search

xuchuanyin / workbench

0 stars 0 forks source link

2019-01-23 android strace #85

Open xuchuanyin opened 5 years ago

xuchuanyin commented 5 years ago

building strace for android

download sources

git clone https://github.com/strace/strace.git

cd strace

set compiler info

export COMPILER_PATH=/home/xcy/Android/Sdk/my-android-toolchain
export CC=$COMPILER_PATH/bin/arm-linux-androideabi-gcc

export STRIP=$COMPILER_PATH/bin/arm-linux-androideabi-strip

export CFLAGS="-O2 -static"

export PATH=$PATH:$COMPILER_PATH/bin

compile

enter the source folder and do following steps,

// use autoconf to generate configure from configure.ac
xcy@uxcy:~/ws/strace/strace$ autoconf
configure.ac:25: error: possibly undefined macro: AM_INIT_AUTOMAKE
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.
configure.ac:26: error: possibly undefined macro: AM_MAINTAINER_MODE

xcy@uxcy:~/ws/strace/strace$ ls | grep configure
configure
configure.ac
README-configure

// generate makefile.in
xcy@uxcy:~/ws/strace/strace$ ./bootstrap
...
xcy@uxcy:~/ws/strace/strace$ ls | grep Make
Makefile.am
Makefile.in

xcy@uxcy:~/ws/strace/strace$ ./configure --host=arm-linux

xcy@uxcy:~/ws/strace/strace$ make

xcy@uxcy:~/ws/strace/strace$ file strace
strace: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, not stripped

xcy@uxcy:~/ws/strace/strace$ $STRIP strace
xcy@uxcy:~/ws/strace/strace$ file strace
strace: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, stripped

run

// push
xcy@uxcy:~/ws/strace/strace$ adb push ~/ws/strace/strace/strace /data/local/tmp/

// chmod
xcy@uxcy:~/ws/strace/strace$ adb shell chmod 555 /data/local/tmp/strace

// shell into your device (with adb shell) and run
shell@hammerhead:/data/local/tmp $ ./strace -h
usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...
              [-a column] [-o file] [-s strsize] [-P path]...
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
   or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]

Output format:
  -a column      alignment COLUMN for printing syscall results (default 40)
  -i             print instruction pointer at time of syscall
  -o file        send trace output to FILE instead of stderr
  -q             suppress messages about attaching, detaching, etc.
  -r             print relative timestamp
  -s strsize     limit length of print strings to STRSIZE chars (default 32)
  -t             print absolute timestamp
  -tt            print absolute timestamp with usecs
  -T             print time spent in each syscall
  -x             print non-ascii strings in hex
  -xx            print all strings in hex
  -X format      set the format for printing of named constants and flags
  -y             print paths associated with file descriptor arguments
  -yy            print protocol specific information associated with socket file descriptors

Statistics:
  -c             count time, calls, and errors for each syscall and report summary
  -C             like -c but also print regular output
  -O overhead    set overhead for tracing syscalls to OVERHEAD usecs
  -S sortby      sort syscall counts by: time, calls, name, nothing (default time)
  -w             summarise syscall latency (default is system time)

Filtering:
  -e expr        a qualifying expression: option=[!]all or option=[!]val1[,val2]...
     options:    trace, abbrev, verbose, raw, signal, read, write, fault, inject, kvm
  -P path        trace accesses to path

Tracing:
  -b execve      detach on execve syscall
  -D             run tracer process as a detached grandchild, not as parent
  -f             follow forks
  -ff            follow forks with output into separate files
  -I interruptible
     1:          no signals are blocked
     2:          fatal signals are blocked while decoding syscall (default)
     3:          fatal signals are always blocked (default if '-o FILE PROG')
     4:          fatal signals and SIGTSTP (^Z) are always blocked
                 (useful to make 'strace -o FILE PROG' not stop on ^Z)

Startup:
  -E var         remove var from the environment for command
  -E var=val     put var=val in the environment for command
  -p pid         trace process with process id PID, may be repeated
  -u username    run command as username handling setuid and/or setgid

Miscellaneous:
  -d             enable debug output to stderr
  -v             verbose mode: print unabbreviated argv, stat, termios, etc. args
  -h             print help message
  -V             print version

// keep the app in foreground, `dumpsys meminfo` will give the pid of the app. note that pidof will give too many pids for java application. Also note that here we use `root` user incase of permission related problem.
root@hammerhead:/data/local/tmp # /data/local/tmp/strace -tT -e trace=file -p 21931 -o /data/local/tmp/21931_strace.dat

// -f will include the forked child process, this will make the app obviously slow. But I think that's the app's behavior only if we collect the behaviors from all the sub-processes
root@hammerhead:/data/local/tmp # /data/local/tmp/strace -tfCT -e trace=file -p 21931 -o /data/local/tmp/21931_strace.dat

reference

http://muzso.hu/2012/04/21/how-to-compile-strace-for-use-on-an-android-phone-running-an-arm-cpu