借助adb与gdb确认app内存缓存中是否存在用户敏感数据

一、环境准备

1. 搭建adb调试桥 可参考文章《ADB调试桥安装（方式二）》

2. 安装调试gdb工具 可参考文章《移动设备中导入gdb调试工具》

二、测试执行

root@G808_3G:/system/bin # ps | grep com.baidu.superservice　　　　　　　　　　　　====》查找你要测试的目标进程
ps | grep com.baidu.superservice
u0_a66    1019  132   509064 30468 ffffffff 40102b10 S com.baidu.superservice　　====》确认进程ID为1019
root@G808_3G:/system/bin # ls /proc/1019/task/　　　　　　　　　　　　　　　　　　　　　====》查看1019的信息
ls /proc/1019/task/
1019
1023
1025
1027
1028
1033
1037
1041
1043
1126
1304
1306
1326
1387
1616
1785
2003
2005
2172
2585
2940
3599
root@G808_3G:/system/bin # ./gdb -pid 1023　　　　　　　　　　　　　　　　==》使用gdb -pid + 进程id分析
./gdb -pid 1023


dlopen failed on 'libthread_db.so.1' - libthread_db.so.1: cannot open shared object file: No such file or directory
GDB will not be able to debug pthreads.

GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-none-linux-gnueabi".
Attaching to process 1023

warning: process 1023 is a cloned process
Reading symbols from /system/bin/app_process...(no debugging symbols found)...done.
(no debugging symbols found)
0x40102e1c in ?? ()
(gdb) gcore　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　====》此处执行gcore命令
warning: Memory read failed for corefile section, 4096 bytes at 0x40ee8000.
...省略...
warning: Failed to write corefile contents (No space left on device).
warning: Failed to write corefile contents (No space left on device).
warning: Failed to write corefile contents (No space left on device).
warning: Memory read failed for corefile section, 4096 bytes at 0x5b567000.
warning: Failed to write corefile contents (No space left on device).
warning: Failed to write corefile contents (No space left on device).
warning: Failed to write corefile contents (No space left on device).
...省略...
warning: Failed to write corefile contents (No space left on device).
Saved corefile core.1023　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　========》此处将保存文件为core.1023
(gdb) q
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /system/bin/app_process, process 1023
root@G808_3G:/system/bin # ll core*　　　　　　　　　　　　　　　　　　　　　　　　=====>确认文件core.1023是否已生成　　　　　　　　　　　　　　　　　　　　　　　　　　　　
ll core*
-rw-r----- root     root     15482880 2016-10-13 16:10 core.1023
root@G808_3G:/system/bin # exit　　　　　　　　　　　　　　　　　　　　　　　　　　
exit
shell@G808_3G:/ $ exit
exit

C:\Program Files (x86)\Shuame\4.0.7.207>adb pull /system/bin/core.1023 D:\corefile　　　　　　====》退出到cmd命令行使用adb pull命令将core.1023取出到本地,发现权限不够
failed to copy '/system/bin/core.1023' to 'D:\corefile/core.1023': Permission denied

C:\Program Files (x86)\Shuame\4.0.7.207>adb shell
shell@G808_3G:/ $ su
su
root@G808_3G:/ # cd /system/bin
cd /system/bin
root@G808_3G:/system/bin # ll core*
ll core*
-rw-r----- root     root     15482880 2016-10-13 16:10 core.1023
root@G808_3G:/system/bin # chmod 777 core.1023　　　　　　　　　　　　　　=====》重新进入/system/bin目录将生成的core.1023添加777权限。
chmod 777 core.1023
root@G808_3G:/system/bin # ll core*
ll core*
-rwxrwxrwx root     root     15482880 2016-10-13 16:10 core.1023
root@G808_3G:/system/bin # exit
exit
shell@G808_3G:/ $ exit
exit

C:\Program Files (x86)\Shuame\4.0.7.207>adb pull /system/bin/core.1023 D:\corefile　　　　　　　　　　======》继续尝试将文件core.1023从移动设备移动到本地
8714 KB/s (15482880 bytes in 1.735s)

C:\Program Files (x86)\Shuame\4.0.7.207>