Android strace in Real device

2019-07-07 15:20发布

问题:

I have the following situation, I want to monitor the system calls on Android phones so I made an script to do that. With Android Emulator works perfectly (writes the traces of the application in a specific file on my Ubuntu). The problem is when I attach a real phone to analyze it, it says the following in the result file:

ptrace attach failed: Operation not permitted

I'm using this code to get it, but I don't understand why it works on the emulator and not in the rooted real device.

This is the comand I use in perl:

system("$dirTools/adb -s $Device shell strace -p $PID[1]>$dirRecordDataSet/$Date/$appName &");

Any suggestion? Thanks in advance

回答1:

Maye be the adb daemon runs with limited privilege. You can try to install strace with setuid roo. Here is manpage advice about it :

Setuid Installation

If strace is installed setuid to root then the invoking user will be able to attach to and trace processes owned by any user. In addition setuid and setgid programs will be executed and traced with the correct effective privileges. Since only users trusted with full root privileges should be allowed to do these things, it only makes sense to install strace as setuid to root when the users who can execute it are restricted to those users who have this trust. For example, it makes sense to install a special version of strace with mode 'rwsr-xr--', user root and group trace, where members of the trace group are trusted users. If you do use this feature, please remember to install a non-setuid version of strace for ordinary lusers to use.



回答2:

You can install your APK file to Android emulator by following answer of this question. After installation,

Go to Eclipse, Open DDMS view from Windows => Open Perspective.

Go to File Browser tab, click on any folder, and Click on 'Push a file to a device'. You can upload any empty trace.txt file here. I would recommend you put your file in sdcard folder.

Go to CMD as given in the above link. Type adb shell. Go to sdcard by typing cd sdcard.

Now type ps on the command line and find out PID of your APK file via its package name.

Now type strace -p <pid> -o trace.txt. All system calls will be placed in this file. When you want to finish stracing your APK, you can download this trace.txt file to your computer and see the traces.