search

SeeFlowerX / stackplz

基于eBPF的堆栈追踪工具
Apache License 2.0
925 stars 179 forks source link

dev 版 `--stack`及 `--point strstr[str,str]` 无法取得 #42

Closed chouex closed 10 months ago

chouex commented 10 months ago

v2.1.4正常, 但563fd9d版出现以下问题

  1. --stack can't get sp reg value
  2. --point strstr[str,str] 無法取得[str,str]的值, 如下例0x46c99c
 ./stackplz  --nocheck --btf -u 10077 --point strstr[str,str] --getoff --stack
hook uprobe, count:1
idx:0 [/apex/com.android.runtime/lib64/bionic/libc.so] -> sym:strstr off:0x0 str,str
uid => whitelist:[10077];blacklist:[]
pid => whitelist:[];blacklist:[]
tid => whitelist:[];blacklist:[]
start 2 modules
can't get sp reg value[6888|6888|xxxxxxx] strstr(arg_0=0xfffff4212608(), arg_1=0xf240219c97a0()) LR:0xf240218ad99c(libmbjlidejfdjc.so + 0x46c99c) PC:0xf2434cbd8b20(libc.so + 0x98b20) SP:0xfffff4211320
can't get sp reg value[6888|6888|xxxxxxx] strstr(arg_0=0xf240218d2cf7(), arg_1=0xf2434cb5d8b3()) LR:0xf2434cb9bf40(libc.so + 0x5bf40) PC:0xf2434cbd8b20(libc.so + 0x98b20) SP:0xfffff4213af0
can't get sp reg value[6888|6924|pool-5-thread-1] strstr(arg_0=0xf24339a464e7(), arg_1=0xf2401a3e2cf0()) LR:0xf24339b8e464(libicuuc.so + 0x185464) PC:0xf2434cbd8b20(libc.so + 0x98b20) SP:0xf2401a3e2c30


 ./stackplz214  --nocheck --btf -u 10077 --point strstr[str,str] --getoff --stack
hook uprobe, count:1
uid => whitelist:[10077];blacklist:[]
pid => whitelist:[];blacklist:[]
tid => whitelist:[];blacklist:[]
start 2 modules
[6527|6527|xxxxxxx] strstr(arg_0=0xfffff4212608(Name:   xxxxxxx
Umask:  0077
State:  R (running)
Tgid:   6527
Ngid:   0xxxxxxxxxxxxx), arg_1=0xf2401d1a57a0(TracerPid:)) LR:0xf2401d08999c(libmbjlidejfdjc.so + 0x46c99c) PC:0xf2434cbd8b20(libc.so + 0x98b20) SP:0xfffff4211320, Stackinfo:
  #00 pc 0000000000098b20  /apex/com.android.runtime/lib64/bionic/libc.so (strstr)
  #01 pc 000000000046c998  /data/app/~~p0QUg1dRyl2-1COPcUYS4w==/xxxxxxx-5iYdnEcaT5eCIWaG17t8-g==/lib/arm64/libmbjlidejfdjc.so
  #02 pc 00000000000513b8  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+748)
  #03 pc 000000000003beb8  /apex/com.android.runtime/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+1996)```
SeeFlowerX commented 10 months ago

使用新版本的时候,需要执行一次./stackplz --prepare释放动态库

读取不到的问题也修复了,下载最新版dev即可

chouex commented 10 months ago
  1. --prepare 已解决 can't get sp reg value
  2. 最新版dev已解决