search

LSPosed / LSPlant

A hook framework for Android Runtime (ART)
https://lsposed.org/LSPlant/
GNU Lesser General Public License v3.0
814 stars 203 forks source link

LSPlant crashes on Init in zygote with magisk module #63

Closed miuirussia closed 8 months ago

miuirussia commented 8 months ago

I build simple module to reproduce this: https://github.com/miuirussia/PlayIntegrityFix (see https://github.com/miuirussia/PlayIntegrityFix/blob/main/app/src/main/cpp/module.cpp), use ./gradlew clean build to test. Maybe I'm doing something wrong?

01-05 13:19:07.610  3244  3244 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-05 13:19:07.610  3244  3244 F DEBUG   : Build fingerprint: 'Xiaomi/shennong/shennong:14/UKQ1.230804.001/V816.0.23.12.26.DEV:user/release-keys'
01-05 13:19:07.610  3244  3244 F DEBUG   : Revision: '0'
01-05 13:19:07.610  3244  3244 F DEBUG   : ABI: 'arm64'
01-05 13:19:07.610  3244  3244 F DEBUG   : Timestamp: 2024-01-05 13:19:07.525450362+0300
01-05 13:19:07.610  3244  3244 F DEBUG   : Process uptime: 1s
01-05 13:19:07.610  3244  3244 F DEBUG   : ZygotePid: 4950
01-05 13:19:07.611  3244  3244 F DEBUG   : Cmdline: zygote64
01-05 13:19:07.611  3244  3244 F DEBUG   : pid: 3228, tid: 3228, name: system_server  >>> zygote64 <<<
01-05 13:19:07.611  3244  3244 F DEBUG   : uid: 1000
01-05 13:19:07.611  3244  3244 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
01-05 13:19:07.611  3244  3244 F DEBUG   : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
01-05 13:19:07.611  3244  3244 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x00000079a7e01bf4
01-05 13:19:07.611  3244  3244 F DEBUG   :     x0  0000000012c0b0b0  x1  0000007fe41f73b0  x2  0000000000000001  x3  0000000000000006
01-05 13:19:07.611  3244  3244 F DEBUG   :     x4  00000079104ccadb  x5  b4000078ecde7461  x6  0000000000000020  x7  6465766c6f736552
01-05 13:19:07.611  3244  3244 F DEBUG   :     x8  b4000078f127caa0  x9  000000000000ffff  x10 00000079a7dc1bf8  x11 b4000078ecde7460
01-05 13:19:07.611  3244  3244 F DEBUG   :     x12 0000000000000010  x13 0000000000000060  x14 0000000000000000  x15 0000000000200000
01-05 13:19:07.611  3244  3244 F DEBUG   :     x16 0000007910c0f688  x17 00000079a3128d00  x18 00000079bd81a000  x19 0000007fe41f73b0
01-05 13:19:07.611  3244  3244 F DEBUG   :     x20 0000000000000000  x21 00000079bd390000  x22 b400007916ece540  x23 0000007fe41f7391
01-05 13:19:07.611  3244  3244 F DEBUG   :     x24 00000079104bfcb4  x25 00000079104a40d7  x26 00000079104c46c8  x27 00000079104a4ee5
01-05 13:19:07.611  3244  3244 F DEBUG   :     x28 00000079104c6374  x29 0000007fe41f7360
01-05 13:19:07.611  3244  3244 F DEBUG   :     lr  006a3c791093b36c  sp  0000007fe41f7320  pc  00000079109392c8  pst 0000000040001000
01-05 13:19:07.611  3244  3244 F DEBUG   : 3 total frames
01-05 13:19:07.611  3244  3244 F DEBUG   : backtrace:
01-05 13:19:07.611  3244  3244 F DEBUG   :       #00 pc 00000000005392c8  /apex/com.android.art/lib64/libart.so (art::mirror::Class::GetDescriptor(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)+260) (BuildId: 096b65f75fd6940ab855d0160a2d68f3)
01-05 13:19:07.611  3244  3244 F DEBUG   :       #01 pc 000000000053b368  /apex/com.android.art/lib64/libart.so (art::mirror::Class::SetStatus(art::Handle<art::mirror::Class>, art::ClassStatus, art::Thread*)+2388) (BuildId: 096b65f75fd6940ab855d0160a2d68f3)
01-05 13:19:07.611  3244  3244 F DEBUG   :       #02 pc b400007916ece540  <unknown>
yujincheng08 commented 8 months ago

Looks like inline hook's issue. Try disable dobby_enable_near_branch_trampoline.