Magisk: 13.3 magiskhide stuck at getting zygote ns MIUI 8 7.0

Created on 19 Jul 2017  路  2Comments  路  Source: topjohnwu/Magisk

attaching the log for magisk on MIUI 8 7.0 on Mi5
it looks stuck while getting the ns in the following code and magiskhide doesnt work because of it.

// Get the mount namespace of zygote
zygote_num = 0;
while(!zygote_num) {
// Check zygote every 2 secs
sleep(2);
ps_filter_proc_name("zygote", store_zygote_ns);
}
ps_filter_proc_name("zygote64", store_zygote_ns);

magisk_error_20170719_124503.zip

picture chhapil

Most helpful comment

@coderobe @topjohnwu
After more investigation the solution is use proc/%d/cmdline instead proc/%d/comm to read the process name and use strncmp instead strcmp with the length of ps_filter_pattern in static void proc_name_filter(int pid)

In jni/utils/misc.c

static void proc_name_filter(int pid) {
  char buf[64];
  int fd;
  snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid);
  if ((fd = open(buf, O_RDONLY)) == -1)
    return;
  fdgets(buf, sizeof(buf), fd);
  if (strncmp(buf, ps_filter_pattern, strlen(ps_filter_pattern)) == 0) {
    ps_filter_cb(pid);
  }
  close(fd);
}

I have not tested it, but I guess is a generic solution for all devices/roms

picture jmesa-sistel on 20 Jul 2017
👍3

All 2 comments

I have investigated this in my Mi5s Plus with 7.7.13 xiaomi.eu rom.
if I do a ps | grep zygote I get:

natrium:/proc # ps | grep zygote
root      1065  1     10184  1808  __skb_recv 7f85115238 S zygote
root      1137  1     2163280 71180 poll_sched 7f8b124788 S zygote64
root      1138  1     1602488 57352 poll_sched 00f0f3b3f4 S zygote

Now I execute the next sentences:
cat 1065/comm and I get:

natrium:/proc # cat 1065/comm
ssServices

cat 1137/comm and I get:

natrium:/proc # cat 1137/comm
main

cat 1138/comm and I get:

natrium:/proc # cat 1138/comm
main

So the script is not going to find zygote or zygote64 pid in MIUI roms
I guess if you change the script and replace ps_filter_proc_name("zygote", store_zygote_ns); to ps_filter_proc_name("main", store_zygote_ns); and delete ps_filter_proc_name("zygote64", store_zygote_ns); line then maybe it will work

jmesa-sistel picture jmesa-sistel on 20 Jul 2017

@coderobe @topjohnwu
After more investigation the solution is use proc/%d/cmdline instead proc/%d/comm to read the process name and use strncmp instead strcmp with the length of ps_filter_pattern in static void proc_name_filter(int pid)

In jni/utils/misc.c

static void proc_name_filter(int pid) {
  char buf[64];
  int fd;
  snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid);
  if ((fd = open(buf, O_RDONLY)) == -1)
    return;
  fdgets(buf, sizeof(buf), fd);
  if (strncmp(buf, ps_filter_pattern, strlen(ps_filter_pattern)) == 0) {
    ps_filter_cb(pid);
  }
  close(fd);
}

I have not tested it, but I guess is a generic solution for all devices/roms

jmesa-sistel picture jmesa-sistel on 20 Jul 2017
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

KaMyKaSii picture KaMyKaSii  路  3Comments
Rakleed picture Rakleed  路  4Comments
koffiato picture koffiato  路  4Comments
Nanolx picture Nanolx  路  4Comments
pbbqdd picture pbbqdd  路  4Comments