android - Linux / Android 2.6.29でシステムコールフックが毎回異なる結果を生成するのはなぜですか？

Question

Android 2.6.29を介してカーネルのシステムコールフックを実装しましたLKM module。システムコール用に1つのAndroidアプリを追跡しています。しかし、興味深いことに、システムコールのリストを取得するたびに異なる結果が返されます。

コードセクションで太字のテキストを作成できないため、違いがどこから始まるかを示すために**を付けました。

例えば、

ファーストラン：

our_sys_gettid ---> uid = 10028  
 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 
 our_sys_write ---> uid = 10028 with fd= 30, buf = 230 and count=3 
 our_sys_close ---> uid = 10028 with fd= 30  
 our_sys_setpriority ---> uid = 10028 with which= 0, who=230 and niceval=0 
 our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=  
 **our_sys_gettid ---> uid = 10028  
 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196467192 **
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3196466496 
 our_sys_dup ---> uid = 10028 with fildes=32 
 our_sys_close ---> uid = 10028 with fd= 32  
 .....................

2回目の実行：

our_sys_gettid ---> uid = 10028  
 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 
 our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3 
 our_sys_close ---> uid = 10028 with fd= 30  
 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 
 our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=  
 **our_sys_gettid ---> uid = 10028  
 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 
 our_sys_write ---> uid = 10028 with fd= 30, buf = 228 and count=3 
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198662648 
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952** 
 our_sys_close ---> uid = 10028 with fd= 30  
 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=1181359656 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198661952 
 our_sys_dup ---> uid = 10028 with fildes=32 
 our_sys_close ---> uid = 10028 with fd= 32  
 ....................

3回目の実行：

our_sys_gettid ---> uid = 10028  
 our_sys_open ---> uid = 10028 with filename= /dev/cpuctl//tasks, flags= 131073, mode=0 
 our_sys_write ---> uid = 10028 with fd= 31, buf = 228 and count=3 
 our_sys_close ---> uid = 10028 with fd= 31  
 our_sys_setpriority ---> uid = 10028 with which= 0, who=228 and niceval=0 
 our_sys_futex ---> uid = 10028 with uadd=������, op=1, val=1, utime=<NULL>, uaddr2=������ and val3=X{�D  
 **our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035960 
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_clock_gettime ---> uid = 10028 with which_clock=<NULL>, tp =   
 our_sys_munmap ---> uid = 10028 with addr=1183178752 and len=770048 
 our_sys_close ---> uid = 10028 with fd= 32**  
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264 
 our_sys_ioctl ---> uid = 10028 with fd=21, cmd=3222823425 and arg=3198035264 
 our_sys_dup ---> uid = 10028 with fildes=31 
 our_sys_close ---> uid = 10028 with fd= 31  
 ........................

毎回異なる結果が得られる理由はありますか？

システムコールを追跡するためのより良いツールは他にありますか？などと聞いたのですがstrace/ptrace、auditdAndroidで使えるかどうかわかりません。