Closed OverJerry closed 2 years ago
运行时截图(游戏已经启动) https://imgur.com/a/SFmJpsH
大佬,我靠修改main.cpp成功了 我把forkAndSpecializePre() 和 forkAndSpecializePost() 中的代码移到了specializeAppProcessPre()和specializeAppProcessPost()后就可以了
static void forkAndSpecializePre(
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
jintArray *fdsToClose, jintArray *fdsToIgnore, jboolean *is_child_zygote,
jstring *instructionSet, jstring *appDataDir, jboolean *isTopApp,
jobjectArray *pkgDataInfoList,
jobjectArray *whitelistedDataInfoList, jboolean *bindMountAppDataDirs,
jboolean *bindMountAppStorageDirs) {
// Called "before" com_android_internal_os_Zygote_nativeForkAndSpecialize in frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
// Parameters are pointers, you can change the value of them if you want
// Some parameters are not exist is older Android versions, in this case, they are null or
// enable_hack = isGame(env, *appDataDir);
}
static void forkAndSpecializePost(JNIEnv *env, jclass clazz, jint res) {
// Called "after" com_android_internal_os_Zygote_nativeForkAndSpecialize in frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
// "res" is the return value of com_android_internal_os_Zygote_nativeForkAndSpecialize
}
static void specializeAppProcessPre(
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
jboolean *startChildZygote, jstring *instructionSet, jstring *appDataDir,
jboolean *isTopApp, jobjectArray *pkgDataInfoList, jobjectArray *whitelistedDataInfoList,
jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
// Called "before" com_android_internal_os_Zygote_nativeSpecializeAppProcess in frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
// Parameters are pointers, you can change the value of them if you want
// Some parameters are not exist is older Android versions, in this case, they are null or 0
enable_hack = isGame(env, *appDataDir);
}
static void specializeAppProcessPost(
JNIEnv *env, jclass clazz) {
// Called "after" com_android_internal_os_Zygote_nativeSpecializeAppProcess in frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
// When unload allowed is true, the module will be unloaded (dlclose) by Riru
// If this modules has hooks installed, DONOT set it to true, or there will be SIGSEGV
// This value will be automatically reset to false before the "pre" function is called
riru_set_unload_allowed(true);
if (enable_hack) {
int ret;
pthread_t ntid;
if ((ret = pthread_create(&ntid, nullptr, hack_thread, nullptr))) {
LOGE("can't create thread: %s\n", strerror(ret));
}
// When unload allowed is true, the module will be unloaded (dlclose) by Riru
// If this modules has hooks installed, DONOT set it to true, or there will be SIGSEGV
// This value will be automatically reset to false before the "pre" function is called
riru_set_unload_allowed(false);
} else {
// In zygote process
}
}
有时候似乎这样更好?
确实是这样更好,不过现在新版magisk已经放弃riru转而使用zygisk,我会在这周更新成zygisk版本,就不会有这个问题了
在测试BH3的时候,用pmap查看目标进程发现已经加载了libil2cpp.so,但用logcat查看大佬的插件日志发现过了好几秒后才获取到dlopen开始Hook,结果无法获得libil2cpp.so句柄,导致程序卡在sleep(1)处。
测试环境:Android11(真机) Magisk+Riru都是最新版 大佬的项目除了修改游戏名和版本号+去除Above2018的宏(游戏是2017.4.18f1)以外都是按照说明Build的。
基本上都会是这个结果,只有一次莫名其妙成功了,一直是同一个插件。
这是Bug吗?还是我本地的环境配置有问题?