7

I am:

  • working with an Android game,
  • using an Android Emulator,
  • and trying to attach an android .so library to a process.

I have the whole IDA server set up, I can attach to processes when a classes.dex is loaded into IDA but, when I load the .so file and try to attach, I get this message from IDA

The debugger could not attach to the selected process.
This can perhaps indicate the process was terminated, or you don't have the necessary privileges.

I see a problem with this because I have full root permission and I know for sure the process was not terminated.

I read here that I may have to recompile the entire Android kernel, don't get me wrong, I love wasting hours compiling, but I was just wondering if you guys can help me find something to solve this pesky little situation of mine.

Edit: This may be a dup but the dup wasn't answered and was from 2014. :/

MarianD
  • 1,130
  • 1
  • 6
  • 23
Frenchy Fry
  • 71
  • 4

2 Answers2

1

OK, I'm not 100% sure what you're saying, but it SOUNDS like you're saying that you load the .SO into IDA, and then you're trying to attach to it.

Well, the .SO isn't a PROCESS per se. It's just a library loaded dynamically by something else. What you probably need to do, is to load the game/application that USES that .SO, and set a breakpoint at the location where it calls the function(s) that you're interested in, and then just single step into the .SO to see what's going on.

MarianD
  • 1,130
  • 1
  • 6
  • 23
FrankRizzo
  • 56
  • 5
0

If

cat /proc/kmsg | grep "Restricted"

returns results that are similar to ones in the blog you linked, then indeed CONFIG_SEC_RESTRICT_FORK is set and the only way to get rid of it is to recompile the kernel

Vitaly Osipov
  • 843
  • 4
  • 15
  • I used the command both in ADBs shell and a Terminal emulator app and neither of them returned anything. This is really strange, that's why I asked you guys. Are there any other confounding variables that may be effecting this? – Frenchy Fry Nov 05 '16 at 19:23