I have the following situation, I want to monitor the system calls on Android phones so I made an script to do that. With Android Emulator works perfectly (writes the traces of the application in a specific file on my Ubuntu). The problem is when I attach a real phone to analyze it, it says the following in the result file:
ptrace attach failed: Operation not permitted
I'm using this code to get it, but I don't understand why it works on the emulator and not in the rooted real device.
This is the comand I use in perl:
system("$dirTools/adb -s $Device shell strace -p $PID[1]>$dirRecordDataSet/$Date/$appName &");
Any suggestion? Thanks in advance
Maye be the adb daemon runs with limited privilege. You can try to install strace with setuid roo. Here is manpage advice about it :
Setuid Installation
If strace is installed setuid to root then the invoking user will be able to attach to and trace processes owned by any user. In addition setuid and setgid programs will be executed and traced with the correct effective privileges. Since only users trusted with full root privileges should be allowed to do these things, it only makes sense to install strace as setuid to root when the users who can execute it are restricted to those users who have this trust. For example, it makes sense to install a special version of strace with mode 'rwsr-xr--', user root and group trace, where members of the trace group are trusted users. If you do use this feature, please remember to install a non-setuid version of strace for ordinary lusers to use.