1

I am trying to debug my embedded device by monitoring when system calls are being triggered. As of now I have a root shell connected to the device. When I do the $ top command I can see my executable /system/bin/main is running but within in this file I have multiple ioctl calls. What I want to do is "be notified" or monitor when these system calls are actually being triggered in real time. For example I know I can trigger an ioctl call by sending a request to the camera but I do not know how to view that in the root shell. I am only using ioctl in this file.

Improve this question
5
  • Is there a log occurring? Commented Nov 9, 2022 at 7:58
  • /system/bin/main suggests that this is android. For linux the standard tool for years was strace but these days bpftrace might be a better choice. Commented Nov 9, 2022 at 8:14
  • It is not android... the name of my executable is just main. This is linux 32 bit little endian Mips @icarus Commented Nov 9, 2022 at 18:39
  • OK. use strace. If the executable is already running the you can use strace -p PID -f -e ioctl (filling in the correct value for the process id of course). otherwise use strace -f -e ioctl main. Commented Nov 9, 2022 at 19:06
  • Thank you! @icarus Commented Nov 9, 2022 at 19:31

1 Answer 1

Reset to default
1

There is an utility called strace, which does exactly that: attaches to a program and displays its system calls. You could use it like strace <program>, but then it would be mixing with the normal program output and interfering with it. A better way (that requires root access though) would be to first run the program, then pgrep <program> to get its PID or find it manually via top, and then in a separate shell run as root strace -p <pid>. You could then grep there for ioctl() and pipe that to notify-send or a bell echo via xargs to get notified every time. Also, it is possible to trace just ioctl() by passing -e trace=ioctl to strace, and by adding the -f argument it would also trace any child processes created. A full command would probably look like this:

strace -f -e trace=ioctl -p <pid> 2>&1 | tee ioctl.log | tee >(xargs -L1 echo -e '\a')

Omit the last command to simply output the ioctls to the stdout. Swap echo -e \b for a notify-send or any other notification creator of your preference that would get called every time a new ioctl happens.

Improve this answer
2
  • Can I use this while the the main file is already in execution? Currently my file runs right after boot so I am not manually starting it with a command. Starting another instance would also not work. @aviro Commented Nov 9, 2022 at 18:41
  • @AskedSuperior yes, it would attach to any running process. Commented Nov 10, 2022 at 10:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.