Skip to content

Android strace guide

steadfasterX edited this page Apr 24, 2023 · 9 revisions

The ultimate strace guide

download + installation

The following is a precompiled strace binary made for arm64 devices: strace.bin . This is not a special strace binary and meant as a fallback only if you don't have any included in your OS etc.

Installation:

  1. adb root
  2. adb remount
  3. adb push strace.bin /system/bin/strace
  4. adb shell chmod +x /system/bin/strace

tracing a process

the following is assumed for all commands before:

adb shell
ps |grep whateverproc

--> get the pid (FILLINPID in the next steps)

execute a binary by strace and output to a file

strace -tt -y -ff -a 120 -s 600 -o /tmp/strace.log <BINARY>

the following allows to filter before:

strace -tt -y -ff -a 120 -s 600 <BINARY> 2>&1 |grep -v ppoll > /tmp/strace.log

attach to a running single pid and output to a file

strace -tt -y -ff -a 120 -s 600 -p FILLINPID -o /tmp/strace.log

the following allows to filter before:

strace -tt -y -ff -a 120 -s 600 -p FILLINPID 2>&1 |grep -v ppoll > /tmp/strace.log

multiple pids (non-forked ones) at the same time

check "ARGS EXPLAINED" bc usually this is not needed due to -ff

strace -tt -y -a 120 -s 600 -ff -p FILLINPID1 -p FILLINPID2 -o /tmp/strace.log

again here with a filter:

strace -tt -y -a 120 -s 600 -ff -p FILLINPID1 -p FILLINPID2 2>&1 |grep -v ppoll > /tmp/strace.log

dynamic pid

<FILL-IN-COMMAND> is what you see in "ps" output:

strace -y -ff -a 120 -s 600 -tt -p $(ps -A -o pid,command | grep '<FILL-IN-COMMAND>' | egrep -o '[0-9]+')

or without adb shell before (beware of the quotes! the following cmd expects running on linux):

adb shell "strace -y -ff -a 120 -s 600 -tt -p \$(ps -A -o pid,command | grep '<FILL-IN-COMMAND>' | egrep -o '[0-9]+')" 2>&1 | egrep -v "ppoll|nanosl|dbfifo"

PIPE grep (| grep) for all files accessed

strace ... 2>&1 | grep -v pmsg | egrep "faccessat|fstatat64|openat|denied|fail"

tracing a service

  1. prepare service, yes even start it!
stop <service-name>
setprop ctl.sigstop_on <service-name>
start <service-name>
  1. find sigstopped init and attach strace to it
ps -A |grep stop (find the sigstopped init PID : "do_signal_stop")
strace -tt -y -a 120 -s 600 -ff -p <PID>

or if you want to save the output to a file:

strace -tt -y -a 120 -s 600 -ff -p <PID> -o /sdcard/Download/strace_service.log

  1. continue starting the service by opening a NEW adb shell and:

kill -SIGCONT <pid of the above sigstopped init>

The service will continue as usual but completely strace'd.

strace args explained

-y    : print paths associated with file descriptor arguments
-tt   : print absolute timestamp with usecs
-ff   : follow forks with output into separate files (mainly for "-o" only)
-a    : alignment COLUMN for printing syscall results (default 40)
-s    : limit length of print strings to STRSIZE chars (default 32)
-p    : pid of the process we want to attach to
-o    : output everything to a give file instead of stdin (-ff is recommended then, too)
Clone this wiki locally