关键词: Android
首先去busybox主页 下载最新版本的源代码,然后用arm的交叉编译器编译出busybox的可执行程序,编译的时候需要注意一些设置选项,例如
Build Options —>
Build BusyBox as a static binary (no shared libs) 这个要选上,因上这样子编译出来的busyBox才是可以独立运行的。
│Do you want to build BusyBox with a Cross Compiler? │ │
│ │(/HOME/toolchains/gcc-4.0.2-glibc-2.3.5/arm-9tdmi-linux-gnu/bin/arm-9tdmi-linux-gnu│ 这是交叉编译器的路径,要根据具体的情况来设置。
Installation Options —>
Don’t use /usr
这样子编译出来的busybox才不会安装到你主机的/usr目录下。一定要选上。
busybox的功能选项根据需要自选,但是不要太贪心.
OK,这里就不纠缠于编译busybox的东西了,网上资料无数。接下来,我们把busybox安装到模拟器上去。先在模拟器上随便建一个busybox的文件夹,然后进入busybox可执行文件目录,使用命令
adb push busybox.asc /data/busybox/busybox
然后进入adb shell,chmod 777 ./busybox,就可以直接使用了。但现在还是不方便,总不能每用一个命令就输一次busybox吧?所以,我们可以先用./busybox --install将程序都安装到当前目录下,然后把当前目录添加到PATH变量中即可。暂时使用export来添加吧,如果想永久添加,往下看。
好了,准备工作完成,开始研究的工作了。既然是研究启动过程,那当然是先看看init.rc文件。去etc目录打开它,分析一下内容,首先是对 env的定义,也就是全局环境变量的定义,接下来的建立和初始化里面的内容目前还不清楚什么意思,紧接着就是系统启动时运行的初始进程信息,这个比较有意 思,包括了usbd-config和qemu,qemu自不用说,而usbd-config作为初始启动的进程,应该就是和上一篇文章猜的一样,用来调试 或者usb通信的。往下看,是在初始启动进程完成之后开始启动的服务进程,这些进程如果因故退出,会自动重启。这里面包括了console控制 台,adbd监护进程,usbd监护进程,debuggerd监护进程等.除去这些守护进程,能引起我们注意的,是runtime和zygote。这两个 进程似乎掌管着其他进程以及应用程序的启动。
现在,来让我们做一个实验吧,将自动调用的启动过程变成手动,看看启动流程具体是什么样的。想达到这个目的,首先就是要修改init.rc文 件,当然不是在模拟器的console中改,一是不能改,二是你改了也没用,下次加载就会给你覆盖了。所以,我们要从原始镜像ramdisk.img入手 了。从2.6标准Linux内核开始,initrd.img都采用cpio压缩,猜测ramdisk.img也一样,需要使用gunzip解压缩,然后再 使用cpio解包。好,进入tools/lib/images目录下,先用file命令看看ramdisk.img的类型,没错,系统提示
ramdisk.img: gzip compressed data, from Unix
很好,然后将ramdisk.img复制一份到任何其他目录下,将其名称改为ramdisk.img.gz,并使用命令
gunzip ramdisk.img.gz
然后新建一个文件夹,叫ramdisk吧,进入,输入命令
cpio -i -F ../ramdisk.img
这下,你就能看见并操作ramdisk里面的内容了。当然你也可以直接在外面进行操作,但是还是建议把cpio解压缩出来的内容全部集中在一个文件夹里面,因为一会我们还要将其压缩成新的ramdisk.img。
OK,现在开始修改步骤吧。用任何一款编辑器打开init.rc,首先在PATH那里加上你的Busybox安装路径,然后注释内容,我们要手工启动他们。
# zygote {
# exec
/
system
/
bin
/
app_process
# args {
#
0
-
Xzygote
#
1
/
system
/
bin
#
2
–zygote
# }
# autostart
1
# }# runtime {
# exec
/
system
/
bin
/
runtime
# autostart
1
# }
在这里需要注意,不要同时把两者都注释了,注释某一个,再试验手工启动它,如果两者同时注释我这里有问题,无法启动。
好,接下来,使用下列命令重新打包成镜像
cpio -i -t -F ../ramdisk.img > list
cpio -o -H newc -O lk.img < list
当前目录下生成的lk.img就是我们的新镜像了。使用自己的镜像启动emulator;
emulator -console -ramdisk lk.img
如果我们注释的是zygote,那么在#后输入
app_process -Xzygote /system/bin –zygote
手工启动,命令行中输出的信息是
Prepping: /system/app/AlarmProvider.apk:/system/app/Browser.apk:/system/app/
Calendar.apk:/system/app/Camera.apk:/system/app/Contacts.apk:
/system/app/Development.apk:/system/app/GDataFeedsProvider.apk:/system/app/
Gmail.apk:/system/app/GmailProvider.apk:/system/app/GoogleApps.apk:
/system/app/GoogleAppsProvider.apk:/system/app/Home.apk:/system/app/ImProvider.apk:
/system/app/Maps.apk:/system/app/MediaPickerActivity.apk:
/system/app/MediaProvider.apk:/system/app/Phone.apk:/system/app/PimProvider.apk:/system/
app/ApiDemos.apk:/system/app/SettingsProvider.apk:
/system/app/Sms.apk:/system/app/SyncProvider.apk:/system/app/TelephonyProvider.apk:
/system/app/XmppService.apk:/system/app/YouTube.apk
File not found: /system/app/AlarmProvider.apk
File not found: /system/app/Calendar.apk
File not found: /system/app/Camera.apk
File not found: /system/app/GDataFeedsProvider.apk
File not found: /system/app/Gmail.apk
File not found: /system/app/GmailProvider.apk
File not found: /system/app/MediaPickerActivity.apk
File not found: /system/app/PimProvider.apk
File not found: /system/app/ApiDemos.apk
File not found: /system/app/Sms.apk
File not found: /system/app/SyncProvider.apk
File not found: /system/app/YouTube.apk
Prep complete
嘿嘿,从File not found的信息中可以看到一些Google可能会即将推出的应用,比如Gmail什么的。当然,这些都是Java框架的启动信息,我们以后还要借助其他工具来进行进一步探索。
如果我们注释的是runtime,那么输出信息是:
+++ post-zygote
老实说,没有明白这是啥意思,呵呵,吃饭时间到了,懒得看了。
好了,今天就说到这,基本的方法就是这样,有兴趣的朋友可以进一步深入研究。我们下一篇文章见。
在android上,如果你直接用dalivik去加载framework.jar,你会发现里面的大部分native方法无法使用。同时,在 /init.rc里面,你也找不到dalvikvm。在ps列表,也没有dalvikvm。那android是怎么启动java程序的呢?
在android上,java程序是通过app_process启动的。在/init.rc里面,有如下一段代码:
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
app_process的命令行参数如下:
app_process [java-options] cmd-dir start-class-name [options]
因此,init.rc里面的各个参数的对应关系为:
-Xzygote: java-options,这些参数会传给dalvik,这些参数必须以-开头,一旦遇到不是以-开头的或者--,代表java-options结束。
/system/bin:cmd-dir,也就是当前目录,文件操作的父路径将为此路径。
start-class-name:空
--zygote --start-system-server:选项。
- if (i < argc) {
- arg = argv[i++];
- if (0 == strcmp( "--zygote" , arg)) {
- bool startSystemServer = (i < argc) ?
- strcmp(argv[i], "--start-system-server" ) == 0 : false ;
- setArgv0(argv0, "zygote" );
- set_process_name("zygote" );
- runtime.start("com.android.internal.os.ZygoteInit" ,
- startSystemServer);
- } else {
- set_process_name(argv0);
- runtime.mClassName = arg;
- // Remainder of args get passed to startup class main()
- runtime.mArgC = argc-i;
- runtime.mArgV = argv+i;
- LOGV("App process is starting with pid=%d, class=%s./n" ,
- getpid(), runtime.getClassName());
- runtime.start();
- }
- }
- if (i < argc) {
- arg = argv[i++];
- if (0 == strcmp( "--zygote" , arg)) {
- bool startSystemServer = (i < argc) ?
- strcmp(argv[i], "--start-system-server" ) == 0 : false ;
- setArgv0(argv0, "zygote" );
- set_process_name("zygote" );
- runtime.start("com.android.internal.os.ZygoteInit" ,
- startSystemServer);
- } else {
- set_process_name(argv0);
- runtime.mClassName = arg;
- // Remainder of args get passed to startup class main()
- runtime.mArgC = argc-i;
- runtime.mArgV = argv+i;
- LOGV("App process is starting with pid=%d, class=%s./n" ,
- getpid(), runtime.getClassName());
- runtime.start();
- }
- }
从app_process的main函数(在app_main.cpp里面)可以看出,app_process有两种启动方式:一种是 init.rc里面的这种方式,这种方式将会以zygote模式启动com.android.internal.os.ZygoteInit,并将进程名 称改为zygote;另外一种是以非zygote模拟启动com.android.internal.os.RuntimeInit,并调用它的main 方法,main的最后会执行finishInit,finishInit是一个native方法,这个方法会调用app_process的 onStarted方法,在onStarted里面将会调用真正要执行的class。
无论app_process,它都将会调用frameworks/base/core/jni/AndroidRuntime.cpp里面的start
方法(496行)。这 个start方法会根据android属性系统设置dalvik的参数,并初始化java代码的native方法,最终启动dalvik。需要注意的 是,java代码的大部分native方法(差不多80%)都是在这里面初始化的,这些初始化代码会检查java代码的正确性(例如是否有对应的 native方法,是否有需要的属性等),在初始化过程中,任何一步的错误都将导致进程退出。整个native方法初始化过程如 下:start(AndroidRuntime.cpp,766行)->startReg(AndroidRuntime.cpp,1136 行)-> register_jni_procs(AndroidRuntime.cpp,1011行)。初始化的java class有(AndroidRuntime.cpp,1018行):
- static const RegJNIRec gRegJNI[] = {
- REG_JNI(register_android_debug_JNITest),
- REG_JNI(register_com_android_internal_os_RuntimeInit),
- REG_JNI(register_android_os_SystemClock),
- REG_JNI(register_android_util_EventLog),
- REG_JNI(register_android_util_Log),
- REG_JNI(register_android_util_FloatMath),
- REG_JNI(register_android_text_format_Time),
- REG_JNI(register_android_pim_EventRecurrence),
- REG_JNI(register_android_content_AssetManager),
- REG_JNI(register_android_content_StringBlock),
- REG_JNI(register_android_content_XmlBlock),
- REG_JNI(register_android_emoji_EmojiFactory),
- REG_JNI(register_android_security_Md5MessageDigest),
- REG_JNI(register_android_text_AndroidCharacter),
- REG_JNI(register_android_text_KeyCharacterMap),
- REG_JNI(register_android_os_Process),
- REG_JNI(register_android_os_Binder),
- REG_JNI(register_android_os_Hardware),
- REG_JNI(register_android_view_Display),
- REG_JNI(register_android_nio_utils),
- REG_JNI(register_android_graphics_PixelFormat),
- REG_JNI(register_android_graphics_Graphics),
- REG_JNI(register_android_view_Surface),
- REG_JNI(register_android_view_ViewRoot),
- REG_JNI(register_com_google_android_gles_jni_EGLImpl),
- REG_JNI(register_com_google_android_gles_jni_GLImpl),
- REG_JNI(register_android_graphics_Bitmap),
- REG_JNI(register_android_graphics_BitmapFactory),
- REG_JNI(register_android_graphics_Camera),
- REG_JNI(register_android_graphics_Canvas),
- REG_JNI(register_android_graphics_ColorFilter),
- REG_JNI(register_android_graphics_DrawFilter),
- REG_JNI(register_android_graphics_Interpolator),
- REG_JNI(register_android_graphics_LayerRasterizer),
- REG_JNI(register_android_graphics_MaskFilter),
- REG_JNI(register_android_graphics_Matrix),
- REG_JNI(register_android_graphics_Movie),
- REG_JNI(register_android_graphics_NinePatch),
- REG_JNI(register_android_graphics_Paint),
- REG_JNI(register_android_graphics_Path),
- REG_JNI(register_android_graphics_PathMeasure),
- REG_JNI(register_android_graphics_PathEffect),
- REG_JNI(register_android_graphics_Picture),
- REG_JNI(register_android_graphics_PorterDuff),
- REG_JNI(register_android_graphics_Rasterizer),
- REG_JNI(register_android_graphics_Region),
- REG_JNI(register_android_graphics_Shader),
- REG_JNI(register_android_graphics_Typeface),
- REG_JNI(register_android_graphics_Xfermode),
- REG_JNI(register_com_android_internal_graphics_NativeUtils),
- REG_JNI(register_android_database_CursorWindow),
- REG_JNI(register_android_database_SQLiteDatabase),
- REG_JNI(register_android_database_SQLiteDebug),
- REG_JNI(register_android_database_SQLiteProgram),
- REG_JNI(register_android_database_SQLiteQuery),
- REG_JNI(register_android_database_SQLiteStatement),
- REG_JNI(register_android_os_Debug),
- REG_JNI(register_android_os_Exec),
- REG_JNI(register_android_os_FileObserver),
- REG_JNI(register_android_os_FileUtils),
- REG_JNI(register_android_os_ParcelFileDescriptor),
- REG_JNI(register_android_os_Power),
- REG_JNI(register_android_os_StatFs),
- REG_JNI(register_android_os_SystemProperties),
- REG_JNI(register_android_os_UEventObserver),
- REG_JNI(register_android_net_LocalSocketImpl),
- REG_JNI(register_android_net_NetworkUtils),
- REG_JNI(register_android_net_wifi_WifiManager),
- REG_JNI(register_android_os_MemoryFile),
- REG_JNI(register_com_android_internal_os_ZygoteInit),
- REG_JNI(register_android_hardware_Camera),
- REG_JNI(register_android_hardware_SensorManager),
- REG_JNI(register_android_media_AudioRecord),
- REG_JNI(register_android_media_AudioSystem),
- REG_JNI(register_android_media_AudioTrack),
- REG_JNI(register_android_media_JetPlayer),
- REG_JNI(register_android_media_ToneGenerator),
- REG_JNI(register_android_opengl_classes),
- REG_JNI(register_android_bluetooth_Database),
- REG_JNI(register_android_bluetooth_HeadsetBase),
- REG_JNI(register_android_bluetooth_BluetoothAudioGateway),
- REG_JNI(register_android_bluetooth_RfcommSocket),
- REG_JNI(register_android_bluetooth_ScoSocket),
- REG_JNI(register_android_server_BluetoothDeviceService),
- REG_JNI(register_android_server_BluetoothEventLoop),
- REG_JNI(register_android_server_BluetoothA2dpService),
- REG_JNI(register_android_message_digest_sha1),
- REG_JNI(register_android_ddm_DdmHandleNativeHeap),
- REG_JNI(register_android_util_Base64),
- REG_JNI(register_android_location_GpsLocationProvider),
- };
- static const RegJNIRec gRegJNI[] = {
- REG_JNI(register_android_debug_JNITest),
- REG_JNI(register_com_android_internal_os_RuntimeInit),
- REG_JNI(register_android_os_SystemClock),
- REG_JNI(register_android_util_EventLog),
- REG_JNI(register_android_util_Log),
- REG_JNI(register_android_util_FloatMath),
- REG_JNI(register_android_text_format_Time),
- REG_JNI(register_android_pim_EventRecurrence),
- REG_JNI(register_android_content_AssetManager),
- REG_JNI(register_android_content_StringBlock),
- REG_JNI(register_android_content_XmlBlock),
- REG_JNI(register_android_emoji_EmojiFactory),
- REG_JNI(register_android_security_Md5MessageDigest),
- REG_JNI(register_android_text_AndroidCharacter),
- REG_JNI(register_android_text_KeyCharacterMap),
- REG_JNI(register_android_os_Process),
- REG_JNI(register_android_os_Binder),
- REG_JNI(register_android_os_Hardware),
- REG_JNI(register_android_view_Display),
- REG_JNI(register_android_nio_utils),
- REG_JNI(register_android_graphics_PixelFormat),
- REG_JNI(register_android_graphics_Graphics),
- REG_JNI(register_android_view_Surface),
- REG_JNI(register_android_view_ViewRoot),
- REG_JNI(register_com_google_android_gles_jni_EGLImpl),
- REG_JNI(register_com_google_android_gles_jni_GLImpl),
- REG_JNI(register_android_graphics_Bitmap),
- REG_JNI(register_android_graphics_BitmapFactory),
- REG_JNI(register_android_graphics_Camera),
- REG_JNI(register_android_graphics_Canvas),
- REG_JNI(register_android_graphics_ColorFilter),
- REG_JNI(register_android_graphics_DrawFilter),
- REG_JNI(register_android_graphics_Interpolator),
- REG_JNI(register_android_graphics_LayerRasterizer),
- REG_JNI(register_android_graphics_MaskFilter),
- REG_JNI(register_android_graphics_Matrix),
- REG_JNI(register_android_graphics_Movie),
- REG_JNI(register_android_graphics_NinePatch),
- REG_JNI(register_android_graphics_Paint),
- REG_JNI(register_android_graphics_Path),
- REG_JNI(register_android_graphics_PathMeasure),
- REG_JNI(register_android_graphics_PathEffect),
- REG_JNI(register_android_graphics_Picture),
- REG_JNI(register_android_graphics_PorterDuff),
- REG_JNI(register_android_graphics_Rasterizer),
- REG_JNI(register_android_graphics_Region),
- REG_JNI(register_android_graphics_Shader),
- REG_JNI(register_android_graphics_Typeface),
- REG_JNI(register_android_graphics_Xfermode),
- REG_JNI(register_com_android_internal_graphics_NativeUtils),
- REG_JNI(register_android_database_CursorWindow),
- REG_JNI(register_android_database_SQLiteDatabase),
- REG_JNI(register_android_database_SQLiteDebug),
- REG_JNI(register_android_database_SQLiteProgram),
- REG_JNI(register_android_database_SQLiteQuery),
- REG_JNI(register_android_database_SQLiteStatement),
- REG_JNI(register_android_os_Debug),
- REG_JNI(register_android_os_Exec),
- REG_JNI(register_android_os_FileObserver),
- REG_JNI(register_android_os_FileUtils),
- REG_JNI(register_android_os_ParcelFileDescriptor),
- REG_JNI(register_android_os_Power),
- REG_JNI(register_android_os_StatFs),
- REG_JNI(register_android_os_SystemProperties),
- REG_JNI(register_android_os_UEventObserver),
- REG_JNI(register_android_net_LocalSocketImpl),
- REG_JNI(register_android_net_NetworkUtils),
- REG_JNI(register_android_net_wifi_WifiManager),
- REG_JNI(register_android_os_MemoryFile),
- REG_JNI(register_com_android_internal_os_ZygoteInit),
- REG_JNI(register_android_hardware_Camera),
- REG_JNI(register_android_hardware_SensorManager),
- REG_JNI(register_android_media_AudioRecord),
- REG_JNI(register_android_media_AudioSystem),
- REG_JNI(register_android_media_AudioTrack),
- REG_JNI(register_android_media_JetPlayer),
- REG_JNI(register_android_media_ToneGenerator),
- REG_JNI(register_android_opengl_classes),
- REG_JNI(register_android_bluetooth_Database),
- REG_JNI(register_android_bluetooth_HeadsetBase),
- REG_JNI(register_android_bluetooth_BluetoothAudioGateway),
- REG_JNI(register_android_bluetooth_RfcommSocket),
- REG_JNI(register_android_bluetooth_ScoSocket),
- REG_JNI(register_android_server_BluetoothDeviceService),
- REG_JNI(register_android_server_BluetoothEventLoop),
- REG_JNI(register_android_server_BluetoothA2dpService),
- REG_JNI(register_android_message_digest_sha1),
- REG_JNI(register_android_ddm_DdmHandleNativeHeap),
- REG_JNI(register_android_util_Base64),
- REG_JNI(register_android_location_GpsLocationProvider),
- };
这些初始化的native方法是java代码与底层服务打交道的接口,因此我们必须初始化这些方法。
以app_process启动java class的另外一个好处是它会初始化IBinder,这样就可以在java代码和jni代码里面接收IBinder消息。