I have the following situation, I want to monitor the system calls on Android phones so
I made an script to do that. With Android Emulator works perfectly (writes the traces of the application in a specific file on my Ubuntu).
The problem is when I attach a real phone to analyze it, it says the following in the result file:
ptrace attach failed: Operation not permitted
I'm using this code to get it, but I don't understand why it works on the emulator and not in the rooted real device.
This is the comand I use in perl:
system("$dirTools/adb -s $Device shell strace -p $PID[1]>$dirRecordDataSet/$Date/$appName &");
Any suggestion? Thanks in advance
Maye be the adb daemon runs with limited privilege. You can try to install strace with setuid roo. Here is manpage advice about it :
Setuid Installation
If strace is installed setuid to root
then the invoking user will be able to
attach to and trace processes owned by
any user. In addition setuid and
setgid programs will be executed and
traced with the correct effective
privileges. Since only users trusted
with full root privileges should be
allowed to do these things, it only
makes sense to install strace as
setuid to root when the users who can
execute it are restricted to those
users who have this trust. For
example, it makes sense to install a
special version of strace with mode
'rwsr-xr--', user root and group
trace, where members of the trace
group are trusted users. If you do use
this feature, please remember to
install a non-setuid version of strace
for ordinary lusers to use.
You can install your APK file to Android emulator
by following answer of this question. After installation,
Go to Eclipse, Open DDMS
view from Windows => Open Perspective.
Go to File Browser
tab, click on any folder, and Click on 'Push a file to a device'. You can upload any empty trace.txt file here. I would recommend you put your file in sdcard folder.
Go to CMD as given in the above link. Type adb shell
. Go to sdcard by typing cd sdcard
.
Now type ps
on the command line and find out PID of your APK file via its package name.
Now type strace -p <pid> -o trace.txt
. All system calls will be placed in this file. When you want to finish stracing your APK, you can download this trace.txt file to your computer and see the traces.