Not working on Android 10
Created by: summershrimp
Workaround at #3543 not work anymore. This time seems some bug DR dealing with bionic libc.
After diffing bionic between P and Q beta, It seems that TLS structure is changed. I'm not sure this is the problem.
Firstly I think it is the issue of the newer kernel
Linux localhost 4.14.69 #1 SMP PREEMPT Wed Jun 5 23:46:39 CST 2019 aarch64 Android
But I tried DR with Linux 4.19 and glibc, it works fine. So it might be the bionic libc.
The target behavior: Static link glibc no-pie running under Android Q: OK Static link glibc pie running under Android Q: OK Static link bionic no-pie running under Android Q: OK Static link bionic pie running under Android Q: Not compiling Dynamic link bionic no-pie running under Android Q: OK (Not sure why DR bypass linker PIE checking) Dynamic link bionic pie running under Android Q: Stuck at some point
And I strace the DR and target with strace -f ./bin64/drrun -c ./samples/bin64/libinscount.so -- ../hello_pie, DR clone it self and creates a lot of subprocess as the same args as it self.
Debug mode would trigger ASSERT
$ ./bin64/drrun -debug -c ./samples/bin64/libinscount.so -- ../hello_pie
<Starting application /data/data/com.termux/files/home/hello_pie (30046)>
<Initial options = -no_dynamic_options -client_lib '/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/samples/bin64/libinscount.so;0;' -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct >
<Paste into GDB to debug DynamoRIO clients:
set confirm off
add-symbol-file '/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/samples/bin64/libinscount.so' 0x0000007e55ea1670
add-symbol-file '/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/lib64/debug/libdynamorio.so' 0x0000007e99ebf1e0
add-symbol-file '/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/ext/lib64/debug/libdrmgr.so' 0x0000007e55f162f0
add-symbol-file '/system/lib64/libm.so' 0x0000007e9a72a000
add-symbol-file '/system/lib64/libc.so' 0x0000007e99be3000
add-symbol-file '/system/lib64/ld-android.so' 0x0000007e9a715000
add-symbol-file '/system/lib64/libdl.so' 0x0000007e9a710000
>
Client inscount is running
<get_memory_info mismatch! (can happen if os combines entries in /proc/pid/maps)
os says: 0x0000007e9a6cd000-0x0000007e9a6d7000 prot=0x00000003
cache says: 0x0000007e9a6d4000-0x0000007e9a6d5000 prot=0x00000003
>
<(1+x) Handling our fault in a TRY at 0x0000007e99f788a8>
<Application /data/data/com.termux/files/home/hello_pie (30046). Internal Error: DynamoRIO debug check failure: /home/xm1994/Projects/dynamorio/core/vmareas.c:8175 is_readable_without_exception_try(pc, 1)
(Error occurred @4220 frags)
version 7.91.18058, custom build
-no_dynamic_options -client_lib '/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/samples/bin64/libinscount.so;0;' -code_api -stack_size 56K -signal_stack_size 32K -max_elide_jmp 0 -max_elide_call 0 -early_inject -emulate_brk -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_co
0x0000007dd5f127b0 0x0000007e99f71b34
0x0000007dd5f12950 0x0000007e9a039590
0x0000007dd5f12b90 0x0000007e9a17181c
0x0000007dd5f12cf0 0x0000007e9a17da94
0x0000007dd5f12d30 0x0000007e9a17ded4
0x0000007dd5f12d80 0x0000007e99f56f34
0x0000007dd5f12f40 0x0000007e9a60db6c
0x0000007fff64fa10 0x0000007e9a60dd88
0x0000007fff64fa90 0x0000007e9a60dc94
0x0000007fff64fb10 0x0000007e9a60dc94
0x0000007fff64fb90 0x0000007e9a609d68
0x0000007fff650d30 0x0000007e9a608f38
0x0000007fff651020 0x0000007e9a6101d8
/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/samples/bin64/libinscount.so=0x0000007e55e9a000
/system/lib64/libm.so=0x0000007e9a718000
/system/lib64/libc.so=0x0000007e99ba2000
/system/lib64/libdl.so=0x0000007e9a70f000
/system/lib64/ld-android.so=0x0000007e9a714000
/data/data/com.termux/files/home/DynamoRIO-Linux-7.91.18058-0/ext/lib64/debug/libdrmgr.so=0x0000007e55f13000>