Closed hwangjr closed 3 years ago
Modify https://github.com/sanfengAndroid/FakeXposed/blob/main/app/src/main/cpp/hook/hook_properties.cpp source seems everything goes ok:
...
#if __ANDROID_API__ >= __ANDROID_API_O__
std::map<void *, void (*)(void *, const char *, const char *, uint32_t)> callbacks;
static void handle_system_property(void *cookie, const char *name, const char *value, uint32_t serial) {
void (*callback)(void *, const char *, const char *, uint32_t) = callbacks[cookie];
const char *new_value = FXHandler::PropertyReplace(name, value);
callback(cookie, name, new_value == nullptr ? value : new_value, serial);
}
FUN_INTERCEPT HOOK_DEF(void, __system_property_read_callback,
const prop_info *pi,
void (*callback)(void *__cookie, const char *__name, const char *__value, uint32_t __serial),
void *cookie) __INTRODUCED_IN(26) {
// LOGMV("prop_info: %p, cookie: %p", pi, cookie);
if (cookie == nullptr) {
get_orig___system_property_read_callback()(pi, callback, cookie);
return;
}
callbacks[cookie] = callback;
get_orig___system_property_read_callback()(pi, handle_system_property, cookie);
}
#endif
if ok, i can make a pull request. @sanfengAndroid
The hook module only distinguishes between Android7 and above, and cannot use macro definitions __ANDROID_API__
The libc.so in the official 6.0 does not contain the __system_property_read_callback function, please do not call it under Android 8.0.This situation may occur because the app itself implemented it and was intercepted by us by mistake. You can check whether the export symbol is included in the app’s dynamic library.
I think this may cause the crash, here is the code: https://github.com/vvb2060/MagiskDetector/blob/master/app/src/main/jni/vvb2060.c#L178
// NOLINTNEXTLINE
void __system_property_read_callback(const prop_info *pi,
void (*callback)(void *cookie, const char *name,
const char *value, uint32_t serial),
void *cookie) __attribute__((weak));
...
static void callback(const prop_info *info, void *cookie) {
if (&__system_property_read_callback) {
__system_property_read_callback(info, &read_callback, cookie);
} else {
char name[PROP_NAME_MAX];
char value[PROP_VALUE_MAX];
__system_property_read(info, name, value);
hash(cookie, name, value);
}
}
Indeed, it uses weak references here, which should not actually be intercepted
This can not be changed for the time being, this symbol will not be used under the more general Android 8 __system_property_read_callback
ok, so maybe you can provide the snippet code to fix this issue here? someone like me may need this in some cases. thanks a lot.
Fixing it is still a bit tricky, the easiest way is to comment out the method and repackage it. This is applicable to Android 8 and below.
//FUN_INTERCEPT HOOK_DEF(void, __system_property_read_callback,
// const prop_info *pi,
// void (*callback)(void *__cookie, const char *__name, const char *__value, uint32_t __serial),
// void *cookie) __INTRODUCED_IN(26) {
//// LOGMV("prop_info: %p, cookie: %p", pi, cookie);
// if (cookie == nullptr) {
// get_orig___system_property_read_callback()(pi, callback, cookie);
// return;
// }
// callbacks[cookie] = callback;
// get_orig___system_property_read_callback()(pi, handle_system_property, cookie);
//}
ok, thanks a lot.
Env: OPPO R9s Android 6.1, API 23 Test App: https://github.com/vvb2060/MagiskDetector Install with Magisk(Canary 22005) & Xposed(version 89): https://github.com/topjohnwu/Magisk/
https://github.com/Magisk-Modules-Repo/xposed
build script: python build.py -vm api 23