https://source.android.com/devices/tech/debug/strace
就是linux下的trace,常规使用方法
strace -f -p PID # -f 附加子进程
想要在应用启动时,去strace。
手段1 strace zygote进程
zygote进程为孵化app的进程,strace zygote 再点击app能包含所有的进程所有的系统调用行为,额外多出zygote 的进程行为。
手段2 -D 启动activity
调试启动app ,strace后再利用调试器附加。
实例
截取GG修改器的文件行为,
16304 openat(AT_FDCWD, "/proc/189/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/190/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/190/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/191/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/191/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/192/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/192/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/193/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/193/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/194/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/194/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/195/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/195/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/196/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/196/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/197/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/197/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/198/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/198/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/199/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/199/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/200/status", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/200/cmdline", O_RDONLY) = 8
16304 openat(AT_FDCWD, "/proc/201/status", O_RDONLY) = 8
0 条评论