请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) #437

ljz2009y · 2023-12-06T14:54:51Z

m1 mac 电脑。模拟器

请问如何开启 Enable BTF BPF Type Format 求指教，感谢。

ljz2009y · 2023-12-06T15:10:28Z

➜ ecapture git:(master) make nocore

if [ $? -ne 0 ]; then
/bin/bash: -c: line 1: syntax error: unexpected end of file
make: *** [.check_clang] Error 2

执行 make nocore 命令，遇到这个错误，不知道如何解决。

ljz2009y · 2023-12-06T15:52:33Z

使用 ecapture-android-aarch64_nocore-v0.7.0 会报错：

tls_2023/12/06 15:51:27 ECAPTURE :: ecapture Version : androidgki_aarch64:0.7.0-20231203-2fbdf3f:5.4.0-155-generic
tls_2023/12/06 15:51:27 ECAPTURE :: Pid Info : 16075
tls_2023/12/06 15:51:27 ECAPTURE :: Kernel Info : 5.10.110
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL module initialization
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL master key keylogger:
tls_2023/12/06 15:51:27 ECAPTURE :: Module.Run()
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL Text MODEL
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL OpenSSL/BoringSSL version not found, used default version :android_default
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL HOOK type:2, binrayPath:/apex/com.android.conscrypt/lib64/libssl.so
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL Hook masterKey function:SSL_in_init
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL libPthread:/apex/com.android.runtime/lib64/bionic/libc.so
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL target all process.
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL target all users.
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/boringssl_a_13_kern.o
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL perfEventReader created. mapSize:20 MB
tls_2023/12/06 15:51:27 EBPFProbeOPENSSL perfEventReader created. mapSize:20 MB
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x2b4d80]

goroutine 1 [running]:
github.com/cilium/ebpf/perf.NewReaderWithOptions(0x40000b4500, 0x1400000, {0x118fb00?, 0xd8?})
/home/ubuntu/go/pkg/mod/github.com/cilium/ebpf@v0.12.3/perf/reader.go:234 +0x270
github.com/cilium/ebpf/perf.NewReader(...)
/home/ubuntu/go/pkg/mod/github.com/cilium/ebpf@v0.12.3/perf/reader.go:187
ecapture/user/module.(*Module).perfEventReader(0x400013a580, 0x400041a000, 0x40000b4500)
/home/ubuntu/project/ecapture/user/module/imodule.go:193 +0x140
ecapture/user/module.(*Module).readEvents(0x400013a580)
/home/ubuntu/project/ecapture/user/module/imodule.go:181 +0xfc
ecapture/user/module.(*Module).Run(0x400013a580)
/home/ubuntu/project/ecapture/user/module/imodule.go:140 +0x100
ecapture/cli/cmd.openSSLCommandFunc(0x4000170a00?, {0x52d3c8?, 0x4?, 0x52d324?})
/home/ubuntu/project/ecapture/cli/cmd/tls.go:131 +0x680
github.com/spf13/cobra.(*Command).execute(0xc1d4c0, {0x118e2c0, 0x0, 0x0})
/home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860 +0x53c
github.com/spf13/cobra.(*Command).ExecuteC(0xc1d240)
/home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974 +0x318
github.com/spf13/cobra.(*Command).Execute(...)
/home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902
ecapture/cli/cmd.Execute()
/home/ubuntu/project/ecapture/cli/cmd/root.go:75 +0x108
ecapture/cli.Start(...)
/home/ubuntu/project/ecapture/cli/main.go:22
main.main()
/home/ubuntu/project/ecapture/main.go:73 +0x1c0

cfc4n · 2023-12-07T11:07:27Z

看上去是bug，晚点我测试看看。

cfc4n · 2023-12-08T14:33:35Z

➜ ecapture git:(master) make nocore

if [ $? -ne 0 ]; then /bin/bash: -c: line 1: syntax error: unexpected end of file make: *** [.check_clang] Error 2

执行 make nocore 命令，遇到这个错误，不知道如何解决。

看上去是你bash或者make的问题，参考 builder/init_env.sh配置一下环境吧。最好是ubuntu 22.04

cfc4n · 2023-12-08T14:35:10Z

使用 ecapture-android-aarch64_nocore-v0.7.0 会报错：

tls_2023/12/06 15:51:27 ECAPTURE :: ecapture Version : androidgki_aarch64:0.7.0-20231203-2fbdf3f:5.4.0-155-generic tls_2023/12/06 15:51:27 ECAPTURE :: Pid Info : 16075 tls_2023/12/06 15:51:27 ECAPTURE :: Kernel Info : 5.10.110 tls_2023/12/06 15:51:27 EBPFProbeOPENSSL module initialization tls_2023/12/06 15:51:27 EBPFProbeOPENSSL master key keylogger: tls_2023/12/06 15:51:27 ECAPTURE :: Module.Run() tls_2023/12/06 15:51:27 EBPFProbeOPENSSL Text MODEL tls_2023/12/06 15:51:27 EBPFProbeOPENSSL OpenSSL/BoringSSL version not found, used default version :android_default tls_2023/12/06 15:51:27 EBPFProbeOPENSSL HOOK type:2, binrayPath:/apex/com.android.conscrypt/lib64/libssl.so tls_2023/12/06 15:51:27 EBPFProbeOPENSSL Hook masterKey function:SSL_in_init tls_2023/12/06 15:51:27 EBPFProbeOPENSSL libPthread:/apex/com.android.runtime/lib64/bionic/libc.so tls_2023/12/06 15:51:27 EBPFProbeOPENSSL target all process. tls_2023/12/06 15:51:27 EBPFProbeOPENSSL target all users. tls_2023/12/06 15:51:27 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/boringssl_a_13_kern.o tls_2023/12/06 15:51:27 EBPFProbeOPENSSL perfEventReader created. mapSize:20 MB tls_2023/12/06 15:51:27 EBPFProbeOPENSSL perfEventReader created. mapSize:20 MB panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x2b4d80]

goroutine 1 [running]: github.com/cilium/ebpf/perf.NewReaderWithOptions(0x40000b4500, 0x1400000, {0x118fb00?, 0xd8?}) /home/ubuntu/go/pkg/mod/github.com/cilium/ebpf@v0.12.3/perf/reader.go:234 +0x270 github.com/cilium/ebpf/perf.NewReader(...) /home/ubuntu/go/pkg/mod/github.com/cilium/ebpf@v0.12.3/perf/reader.go:187 ecapture/user/module.(*Module).perfEventReader(0x400013a580, 0x400041a000, 0x40000b4500) /home/ubuntu/project/ecapture/user/module/imodule.go:193 +0x140 ecapture/user/module.(*Module).readEvents(0x400013a580) /home/ubuntu/project/ecapture/user/module/imodule.go:181 +0xfc ecapture/user/module.(*Module).Run(0x400013a580) /home/ubuntu/project/ecapture/user/module/imodule.go:140 +0x100 ecapture/cli/cmd.openSSLCommandFunc(0x4000170a00?, {0x52d3c8?, 0x4?, 0x52d324?}) /home/ubuntu/project/ecapture/cli/cmd/tls.go:131 +0x680 github.com/spf13/cobra.(*Command).execute(0xc1d4c0, {0x118e2c0, 0x0, 0x0}) /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860 +0x53c github.com/spf13/cobra.(*Command).ExecuteC(0xc1d240) /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974 +0x318 github.com/spf13/cobra.(*Command).Execute(...) /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902 ecapture/cli/cmd.Execute() /home/ubuntu/project/ecapture/cli/cmd/root.go:75 +0x108 ecapture/cli.Start(...) /home/ubuntu/project/ecapture/cli/main.go:22 main.main() /home/ubuntu/project/ecapture/main.go:73 +0x1c0

这个是你自己修改代码编译的吗？我这里运行正常。。

或者你指定一下mapsize参数试试。

./ecapture tls --mapsize 256

cfc4n · 2023-12-08T14:56:17Z

我用的是Android Studio自带的模拟器，里面的镜像也都是非CO-RE的，也就是说不支持BTF。你最好更换不同的eCapture版本，而不是想办法让android开启BTF。

cfc4n · 2023-12-16T12:23:31Z

没问题的话，关了哦。

cfc4n added the bug Something isn't working label Dec 7, 2023

cfc4n added invalid This doesn't seem right question Further information is requested and removed bug Something isn't working labels Dec 10, 2023

cfc4n closed this as completed Dec 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) #437

请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) #437

ljz2009y commented Dec 6, 2023

ljz2009y commented Dec 6, 2023

ljz2009y commented Dec 6, 2023

cfc4n commented Dec 7, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 16, 2023

请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) #437

请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) #437

Comments

ljz2009y commented Dec 6, 2023

ljz2009y commented Dec 6, 2023

ljz2009y commented Dec 6, 2023

cfc4n commented Dec 7, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 8, 2023

cfc4n commented Dec 16, 2023