我已经Android 2.6.29通过LKM module.我正在追踪一个 Android 应用程序的系统调用。但有趣的是,每次我获得系统调用列表时,它都会返回不同的结果。
我无法在代码部分中使用粗体文本,因此我使用 ** 来显示差异的开始位置。
例如,
第一次运行:
our_sys_gettid ---> uid = 10028
our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0
our_sys_write ---> uid = 10028 with fd= 30, buf = 230 and count=3
our_sys_close ---> uid = 10028 with fd= 30
our_sys_setpriority ---> uid = 10028 with which= 0, who=230 and niceval=0
our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=
**our_sys_gettid ---> uid = 10028
our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192 **
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496
our_sys_dup ---> uid = 10028 with fildes=32
our_sys_close ---> uid = 10028 with fd= 32
.....................
第二次运行:
our_sys_gettid ---> uid = 10028
our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0
our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3
our_sys_close ---> uid = 10028 with fd= 30
our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0
our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=
**our_sys_gettid ---> uid = 10028
our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0
our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952**
our_sys_close ---> uid = 10028 with fd= 30
our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=1181359656
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952
our_sys_dup ---> uid = 10028 with fildes=32
our_sys_close ---> uid = 10028 with fd= 32
....................
第三次运行:
our_sys_gettid ---> uid = 10028
our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0
our_sys_write ---> uid = 10028 with fd= 31, buf = 228 and count=3
our_sys_close ---> uid = 10028 with fd= 31
our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0
our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=X{�D
**our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =
our_sys_munmap ---> uid = 10028 with addr=1183178752 and len=770048
our_sys_close ---> uid = 10028 with fd= 32**
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264
our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264
our_sys_dup ---> uid = 10028 with fildes=31
our_sys_close ---> uid = 10028 with fd= 31
........................
知道为什么每次都会产生不同的结果吗?
还有其他更好的工具来跟踪系统调用吗?我听说过等等strace/ptrace,auditd但不确定它们是否适用于 Android。
答案1
我建议您在真实设备而不是模拟器上运行和跟踪您的应用程序。模拟器缺乏真实设备所具备的某些功能,因此尝试使用模拟器执行某些任务确实会产生不稳定的结果。