The preparatory work

1. Mobile: Google Pixel 3 Android 11, API 30
2. Tools: IDA 7.0, Android Studio
3. Computer system: Win10

Write a C++ demo

To change the code slightly, click Hello World to call c++

class MainActivity : AppCompatActivity() {

    @SuppressLint("SetTextI18n")
    override fun onCreate(savedInstanceState: Bundle?). {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        // Example of a call to a native method
        sample_text.setOnClickListener {
            sample_text.text = stringFromJNI() + intFromJNI()
        }
    }

    /** * A native method that is implemented by the 'native-lib' native library, * which is packaged with this application. */
    private external fun stringFromJNI(a): String

    private external fun intFromJNI(a): Int

    companion object {
        // Used to load the 'native-lib' library on application startup.
        init {
            System.loadLibrary("native-lib")}}}Copy the code

Native – lib. CPP code

#include <jni.h>
#include <string>

int test_add(a);

extern "C" JNIEXPORT jstring JNICALL
Java_com_example_testcpp_MainActivity_stringFromJNI(
        JNIEnv *env,
        jobject /* this */) {
    std::string hello = "Hello from C++ ";
    return env->NewStringUTF(hello.c_str());
}

extern "C" JNIEXPORT jint JNICALL
Java_com_example_testcpp_MainActivity_intFromJNI(JNIEnv *env, jobject thiz) {
    int ret = test_add(a);return (jint)ret;
}

int test_add(a) {
    return 1 + 1;
}
Copy the code

Operation effect (left), click (right)

Put android_server64 from IDA directory DBGSRV in the Android application directory

Note here how many bits the phone is, I’m using 64-bit android_server64

Via Android StudioDevice File ExplorerUpload to the corresponding application directory,Adb cannot push files into this directory without root permission

Open the terminal and enter ADB shell to start android_server

C:\Users\Administrator\Desktop\fby>adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
blueline:/ $
Copy the code

Here is a key step, if directly into the/data/data/com. Example. There is no authority testcpp, also cannot start android_server

blueline:/ $ cd data/data/com.example.testcpp
/system/bin/sh: cd: /data/data/com.example.testcpp: Permission denied
Copy the code

Run -as com.example.testcpp to get to the app directory, ls to look at the current directory and start android_server

2|blueline:/ $ run-as com.example.testcpp blueline:/data/user/0/com.example.testcpp $ ls android_server64 cache code_cache databases files no_backup shared_prefs blueline:/data/user/0/com.example.testcpp $ ./android_server64 IDA Android 64-bit Remote Debug Server (ST) V1.22. hx-Rays (C) 2004-2017 Listening on 0.0.0.0:23946 Android 64-bit Remote Debug Server (ST) V1.22. hx-Rays (C) 2004-2017 Listening on 0.0.0.0:23946...Copy the code

Open another terminal, forwarding port 23946

C:\Users\Administrator>adb forward tcp:23946 tcp:23946
23946
Copy the code

Start the IDA64 attch process

Click OK to go to the debug page, where the breakpoint has been entered, press F9 to execute the program

In the Modules window, go to your native lib.so and hit a breakpoint

Click Hello World on your app and go to the breakpoint