Debuggers are special modules that attach to existing code units. They do not produce additional units; instead, they provide specialized actions, accessible graphically via the Debugger menu in the UI client.
The following picture shows two debugger units connected to an Android app.
Note to developers: debugger modules offer a rich API. UI clients can only reflect those functionality partly. Visit the Resources sub-section for more information on how to use the debuggers API to perform advanced dynamic analysis of applications.
Currently, JEB ships with debuggers for:
- Android DEX bytecode: the debugger is a custom JDWP client implementation
- x86/x86-64, ARM/ARM64, and MIPS: the debuggers are custom GDB client implementations
Attaching to a Target¶
- Open a code view representing the code unit to be debugged.
- Execute *Debugger/Attach"
- Select the target machine and target process
- Click Attach
One or more debugger unit(s) will be created, depending on your target application.
The UI client will also open automatically open views that represent the debugger units. Those views are:
- Local variables and registers
- Memory and live disassembly (if applicable)
- Current stack (if applicable)
- Log view
You may want to switch to a custom layout to better accommodate those additional views. The above pictures shows an on-going debugging session of an Android app. A custom layout is used:
- the bytecode debugger views are in the top-right hand quadrant
- the process code debugger views are in the bottom-right hand quadrant
A breakpoint can also be seen, as well as the about-to-be-executed line of code.
The basic commands are accessible from the Debugger menu.
- Detach from or restart the debugging session
- Pause, resume, or terminate the target
- Suspend or resume threads
- Set breakpoints
- Step execution (into, over, or out of a routine)
The live values of variables and registers can also be examining by hovering over an item representing them.
More: a detailed overview of basic debugging capabilities, specifically for Android app debugging, can be found on our blog.
Advanced debugging commands can be used via the Console view. This view is linked to command interpreters offered by the currently focused unit. Debuggers offer command interpreter to perform advanced tasks such as:
- Searching patterns in memory
- Examining objects
- Creating objects or invoking methods
- Custom tasks specific to a given debugger that cannot be generically represented by the UI client
The screenshot below shows the expanded Console view with an interpreter connected to the Dalvik Bytecode debugger:
More: a detailed overview of the interpreters' features can be found on our blog.
- Debugger Tutorial, part 1 - Android: An Introduction to JEB Android Debuggers
- Debugger Tutorial, part 2 - Interpreter: Advanced Debugger Usage via the Interpreter
- Debugger Tutorial, part 3 - Automation: Crypto Monitoring with the Android Debuggers API
Also consult the Reference API Documentation.