I am trying to create a monitoring application for Android as part of a project. For this, I want to use strace, but I was unable to make Strace work on a Real Device.
To test Strace, initially I tried to start Strace using Adb with the following code:
adb shell
root@mako:/ # strace -p 9807
Strace starts correctly but (as far as I can see) whenever any user input comes to the application, it gives the following output and while Strace exits, The application it traces restarts itself:
clock_gettime(CLOCK_MONOTONIC, {68514, 862578038}) = 0
clock_gettime(CLOCK_MONOTONIC, {68514, 862822201}) = 0
clock_gettime(CLOCK_MONOTONIC, {68514, 863035844}) = 0
clock_gettime(CLOCK_MONOTONIC, {68514, 863249487}) = 0
clock_gettime(CLOCK_MONOTONIC, {68514, 863463129}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xd} ---
sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTART}, {0xb520a3b9, [], SA_STACK|SA_SIGINFO}, 0) = 0
sigaction(SIGHUP, {0xb520a3b9, [], SA_STACK|SA_SIGINFO}, NULL, 0) = 0
prctl(PR_GET_NAME, 0xb6fcbb6c, 0, 0, 0) = 0
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 31
fcntl64(31, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
connect(31, {sa_family=AF_LOCAL, sun_path="/dev/socket/logdw"}, 110) = 0
clock_gettime(CLOCK_REALTIME, {1420310998, 749300862}) = 0
writev(1, [{"\4", 1}, {"\365%", 2}, {"\3269\250T~l\251,", 8}, {"\7", 1}, {"libc\0", 5}, {"Fatal signal 1 (???), code 1 in "..., 59}], 6) = 76
close(1) = 0
prctl(PR_GET_DUMPABLE) = 1
socket(PF_LOCAL, SOCK_STREAM, 0) = 1
connect(1, {sa_family=AF_LOCAL, sun_path=@"android:debuggerd"}, 20) = 0
write(1, "\0\0\0\0\365%\0\0\0\0\0\0\1\0\0\0", 16) = 16
read(1, "", 1) = 0
close(1) = 0
sigaction(SIGHUP, {SIG_DFL, [], SA_RESTART}, {0xb520a3b9, [], SA_STACK|SA_SIGINFO}, 0) = 0
rt_sigreturn() = 1545157337
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xd} ---
+++ killed by SIGSEGV +++
When I try the same thing on a emulator, it works fine.
My device is rooted and I believe I gave necessary permissions to adb (SuperSU asked to grant SuperUser rights and the shell is root@mako). I also downloaded an strace binary, pushed it to device and tried to trace it by opening in an app (by trying to trace the same app Strace is opened), but it also gives a similar behaviour.
I tried this both with both Usb Debugging enabled and Eclipse open and without Usb debugging. When Eclipse is open, before the app crashes Logcat gives the following log:
01-03 21:15:13.936: E/(11338): ptrace attach failed: Operation not permitted
which makes me think that it is a permission issue, but it is also confusing since strace works until a user input is given.
So right now I am very confused about why Strace does not work on my device. Any help or pointers to the right direction is appreciated.
Edit: I am using Android 5.0.1 which may or may not also be an issue here, because I read somewhere that there are some problems with ptrace after Kitkat due to security improvements, but again I am not sure if this is the problem. Any confirmation/ solution would be perfect.
