为什么系统调用挂钩在Linux / Android 2.6.29中每次都会产生不同的结果?

我已经通过LKM module实现了Android 2.6.29内核的系统调用挂钩。 我正在追查一个Android应用程序的系统调用。 但有趣的是,每当我得到一个系统调用列表,它都会返回不同的结果。

我不能在代码部分做出粗体文本,所以我已经把**显示差异开始的地方。

例如,

第一次运行:

 our_sys_gettid ---> uid = 10028 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 our_sys_write ---> uid = 10028 with fd= 30, buf = 230 and count=3 our_sys_close ---> uid = 10028 with fd= 30 our_sys_setpriority ---> uid = 10028 with which= 0, who=230 and niceval=0 our_sys_futex ---> uid = 10028 with uadd=      , op=1, val=1, utime=<NULL>, uaddr2=       and val3= **our_sys_gettid ---> uid = 10028 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192 ** our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496 our_sys_dup ---> uid = 10028 with fildes=32 our_sys_close ---> uid = 10028 with fd= 32 ..................... 

第二轮:

 our_sys_gettid ---> uid = 10028 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3 our_sys_close ---> uid = 10028 with fd= 30 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 our_sys_futex ---> uid = 10028 with uadd=      , op=1, val=1, utime=<NULL>, uaddr2=       and val3= **our_sys_gettid ---> uid = 10028 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952** our_sys_close ---> uid = 10028 with fd= 30 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=1181359656 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952 our_sys_dup ---> uid = 10028 with fildes=32 our_sys_close ---> uid = 10028 with fd= 32 .................... 

第三轮:

 our_sys_gettid ---> uid = 10028 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 our_sys_write ---> uid = 10028 with fd= 31, buf = 228 and count=3 our_sys_close ---> uid = 10028 with fd= 31 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 our_sys_futex ---> uid = 10028 with uadd=      , op=1, val=1, utime=<NULL>, uaddr2=       and val3=X{ D **our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp = our_sys_munmap ---> uid = 10028 with addr=1183178752 and len=770048 our_sys_close ---> uid = 10028 with fd= 32** our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264 our_sys_dup ---> uid = 10028 with fildes=31 our_sys_close ---> uid = 10028 with fd= 31 ........................ 

任何想法为什么它每次都产生不同的结果?

有没有其他更好的工具来跟踪系统调用? 我听说过strace/ptraceauditd等,但不确定它们是否适用于Android。

Solutions Collecting From Web of "为什么系统调用挂钩在Linux / Android 2.6.29中每次都会产生不同的结果?"