANDROID_HOME environment variable to point to the directory where the
        Android SDK is installed to. Or set the path to 'adb' here.

    Emulator/device serial number

        If multiple emulator/device instances are running, you must specify
        the target instance to connect to.

    Package name

        Set the package name for the application as specified in
        AndroidManifest.xml. It is a mandatory option to start an application.
        If you plan to use "Attach to process" debugger action then you may
        leave this field empty.

    Activity

        If your want to start an application using the "Start process"
        debugger action then you have to set this option too. Copy it from
        AndroidManifest.xml. If you plan to use the "Attach to process"
        debugger action then you may leave this field empty.

    Command line arguments

        Every object inside Dalvik VM has an ID. It is the 64-bit number.
        If you want to see it in "Locals"/"Watches" windows then set this
        checkbox.

Source-level debugging

    In order to use source-level debugging you have to set paths to the
    application source code files. Do it using "Options/Sources path"
    menu item.

    Our dalvik debugger presumes that the application sources reside
    in the current (".") directory.  If this is not the case, you can
    map current directory (".") to the directory where the source files
    are located.

List of special things about our Dalvik debugger:

  - In Dalvik there is no stack and there is no SP register.
    The only available register is IP.
  - The method frame registers and slots (v0, v1, ...) are represented as
    local variables in IDA.
    We can see them in the Debugger/Debugger Windows/Locals window
  - The stack trace is available from "Debugger/Windows/Stack trace"
  - When the application is running, it may execute some system code.
    If we break the execution by clicking on the "Cancel" button,
    quite often we may find ourselves outside of the application,
    in the system code. The value of the IP register is 0xFFFFFFFF in this
    case, and stack trace shows only system calls and a lot of 0xFFFFFFFFs.
    It means that IDA could not locate the current execution position inside
    the application. We recommend to set more breakpoints inside the
    application, resume the execution and interact with application by
    clicking on its windows, selecting menu items, etc.
    The same thing can occur when we step out the application or
    step into the system code. In the last case we can use "Run until
    return" debugger command to return to the application code.

Locals window

    IDA considers the method frame registers, slots, and
    variables (v0, v1, ...) as local variables.
    To see their values we have to open the "Locals" window
    from the "Debugger/Debugger windows/Locals" menu item.

    If the information about the frame is available (the symbol table is
    intact) then IDA shows the method arguments, the method local variables
    with names and other non-named variables.
    Otherwise some variable values will not be displayed because IDA
    does not know their types. Variables without type information are
    marked with "Bad type" in the "Locals" window.
    To see the variable value in this case please use the "Watches" window.

Watches window

    To open the "Watches" window please select the "Debugger/Windows/Watches"
    menu item. In this window we can add any variable to watch its value.

    Please note that we have to specify type of variable if it is not known.
    Use C-style casts:
        (Object*)v0
        (String)v6
        (char*)v17
        (int)v7

    We do not need to specify the real type of an object variable,
    the "(Object*)" cast is enough.  IDA can derive the real object type
    itself.

    ATTENTION! An incorrect type may cause the Dalvik VM to crash.

    There is not much we can do about it. Our recommendation is to never
    cast an integer variable to an object type, the Dalvik VM usually
    crashes if we do that. But the integer cast "(int)" is safe in practice.

    Keeping the above in the mind, do not leave the cast entries
    in the "Watches" window for a long time. Delete them before any
    executing instruction that may change the type of the watched variable

See also Debugger submenu.

Last updated