Skip to content

夜神模拟器,安卓12,内核5.4,使用ecapture1.4.1,执行./ecapture tls,报错:couldn't init manager xxx error:populating kallsyms caches: getting modules from kallsyms: open /proc/kallsyms: no such file or directory , couldn't load eBPF programs #831

New issue
New issue
Open
Open
夜神模拟器,安卓12,内核5.4,使用ecapture1.4.1,执行./ecapture tls,报错:couldn't init manager xxx error:populating kallsyms caches: getting modules from kallsyms: open /proc/kallsyms: no such file or directory , couldn't load eBPF programs#831
Labels
🐞 bugSomething isn't working
@wsmfchfjz

Description

@wsmfchfjz
wsmfchfjz
opened on Sep 3, 2025

2025-09-03T15:47:21Z INF AppName="eCapture(鏃佽鑰?"
2025-09-03T15:47:21Z INF HomePage=https://ecapture.cc
2025-09-03T15:47:21Z INF Repository=https://github.com/gojue/ecapture
2025-09-03T15:47:21Z INF Author="CFC4N [email protected]"
2025-09-03T15:47:21Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2025-09-03T15:47:21Z INF Version=androidgki_amd64:v1.4.1:6.8.0-1031-azure
2025-09-03T15:47:21Z INF Listen=localhost:28256
2025-09-03T15:47:21Z INF Listen for eCaptureQ=
2025-09-03T15:47:21Z INF eCapture running logs logger=
2025-09-03T15:47:21Z INF the file handler that receives the captured event eventCollector=
2025-09-03T15:47:21Z INF Kernel Info=5.4.40 Pid=7274
2025-09-03T15:47:21Z INF TruncateSize=0 Unit=bytes
2025-09-03T15:47:21Z INF listen=localhost:28256
2025-09-03T15:47:21Z INF https server starting...You can upgrade the configuration file via the HTTP interface.
2025-09-03T15:47:21Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use -b 2 to specify non-CORE mode.
2025-09-03T15:47:21Z INF BTF bytecode mode: non-CORE. btfMode=0
2025-09-03T15:47:21Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2025-09-03T15:47:21Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2025-09-03T15:47:21Z INF Module.Run()
2025-09-03T15:47:21Z WRN OpenSSL/BoringSSL version not found, Automatically selected.If you want to use the specific version, please set the sslVersion parameter with "--ssl_version='boringssl_a_13'" , "--ssl_version='boringssl_a_14'", or use "ecapture tls --help" for more help.
2025-09-03T15:47:21Z WRN bpfFile=boringssl_a_13_kern.o sslVersion=android_default
2025-09-03T15:47:21Z INF Hook masterKey function ElfType=2 Functions=["SSL_in_init"] binrayPath=/apex/com.android.conscrypt/lib64/libssl.so
2025-09-03T15:47:21Z INF target all process.
2025-09-03T15:47:21Z INF target all users.
2025-09-03T15:47:21Z INF setupManagers eBPFProgramType=Text
2025-09-03T15:47:21Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_a_13_kern_noncore.o
2025-09-03T15:47:21Z FTL module run failed. error= "couldn't init manager xxx error:populating kallsyms caches: getting modules from kallsyms: open /proc/kallsyms: no such file or directory , couldn't load eBPF programs, cs:&{map[.rodata:Array(keySize=4, valueSize=32, maxEntries=1, flags=128) active_ssl_read_args_map:Hash(keySize=8, valueSize=24, maxEntries=1024, flags=0) active_ssl_write_args_map:Hash(keySize=8, valueSize=24, maxEntries=1024, flags=0) bpf_context:LRUHash(keySize=8, valueSize=472, maxEntries=2048, flags=0) bpf_context_gen:Array(keySize=4, valueSize=472, maxEntries=1, flags=0) connect_events:PerfEventArray(keySize=4, valueSize=4, maxEntries=1024, flags=0) data_buffer_heap:PerCPUArray(keySize=4, valueSize=16440, maxEntries=1, flags=0) mastersecret_events:PerfEventArray(keySize=4, valueSize=4, maxEntries=1024, flags=0) network_map:LRUHash(keySize=52, valueSize=24, maxEntries=10240, flags=0) skb_data_buffer_heap:PerCPUArray(keySize=4, valueSize=40, maxEntries=1, flags=0) skb_events:PerfEventArray(keySize=4, valueSize=4, maxEntries=10240, flags=0) ssl_st_fd:Hash(keySize=8, valueSize=8, maxEntries=10240, flags=0) tcp_fd_infos:Hash(keySize=8, valueSize=16, maxEntries=10240, flags=0) tls_events:PerfEventArray(keySize=4, valueSize=4, maxEntries=1024, flags=0)] map[egress_cls_func:0xc0000bee10 ingress_cls_func:0xc0000beea0 probe_SSL_set_fd:0xc0000bf0e0 probe_connect:0xc0000bec60 probe_entry_SSL_read:0xc0000bef30 probe_entry_SSL_write:0xc0000bf5f0 probe_inet_accept:0xc0000bf050 probe_inet_stream_connect:0xc0000becf0 probe_ret_SSL_read:0xc0000bf440 probe_ret_SSL_write:0xc0000bf3b0 probe_ssl_master_key:0xc0000bf290 probe_tcp_v4_destroy_sock:0xc0000bed80 retprobe_accept4:0xc0000bf560 retprobe_connect:0xc0000befc0 tcp_sendmsg:0xc0000bf320 udp_sendmsg:0xc0000bf4d0] map[defaultBioType:defaultBioType (type=Var:"defaultBioType"[global], map=.rodata, offset=28, size=4) invalidFD:invalidFD (type=Var:"invalidFD"[global], map=.rodata, offset=24, size=4) target_errno:target_errno (type=Var:"target_errno"[global], map=.rodata, offset=16, size=8) target_pid:target_pid (type=Var:"target_pid"[global], map=.rodata, offset=0, size=8) target_uid:target_uid (type=Var:"target_uid"[global], map=.rodata, offset=8, size=8)] 0xc0002bce30 LittleEndian}" isReload=false

Metadata

Metadata

Assignees

No one assigned

    Labels

    🐞 bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions