diff --git a/loader/src/injector/entry.cpp b/loader/src/injector/entry.cpp index 295db9f..0a6796e 100644 --- a/loader/src/injector/entry.cpp +++ b/loader/src/injector/entry.cpp @@ -24,6 +24,6 @@ void entry(void* addr, size_t size, const char* path) { hook_functions(); void *module_addrs[1] = { addr }; - clean_trace(path, module_addrs, 1, 1, 0, false); + clean_trace(path, module_addrs, 1, 1, 0); send_seccomp_event(); } diff --git a/loader/src/injector/hook.cpp b/loader/src/injector/hook.cpp index 891dcd1..50fd156 100644 --- a/loader/src/injector/hook.cpp +++ b/loader/src/injector/hook.cpp @@ -680,7 +680,7 @@ void ZygiskContext::run_modules_post() { module_addrs[i++] = m.getEntry(); } - clean_trace("/data/adb", module_addrs, modules.size(), modules.size(), modules_unloaded, true); + clean_trace("/data/adb", module_addrs, modules.size(), modules.size(), modules_unloaded); } } @@ -934,53 +934,19 @@ static void hook_register(dev_t dev, ino_t inode, const char *symbol, void *new_ PLT_HOOK_REGISTER_SYM(DEV, INODE, #NAME, NAME) /* INFO: module_addrs_length is always the same as "load" */ -void clean_trace(const char *path, void **module_addrs, size_t module_addrs_length, size_t load, size_t unload, bool spoof_maps) { +void clean_trace(const char *path, void **module_addrs, size_t module_addrs_length, size_t load, size_t unload) { LOGD("cleaning trace for path %s", path); if (load > 0 || unload > 0) solist_reset_counters(load, unload); LOGD("Dropping solist record for %s", path); - bool any_dropped = false; for (size_t i = 0; i < module_addrs_length; i++) { - bool local_any_dropped = solist_drop_so_path(module_addrs[i]); - if (!local_any_dropped) continue; - - any_dropped = true; + bool has_dropped = solist_drop_so_path(module_addrs[i]); + if (!has_dropped) continue; LOGD("Dropped solist record for %p", module_addrs[i]); } - - if (!any_dropped || !spoof_maps) return; - - LOGD("spoofing virtual maps for %s", path); - - /* INFO: Spoofing maps names is futile, after all it will - still show up in /proc/self/(s)maps but with a - different name, however still detectable by - checking the permissions. This, however, avoids - just checking for "zygisk". */ - - /* TODO: Use SoList to map through libraries to avoid open /proc/self/maps here */ - for (auto &map : lsplt::MapInfo::Scan()) { - if (strstr(map.path.c_str(), path) && strstr(map.path.c_str(), "libzygisk") == 0) - { - void *addr = (void *)map.start; - size_t size = map.end - map.start; - void *copy = mmap(nullptr, size, PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED, -1, 0); - if (copy == MAP_FAILED) { - LOGE("failed to backup block %s [%p, %p]", map.path.c_str(), addr, (void*)map.end); - continue; - } - - if ((map.perms & PROT_READ) == 0) { - mprotect(addr, size, PROT_READ); - } - memcpy(copy, addr, size); - mprotect(copy, size, map.perms); - mremap(copy, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, addr); - } - } } void hook_functions() { diff --git a/loader/src/injector/zygisk.hpp b/loader/src/injector/zygisk.hpp index 4b82768..4fde442 100644 --- a/loader/src/injector/zygisk.hpp +++ b/loader/src/injector/zygisk.hpp @@ -7,6 +7,6 @@ extern size_t block_size; void hook_functions(); -void clean_trace(const char *path, void **module_addrs, size_t module_addrs_length, size_t load, size_t unload, bool spoof_maps); +void clean_trace(const char *path, void **module_addrs, size_t module_addrs_length, size_t load, size_t unload); extern "C" void send_seccomp_event();