From a0ab02cedc16da822a5b17e37ca8a8634d731094 Mon Sep 17 00:00:00 2001 From: nampud Date: Sun, 15 Jun 2025 14:47:54 +0200 Subject: [PATCH] fix: not dropping SoInfo of unclosed modules; fix: not performing maps spoofing (#187) This commit fixes the issue where unclosed modules, as in not being requested to be "dlclose"d, wouldn't have their SoInfo structures freed. It also fixes the issue of maps spoofing not being performed due to the "spoof_maps" parameter being erroneously set to false in the second "clean_trace" call. --- loader/src/injector/hook.cpp | 6 +++--- loader/src/injector/module.hpp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/loader/src/injector/hook.cpp b/loader/src/injector/hook.cpp index c1a908c..7b3b868 100644 --- a/loader/src/injector/hook.cpp +++ b/loader/src/injector/hook.cpp @@ -711,10 +711,10 @@ void ZygiskContext::run_modules_post() { size_t i = 0; for (const auto &m : modules) { - module_addrs[i++] = m.getHandle(); + module_addrs[i++] = m.getEntry(); } - clean_trace("/data/adb", module_addrs, modules.size(), modules.size(), modules_unloaded, false); + clean_trace("/data/adb", module_addrs, modules.size(), modules.size(), modules_unloaded, true); } } @@ -948,8 +948,8 @@ void clean_trace(const char *path, void **module_addrs, size_t module_addrs_leng mprotect(addr, size, PROT_READ); } memcpy(copy, addr, size); + mprotect(copy, size, map.perms); mremap(copy, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, addr); - mprotect(addr, size, map.perms); } } } diff --git a/loader/src/injector/module.hpp b/loader/src/injector/module.hpp index 2fd4e20..b3007a8 100644 --- a/loader/src/injector/module.hpp +++ b/loader/src/injector/module.hpp @@ -213,7 +213,7 @@ case 5: \ bool tryUnload() const { return unload && dlclose(handle) == 0; }; void clearApi() { memset(&api, 0, sizeof(api)); } int getId() const { return id; } - void *getHandle() const { return handle; } + void *getEntry() const { return entry.ptr; } ZygiskModule(int id, void *handle, void *entry);