太极taichi root Xposed框架 创建的文件路径(因为我要备份一下)me.weishu.exp

/data/adb/modules/taichi

/data/system/taichi

 

/data/app/me.weishu.exp-lxy76FCoDBKs--6qKYuL8w==

/data/data/me.weishu.exp

/data/user/0/me.weishu.exp (lrwxrwxrwx 1 root root 10 1970-12-28 18:22 /data/user/0 -> /data/data)

 

https://github.com/kam821/taichi/blob/master/uninstall.sh

SYSTEM_DIR="/data/system/taichi"
WATCH_FILE="/data/misc/taichi"
ENFORCE_FILE="/data/misc/taichi_enforce"
LOG_FILE="/data/local/tmp/taichi.log"

 

 

如何得到模块列表

AndroidManifest.xml

Xposed Installer 中的模块列表会查找具有特殊元数据标志的应用程序。

所以说,卸载太极不会影响其它第三方xp模块app

 

lsof -p 太极的pid

输出没啥东西

 

俩strace,记不清啥区别了

1|RMX1901CN:/ $ /data/local/tmp/strace -h
usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...
              [-a column] [-o file] [-s strsize] [-P path]...
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
   or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]

Output format:
  -a column      alignment COLUMN for printing syscall results (default 40)
  -i             print instruction pointer at time of syscall
  -o file        send trace output to FILE instead of stderr
  -q             suppress messages about attaching, detaching, etc.
  -r             print relative timestamp
  -s strsize     limit length of print strings to STRSIZE chars (default 32)
  -t             print absolute timestamp
  -tt            print absolute timestamp with usecs
  -T             print time spent in each syscall
  -x             print non-ascii strings in hex
  -xx            print all strings in hex
  -y             print paths associated with file descriptor arguments
  -yy            print protocol specific information associated with socket file descriptors

Statistics:
  -c             count time, calls, and errors for each syscall and report summary
  -C             like -c but also print regular output
  -O overhead    set overhead for tracing syscalls to OVERHEAD usecs
  -S sortby      sort syscall counts by: time, calls, name, nothing (default time)
  -w             summarise syscall latency (default is system time)

Filtering:
  -e expr        a qualifying expression: option=[!]all or option=[!]val1[,val2]...
     options:    trace, abbrev, verbose, raw, signal, read, write, fault, inject, kvm
  -P path        trace accesses to path

Tracing:
  -b execve      detach on execve syscall
  -D             run tracer process as a detached grandchild, not as parent
  -f             follow forks
  -ff            follow forks with output into separate files
  -I interruptible
     1:          no signals are blocked
     2:          fatal signals are blocked while decoding syscall (default)
     3:          fatal signals are always blocked (default if '-o FILE PROG')
     4:          fatal signals and SIGTSTP (^Z) are always blocked
                 (useful to make 'strace -o FILE PROG' not stop on ^Z)

Startup:
  -E var         remove var from the environment for command
  -E var=val     put var=val in the environment for command
  -p pid         trace process with process id PID, may be repeated
  -u username    run command as username handling setuid and/or setgid

Miscellaneous:
  -d             enable debug output to stderr
  -v             verbose mode: print unabbreviated argv, stat, termios, etc. args
  -h             print help message
  -V             print version
RMX1901CN:/ $ /data/local/tmp/strace
strace                  strace-android-static   straceid.txt
RMX1901CN:/ $ /data/local/tmp/strace-android-static -h
usage: strace [-CdffhiqrtttTvVxxy] [-I n] [-e expr]...
              [-a column] [-o file] [-s strsize] [-P path]...
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
   or: strace -c[df] [-I n] [-e expr]... [-O overhead] [-S sortby]
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
-c -- count time, calls, and errors for each syscall and report summary
-C -- like -c but also print regular output
-d -- enable debug output to stderr
-D -- run tracer process as a detached grandchild, not as parent
-f -- follow forks, -ff -- with output into separate files
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall
-v -- verbose mode: print unabbreviated argv, stat, termios, etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-y -- print paths associated with file descriptor arguments
-h -- print help message, -V -- print version
-a column -- alignment COLUMN for printing syscall results (default 40)
-b execve -- detach on this syscall
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
   options: trace, abbrev, verbose, raw, signal, read, write
-I interruptible --
   1: no signals are blocked
   2: fatal signals are blocked while decoding syscall (default)
   3: fatal signals are always blocked (default if '-o FILE PROG')
   4: fatal signals and SIGTSTP (^Z) are always blocked
      (useful to make 'strace -o FILE PROG' not stop on ^Z)
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
-P path -- trace accesses to path

 

 

strace

/data/local/tmp/strace -p 22671 -o /storage/emulated/0/strace20250212_200802.txt

/data/local/tmp/strace -f -p $(am start -n me.weishu.exp/me.weishu.exp.ui.MainActivity) -o /storage/emulated/0/strace20250212_202016.txt

strace -f -e trace=open,read,write -p $(adb shell am start -n com.example.app/com.example.app.MainActivity)

 

 

am start -n me.weishu.exp/me.weishu.exp.ui.MainActivity && set `ps | grep me.weishu.exp` && /data/local/tmp/strace -p $2 -o /storage/emulated/0/strace20250212_202846.txt

am start -n me.weishu.exp/me.weishu.exp.ui.MainActivity && set `ps | grep me.weishu.exp` && /data/local/tmp/strace -o /storage/emulated/0/strace20250212_202846.txt -p $2

 

am start -n me.weishu.exp/me.weishu.exp.ui.MainActivity && set `ps -A | grep me.weishu.exp` && /data/local/tmp/strace -p $2 -o /storage/emulated/0/strace20250212_203438.txt 不行 立刻执行ps进程还没启动

 

 

newfstatat(AT_FDCWD, "/data/app/me.weishu.exp-lxy76FCoDBKs--6qKYuL8w==/base.apk", {st_mode=S_IFREG|0644, st_size=9709509, ...}, 0) = 0

faccessat(AT_FDCWD, "/data/user/0/me.weishu.exp", F_OK) = 0

openat(AT_FDCWD, "/data/user/0/me.weishu.exp/files/.dat", O_RDONLY) = 68

 

ps -A | grep zygote 三行

/data/local/tmp/strace -f -p 2208 -o /storage/emulated/0/strace20250212_204139.txt(/data/local/tmp/strace: attach: ptrace(PTRACE_SEIZE, 2204): Operation not permitted)

 

am start -n me.weishu.exp/me.weishu.exp.ui.MainActivity && sleep 0.01 && set `ps -A | grep me.weishu.exp` && /data/local/tmp/strace -p $2 -o /storage/emulated/0/strace20250212_204830.txt 结果没啥用

posted @ 2025-02-12 18:22  hrdom  阅读(45)  评论(0)    收藏  举报