Dalvik debugger specific options:
IDA needs to know where the 'adb' utility resides, and tries various methods to locate it automatically. Usually IDA finds the path to adb, but if it fails then we can define the ANDROID_SDK_HOME or the ANDROID_HOME environment variable to point to the directory where the Android SDK is installed to. Or set the path to 'adb' here.
Emulator/device serial number
If multiple emulator/device instances are running, you must specify the target instance to connect to.
Set the package name for the application as specified in AndroidManifest.xml. It is a mandatory option to start an application. If you plan to use "Attach to process" debugger action then you may leave this field empty.
If your want to start an application using the "Start process" debugger action then you have to set this option too. Copy it from AndroidManifest.xml. If you plan to use the "Attach to process" debugger action then you may leave this field empty.
Command line arguments
Every object inside Dalvik VM has an ID. It is the 64-bit number. If you want to see it in "Locals"/"Watches" windows then set this checkbox.Source-level debugging
In order to use source-level debugging you have to set paths to the application source code files. Do it using "Options/Sources path" menu item.
Our dalvik debugger presumes that the application sources reside in the current (".") directory. If this is not the case, you can map current directory (".") to the directory where the source files are located.List of special things about our Dalvik debugger:
- In Dalvik there is no stack and there is no SP register. The only available register is IP. - The method frame registers and slots (v0, v1, ...) are represented as local variables in IDA. We can see them in the Debugger/Debugger Windows/Locals window - The stack trace is available from "Debugger/Windows/Stack trace" - When the application is running, it may execute some system code. If we break the execution by clicking on the "Cancel" button, quite often we may find ourselves outside of the application, in the system code. The value of the IP register is 0xFFFFFFFF in this case, and stack trace shows only system calls and a lot of 0xFFFFFFFFs. It means that IDA could not locate the current execution position inside the application. We recommend to set more breakpoints inside the application, resume the execution and interact with application by clicking on its windows, selecting menu items, etc. The same thing can occur when we step out the application or step into the system code. In the last case we can use "Run until return" debugger command to return to the application code.Locals window
IDA considers the method frame registers, slots, and variables (v0, v1, ...) as local variables. To see their values we have to open the "Locals" window from the "Debugger/Debugger windows/Locals" menu item.
If the information about the frame is available (the symbol table is intact) then IDA shows the method arguments, the method local variables with names and other non-named variables. Otherwise some variable values will not be displayed because IDA does not know their types. Variables without type information are marked with "Bad type" in the "Locals" window. To see the variable value in this case please use the "Watches" window.Watches window
To open the "Watches" window please select the "Debugger/Windows/Watches" menu item. In this window we can add any variable to watch its value.
Please note that we have to specify type of variable if it is not known. Use C-style casts: (Object*)v0 (String)v6 (char*)v17 (int)v7
We do not need to specify the real type of an object variable, the "(Object*)" cast is enough. IDA can derive the real object type itself.
ATTENTION! An incorrect type may cause the Dalvik VM to crash.
There is not much we can do about it. Our recommendation is to never cast an integer variable to an object type, the Dalvik VM usually crashes if we do that. But the integer cast "(int)" is safe in practice.
Keeping the above in the mind, do not leave the cast entries in the "Watches" window for a long time. Delete them before any executing instruction that may change the type of the watched variableSee also Debugger submenu.