This commit fixes the issue where unclosed modules, as in not being requested to be "dlclose"d, wouldn't have their SoInfo structures freed. It also fixes the issue of maps spoofing not being performed due to the "spoof_maps" parameter being erroneously set to false in the second "clean_trace" call.
This commit improves the compatibility of SoInfo hiding code with more Android versions, like Android 16 QPR1 Beta 1 and newer versions, and also reduces complexity of the code.
This commit fixes the issue where due to a confusion, ReZygisk was coded so that it would remove all PLT hooks, even if they were meant to be kept. This has been fixed appropriately in LSPlt side, allowing to revert back to how it was before.
This commit fixes a trace left due to a kernel bug. In some cases (and all of them here), the sequence of events may lead to "ptrace_message" not be properly reset/not represent the actual state. This happens here, as when TRACEFORK is set in "monitor.c", setting "ptrace_message" as the PID of the new process, persists even when not tracing anymore, causing leaks.
This fix has been given by @nampud, in #171.
This commit fixes the issue where "libdl.so" wouldn't be found, when trying to inject "lizygisk.so", in systems where apex is in "/system/lib/libdl.so".
This commit fixes the logic issue which made leaked fds not be closed by "libzygisk.so", causing crashes for some. It also adds a warning for when it finds a leaked fd, so that module developers can be notified.
fixes#163
Historically "zygisksu" is the ZygiskOnKernelSU (known as Zygisk Next) module id, which due to ReZygisk being a fork of Zygisk Next, was used by it. To avoid conflicts in systems like MMRL, we decided to change it to "rezygisk". This, however, will allow both to be installed in the same system, although causing problems, as a side effect. The old module, with the old module id, must be uninstalled while the new one is installed.
closes#113
This commit improves the flexibility of modules to modify mounts in "preAppSpecialize" in denylisted apps, which would later be setns to a new namespace, after executing Zygisk modules "preAppSpecialize".
This commit fixes the explanation of why "solist_drop_so_path". ReZygisk does not "dlclose" in ptracer, and doesn't "dlclose" libzygisk.so at any point, but clean SoInfo traces then munmaps it later.
This commit improves ELF utils, so that it can now retrieve symbols in other ways, like dynamic symbols or utilizing GNU hash. With the improved ELF utils, "libzygisk.so" injection in ptracer was improved, replacing the use of "dlopen" and "dlsym" in the function to get remote symbol address with the use of ELF utils, also allowing higher compatibility by using linker's dlopen, dlsym, dlerror when libdl.so is not loaded in Zygote.
This commit adds support for devices that are only capable of running 32-bit code, be it due to Android ROM limitations of CPU limitations. It also makes ReZygisk only install necessary libraries, so if a device is 64-bit only, it won't extract 32-bit libraries.
This commit improves the precision of ReZygiskd check for Magisk if a process is in DenyList/SuList, as previously it used "package_name" instead of the correct "process" field.
This commit removes the "Rooted" mount namespace state, as it wouldn't fit in the categories made by root implementations. The three major root implementations divide apps into three categories: SU, Umounted, (with) Mounts. The SU one consists of apps that are allowed to elevate privileges, those don't have their mounts modified, and keep root mounts. As for Umounted, it consists of apps that will have root-related mounts umounted before being executed. And finally (with) mounts which are apps that although are not allowed to elevate privileges, still have the root-related mounts kept.
Knowing that we can merge both SU and (with) Mounts into the same category: No modification to mounts/Keep root-related mounts. With that, "Mounts" mns state is also unmodified, compared to old "Modules" mns state.
Those changes also reflect on the issue where new apps couldn't ask Magisk for root as they would have SU mount umounted, which now, as ReZygisk leave them unmodified, they can.
This commit fixes a memory leak in "rezygisk_get_info" as it would read a string from ReZygiskd but would never "free" after using it. Also call "free_rezygisk_info" instead of manually cleanup in ptracer.
This commit adds the missing error handling for "UpdateMountNamespace" in both libzygisk.so and ReZygiskd, as before it would send a -1 as unsigned, leading to issues.
This commit improves logging for "update_mnt_ns" function, which now specifies which state it will update the mns to, for easier debugging. It also adds a note about the possibility of having apps with rooted permissions and also be denylisted in Magisk, causing weird behavior.
This commit fixes the issue where ReZygisk would change the mount namespace (mns) before the modules were loaded, thus failing, as "/data/adb/modules" wouldn't be mounted.
This commit fixes the logging tag for ptracer command-line tool, which would show as "zygisk-core64", the one from libzygisk, and an out-of-bounds access in "allowed_fds" array, which then the readdir returned the "." and "..", the "parse_int" would return -1, and would try to access it in "allowed_fds" without checking if it is negative, or bigger, first.
This commit adds numerous improvements to the state of hidden'ility of ReZygisk, and also for compatibility. Recommended to check #111 for more information.
This commit fixes an issue where one of the "malloc", a libc function to allocate dynamic memory, "if"s were checking its return against non-NULL instead of NULL, making it seem to have failed when it didn't.
Two counters for module loading and unloading are introduced in the commit a2e83ab348. To remove linker traces of libzygisk.so and Zygisk modules, we should reset them properly.
Reading the file `/proc/self/maps` is detectable by the target process.
Hence, we should cache scanned virtual maps after `libart.so` is loaded for later plt hooks in the target process.
Note that it is impossible to hide injecting trace of virtual memory maps from the hooked target process.
ReZygisk will only focus on removing its trace for approcess that are not hooked by modules.
1. fix typo vsdo -> vdso and allow this symbol to be not found, which is the case for the 32bit linkers on some devices
2. use soinfo_free to fully remove the soinfo record of libzygisk.so
3. set `soinfo.size = 0` to avoid the library being unmapped while removing its soinfo record
4. add more debug logs for troubleshooting
Relying on dlclose to unload libzygisk.so will block us to clean its trace in the solist.
This commit allows us to unmap libzygisk.so without using dlclose.
To call munmap, we use the function pthread_attr_setstacksize instead of pthread_attr_destroy, so that tail-call can still be applied here since it has the same signature as munmap.
In Bionic linker, the `soinfo` structure has a field `next`, which points to the next loaded library in a linked list consisting of all loaded libraries.
Hence, an injected process can easily find all loaded libraries.
Previously in ReZygisk, module library records are hidden by setting the `pathname` field to be empty, which is futile but easier to detect.
Current idea of dropping record can be found in the following commit:
5d635e8c66
On Android 15+ in some devices, the symbol names of some static variables such as `solist`, has a `llvm` suffix in its exported name.
Current commit handles this case and close#63 as fixed.
To make `clangd` work properly, one needs to make symbolic links
```
ln -sf $PWD/loader/build/tools/debug/arm64-v8a/compile_commands.json loader/build
```
This commit fixes the issue where "free" would be executed in a pointer which has garbage data, leading to crashes. This was fixed by setting to NULL, so that it's clean.
It also fixes the issue where Zygiskd messages for "DAEMON_SET_INFO" would not count the NULL-terminator, causing crashes.
This commit removes information given in the response of info command of "zygisk-ptrace64" or "zygisk-ptrace32" that leads to failing builds, as it is not exported from monitor.cpp.
