Skip to main content

Posts

Showing posts with the label HPROF

Better Memory Dumps @ Droidcon Berlin 2015

My Droidcon Berlin 2015 talk about how to make memory dumps a useful tool for debugging Android apps is now online on YouTube. More information can be found in the related post below as well as on the Badoo github page .
Post a Comment
Read more

Better Memory Dumps on Android

First published on the Badoo Techblog This is a follow-up on the previous article about Deobfuscating HPROF memory dumps. Reading that article isn’t a requirement, some knowledge of the HPROF file format is useful. While implementing the previously mentioned HPROF deobfuscator I became familiar enough with the HPROF file format to realize that there are several aspects of it that could be optimized for usage on mobile devices. The HPROF format has been around since at least the late 1990s (earliest mention I could find was a bug report from 1998) and since then it has not changed much. Even when Google adopted it as the standard memory dump format for Android they only made some minor additions (requiring the use of hprof-conv to convert to standard HPROF format). In this article I will make the case for moving to a better (in my opinion) file format and show the benefits and new opportunities that such a move would allow. TL:DR Show me the code! The full source code for the...
Post a Comment
Read more

Deobfuscating HPROF memory dumps

First posted on the Badoo tech blog According to Crittercism  1 , the second most common crash reported in Android apps is java.lang.OutOfMemoryError, so it stands to reason that analyzing these crashes should be one of the top priorities for any Android developer. If you are analyzing memory dumps from a debug build or if you are not using obfuscation this process is fairly straightforward. However, if your heap dump is coming from an app built using obfuscation (Proguard or Dexguard) you are in for quite a challenge (or at least you were, until now). In the image below you can see a typical obfuscated instance dump in Eclipse Memory Analyzer (MAT), where most of the field names have been replaced with indecipherable one-character names. Figure 1: Before deobfuscation Can we do anything about this then? Well, if you have the mapping files you could look up each symbol to figure out the name of the field and its value, but it would be an extremely time-consumi...
Post a Comment
Read more