SeeFlowerX / stackplz

基于eBPF的堆栈追踪工具
Apache License 2.0
911 stars 179 forks source link

Error when using --stack option in Redroid #53

Closed isjuye closed 3 months ago

isjuye commented 3 months ago

您好,

在 Redroid 中对所有应用程序和选项添加 --stack 选项时,出现以下错误,导致无法输出 stack:

Error when GetStack:[GetStack] get pid_maps failed by pid:2017599488

当前在 Redroid 上运行:

redroid_arm64:/data/local/tmp # uname -a
Linux localhost 6.5.0-1025-oracle #25~22.04.1-Ubuntu SMP Fri Jun 14 14:45:36 UTC 2024 aarch64

特别情况:

130|redroid_arm64:/data/local/tmp # ./stackplz
CheckKernelConfig failed, error:Kernel config read failed, error:open /proc/config.gz: no such file or directory
1|redroid_arm64:/data/local/tmp #

由于 Ubuntu 中不存在 /proc/config.gz 文件,因此必须使用 --nocheck 选项。

以下是执行命令和完整日志:

执行命令:

./stackplz --nocheck -n re.pwnme -s openat:f0 --no-tname crash_dump64 -f w:/sbin/su --stack

完整日志:

findBTFAssets btf_file=a12-5.10-arm64_min.btf
warn, no running process of re.pwnme
hook syscall count:1
ConfigMap{stackplz_pid=19251,thread_whitelist=0}
uid => whitelist:[10118];blacklist:[]
pid => whitelist:[];blacklist:[]
tid => whitelist:[];blacklist:[]
start 2 modules
Error when GetStack:[GetStack] get pid_maps failed by pid:2017599488
Error when GetStack:[GetStack] get pid_maps failed by pid:2017599488
[2017599488|0|re.pwnme] openat(dirfd=-100, *pathname=0xf51b80b7f3af(/sbin/su), flags=0x0, mode=0o000) LR:0xf51e75369740 PC:0xf51e753ab1d8 SP:0xf51b809c6650
[2017599488|0|re.pwnme] openat(dirfd=-100, *pathname=0xf51b80b7f3af, flags=0x0, mode=0o000, ret=-2)
Error when GetStack:[GetStack] get pid_maps failed by pid:2017599488
Error when GetStack:[GetStack] get pid_maps failed by pid:2017599488
[2017599488|0|re.pwnme] openat(dirfd=-100, *pathname=0xf51b80b7f3af(/sbin/su), flags=0x0, mode=0o000) LR:0xf51b80a64184 PC:0xf51b80a642a8 SP:0xf51b809c6780
[2017599488|0|re.pwnme] openat(dirfd=-100, *pathname=0xf51b80b7f3af, flags=0x0, mode=0o000, ret=-2)

请帮忙确认此问题并提供解决方案。 谢谢。

SeeFlowerX commented 3 months ago

btf不匹配问题,你需要在host开启BTF,然后使用--btf 选项

isjuye commented 3 months ago

感谢您的快速帮助和回复。

感谢您创建了一个如此好的工具。

redroid_arm64:/data/local/tmp # ./stackplz --nocheck -n re.pwnme -s openat:f0 --no-tname crash_dump64 -f w:/sbin/su --stack --btf
warn, no running process of re.pwnme
hook syscall count:1
ConfigMap{stackplz_pid=6336, thread_whitelist=0}
uid => whitelist:[10118];blacklist:[]
pid => whitelist:[];blacklist:[]
tid => whitelist:[];blacklist:[]
start 2 modules
[6354|6422|re.pwnme] openat(dirfd=-100, *pathname=0xfeaee86763af(/sbin/su), flags=0x0, mode=0o000) LR:0xfeb1e731d740 PC:0xfeb1e735f1d8 SP:0xfeaee7344650, Backtrace:
  #00 pc 000000000009b1d8  /apex/com.android.runtime/lib64/bionic/libc.so (__openat+8)
  #01 pc 000000000005973c  /apex/com.android.runtime/lib64/bionic/libc.so (open64+216)
  #02 pc 0000000000099180  /data/app/~~M4YH_lrAPIfbyMYFmMyjKA==/re.pwnme-yUhthilLxeWlRPYO0QOfKg==/lib/arm64/libnative-lib.so

[6354|6422|re.pwnme] openat(dirfd=-100, *pathname=0xfeaee86763af, flags=0x0, mode=0o000, ret=-2)
[6354|6422|re.pwnme] openat(dirfd=-100, *pathname=0xfeaee86763af(/sbin/su), flags=0x0, mode=0o000) LR:0xfeaee855b184 PC:0xfeaee855b2a8 SP:0xfeaee7344780, Backtrace:
  #00 pc 00000000000992a8  /data/app/~~M4YH_lrAPIfbyMYFmMyjKA==/re.pwnme-yUhthilLxeWlRPYO0QOfKg==/lib/arm64/libnative-lib.so

[6354|6422|re.pwnme] openat(dirfd=-100, *pathname=0xfeaee86763af, flags=0x0, mode=0o000, ret=-2)