github-actions[bot]
commented
3 years ago This issue is being automatically closed because latest canary Magisk version code is 22004.
Closed ccaapton closed 3 years ago
github-actions[bot]
commented
3 years ago This issue is being automatically closed because latest canary Magisk version code is 22004.
Linux kernels 4.1+ has the function eBPF, and could be used to monitor many events in kernel kprobe/tracepoints. Recent android builds also added this functionality. There is a 'bpfloader' program at /system/bin/bpfloader
On my archlinux machine, I can observe all fork events with this one line command bpftrace -e 'tracepoint:sched:sched_process_fork { printf("PID %d fork\n", pid); }'. If we add similar things to magisk, we can monitor all kinds of events without ptrace, thus avoid a lot of the performance issues cause by ptrace. We could even enable magiskhide for all new packages by default.
These are things we can monitor to help hiding that I can see at the moment:
Device: Mi9T Davinci Android version: 10.0 Magisk version name: 22004 Magisk version code: bf80b08b