• Uncategorized

About android : Does-android-support-the-PTRACESINGLESTEP

Question Detail

OK, this is a simple question.Does android support the PTRACE_SINGLESTEP when I use ptrace systemcall? when I want to ptrace a android apk program, I find that I can’t process the SINGLESTEP trace. But the situation changed when I use the PTRACE_SYSCALL, It can work perfectly. Does the android wipe out this function or arm lack some supports in hardware? Any help will be appreciated´╝üthanks.

this is my core program:

    int main(int argc, char *argv[])
   {   
    if(argc != 2) {
    __android_log_print(ANDROID_LOG_DEBUG,TAG,"please input the pid!");
      return -1;
    }
    if(0 != ptrace(PTRACE_ATTACH, target_pid, NULL, NULL))
   {
    __android_log_print(ANDROID_LOG_DEBUG,TAG,"ptrace attach error");
    return -1;
   }
    __android_log_print(ANDROID_LOG_DEBUG,TAG,"start  monitor process     :%d",target_pid);
    while(1)
    {
    wait(&status);
    if(WIFEXITED(status))
    {
        break;
    }
if (ptrace(PTRACE_SINGLESTEP, target_pid, 0, 0) != 0)
__android_log_print(ANDROID_LOG_DEBUG,TAG,"PTRACE_SINGLESTEP attach error");
    }
ptrace(PTRACE_DETACH, target_pid, NULL, NULL);
__android_log_print(ANDROID_LOG_DEBUG,TAG,"monitor finished");   
return 0; 
    }

I run this program on shell. And I can get the root privilege.
If I change the request to PTRACE_SYSCALL the program will run normally.
But if the request is PTRACE_SINGLESTEP, the program will get an error!

Question Answer

PTRACE_SINGLESTEP has been removed on ARM Linux since 2011, by this commit.

The HW has no support for single-stepping; previous kernel support involved decoding the instruction to figure out which one’s next (branches) and temporarily replacing it with a debug-break software breakpoint.

Quoting a mailing list message about the same commit, describing the old situation: http://lists.infradead.org/pipermail/linux-arm-kernel/2011-February/041324.html

PTRACE_SINGLESTEP is a ptrace request designed to offer single-stepping
support to userspace when the underlying architecture has hardware
support for this operation.

On ARM, we set arch_has_single_step() to 1 and attempt to emulate
hardware single-stepping by disassembling the current instruction to
determine the next pc and placing a software breakpoint on that
location.

Unfortunately this has the following problems:

  1. Only a subset of ARMv7 instructions are supported
  2. Thumb-2 is unsupported
  3. The code is not SMP safe

We could try to fix this code, but it turns out that because of the
above issues it is rarely used in practice. GDB, for example, uses
PTRACE_POKETEXT and PTRACE_PEEKTEXT to manage breakpoints itself and
does not require any kernel assistance.

This patch removes the single-step emulation code from ptrace meaning
that the PTRACE_SINGLESTEP request will return -EIO on ARM. Portable
code must check the return value from a ptrace call and handle the
failure gracefully.

Signed-off-by: Will Deacon <will.deacon at arm.com>

The comments I received about v1 suggest that:

  • If emulation is required, it is plausible to do it from userspace
  • ltrace uses the SINGLESTEP call (conditionally at compile-time since other architectures, such as mips, do not support this
    request) but does not check the return value from ptrace. This is a
    bug in ltrace.
  • strace does not use SINGLESTEP

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.