lsposed / lsplant Goto Github PK

View Code? Open in Web Editor NEW

774.0 774.0 192.0 708 KB

A hook framework for Android Runtime (ART)

Home Page: https://lsposed.org/LSPlant/

License: GNU Lesser General Public License v3.0

C++ 91.64% Java 5.71% CMake 1.71% C 0.94%

android hook

lsplant's Introduction

LSPosed Framework

Introduction

A Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs. That's great because it means that modules can work for different versions and even ROMs without any changes (as long as the original code was not changed too much). It's also easy to undo. As all changes are done in the memory, you just need to deactivate the module and reboot to get your original system back. There are many other advantages, but here is just one more: multiple modules can do changes to the same part of the system or app. With modified APKs, you have to choose one. No way to combine them, unless the author builds multiple APKs with different combinations.

Supported Versions

Android 8.1 ~ 14

Install

Install Magisk v24+
(For Riru flavor) Install Riru v26.1.7+
Download and install LSPosed in Magisk app
Reboot
Open LSPosed manager from notification
Have fun :)

Download

For stable releases, please go to Github Releases page
For canary build, please check Github Actions

Note: debug builds are only available in Github Actions.

Get Help

Only bug reports from THE LATEST DEBUG BUILD will be accepted.

GitHub issues: Issues
(For Chinese speakers) 本项目只接受英语标题的issue。如果您不懂英语，请使用翻译工具

For Developers

Developers are welcome to write Xposed modules with hooks based on LSPosed Framework. A module based on LSPosed framework is fully compatible with the original Xposed Framework, and vice versa, a Xposed Framework-based module will work well with LSPosed framework too.

Xposed Framework API

We use our own module repository. We welcome developers to submit modules to our repository, and then modules can be downloaded in LSPosed.

LSPosed Module Repository

Community Discussion

Telegram: @LSPosed

Notice: These community groups don't accept any bug report, please use Get help to report.

Translation Contributing

You can contribute translation here.

Credits

Magisk: makes all these possible
Riru: provides a way to inject code into zygote process
XposedBridge: the OG Xposed framework APIs
Dobby: used for inline hooking
LSPlant: the core ART hooking framework
EdXposed: fork source
~~SandHook: ART hooking framework for SandHook variant~~
~~YAHFA: previous ART hooking framework~~
~~dexmaker and dalvikdx: to dynamically generate YAHFA hooker classes~~
~~DexBuilder: to dynamically generate YAHFA hooker classes~~

License

LSPosed is licensed under the GNU General Public License v3 (GPL-3) (http://www.gnu.org/copyleft/gpl.html).

lsplant's People

Contributors

Stargazers

Watchers

Forkers

netstu laujanwing007 losenineai shakarover opensourcefuture ketaminekid423 lmhmike fake011130 ckandroidproject socom25 a869072989 yujincheng08 igit-cn ezhangle kingking888 cronos996 tjy1985001 rebeldesigns-net familyye crackercat fengjixuchui theseann supercuglong fengyuecanzhu gsyx666 kabed78 barrfind2 zhaopufeng kaneki-x vancealot supr3me gyyfifafans qianxifu 247321453 pythonzz yfw123 aliucord hanhanname o2e phoenix597 androidappsusedbymyself mokbul12 msgpo super200893154 surfndez mooasyou crewcutbro saudiarabii aweasomepro arevalo67 c1ber teddytee lanature2022 gmh5225 sudami erdal2020 shonker seeyouonedayday jiqimaogou dodola obakai marx2014 vistar1986 tplove2010 tclxjyy41781 javaeryang lihuibng z0mbieb0y joaus-source lylieflynnn jjlopezb shuixi2013 edervacan a5245 pandajoy 5l1v3r1 ygage737 dawn-breaking mikuceo bepvillena1 lyk082401 imzpy fangg3 qweraqq nelvalderramaf hinahyugahime githubxiaowangzi sofool st-rnd wensefu lopsided1 gauravssnl officialkatana 1sland99 wangxing96 hyowe jyotidwi heckerstone dedurango1 playmore00

lsplant's Issues

thanks

thanks so much

Android8.0 hook方法会多出一个参数导致应用崩溃

Android8.0 hook方法会多出一个参数导致应用崩溃，hook的方法是Instrumentation类的callActivityOnResume方法

引入lsplant库编译报错了

你好，由于项目原因，只能使用特定版本的ndk编译。implementation "org.lsposed.lsplant:lsplant-standalone:+后编译提示：

Exception in thread "main" java.lang.IllegalArgumentException: Unknown ABI: riscv64
	at com.google.prefab.api.Android$Abi$Companion.fromString(Android.kt:99)
	at com.google.prefab.api.Android$Companion.prebuiltLibraryFromDirectory(Android.kt:399)
	at com.google.prefab.api.Module.<init>(Module.kt:160)
	at com.google.prefab.api.Package.<init>(Package.kt:93)
	at com.google.prefab.cli.Cli$packages$2.invoke(Cli.kt:124)
	at com.google.prefab.cli.Cli$packages$2.invoke(Cli.kt:123)
	at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
	at com.google.prefab.cli.Cli.getPackages(Cli.kt:123)
	at com.google.prefab.cli.Cli.validate(Cli.kt:172)
	at com.google.prefab.cli.Cli.run(Cli.kt:189)
	at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:204)
	at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:17)
	at com.github.ajalt.clikt.core.CliktCommand.parse(CliktCommand.kt:396)
	at com.github.ajalt.clikt.core.CliktCommand.parse$default(CliktCommand.kt:393)
	at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:411)
	at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:436)
	at com.google.prefab.cli.AppKt.main(App.kt:28)

配置了具体的支持架构也是一样的，请问要如何排除项目不支持的riscv64架构呢？

android { ndk { abiFilters "armeabi-v7a","arm64-v8a"} }

MakeClassInheritable doesn't remove final modifier from class for class linker

Hello! I found an issue with MakeClassInheritable, it removes final modifier only for reflection, while trying to extend modified class fails with java.lang.VerifyError

Here's my example code:
Test.java

package io.github.juby210.lsplant_demo;

public class Test extends android.app.GameState {
    public Test() {
        super(false, 0);
    }
}

AndroidTest.java

@RunWith(AndroidJUnit4.class)
public class AndroidTest {
    @Test
    public void makeInheritable() {
        var clazz = GameState.class;
        assertEquals(Modifier.FINAL, clazz.getModifiers() & Modifier.FINAL);

        assertTrue(Main.makeInheritable(clazz));
        assertEquals(0, clazz.getModifiers() & Modifier.FINAL);

        Log.d("TestRunner", "all tests ok");

        new io.github.juby210.lsplant_demo.Test();
    }
}

It passes all assert tests, but throws VerifyError on creation of new instance of my Test class.
Here's full demo repo: https://github.com/Juby210/lsplant_demo

JNI DETECTED ERROR IN APPLICATION: jlr_method == null in call to FromReflectedMethod

May I know where do I start to troubleshoot this error? I got this error while trying to call unhook on a method.

JNI DETECTED ERROR IN APPLICATION: jlr_method == null in call to FromReflectedMethod

On Android 5, JNI DETECTED ERROR IN APPLICATION: IsInstanceOf received null jclass

When hooking a method on Android 5/5.1, JNI DETECTED ERROR IN APPLICATION: IsInstanceOf received null jclass

sh: <stdin>[4]: /data/user/0/moe.shizuku.redirectstorage/files/starter: Permission denied Unable to open root shell. Please make sure your device is rooted and check your root manager app.

[Bug] deoptmizing in Android 13 not working

What happened/什么情况

installing apps with different signatures is not working on Android 13, Pixel 4 XL stock ROM on October patch

LSPosed version/LSPosed 版本

1.8.4 (6636)

Android version/Android 版本

Version of Core Patch/核心破解版本

4.0

Logs/日志

services.jar

[LSPosed logs]
(https://drive.google.com/file/d/12Ki8Tc_nxtBDUEOnSaLHc99hJdYdPXsr/view?usp=drivesdk)

Support for Android 15

Does this support Android 15, and how can we use this on non-rooted ?

I have been contributor to LSPatch, some of the PRs that I had contributed: https://github.com/LSPosed/LSPatch/pulls?q=is%3Apr+is%3Aclosed+author%3Aharshitshah4.
I was using LSPatch for so long, and since Android 15 came, I am not able to use it. It would be really great if LSPatch team can gives access to alteast LSPatch jar so that I can use it, and I would also love to keep contributing it.
You guys were doing awesome work !

UpdateMethodsCode of Instrumentation crash

app crash when I use lsplant to hook method.
device is android 9.0
is a bug ? @yujincheng08
🥺

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'xiaomi/wayne/wayne:9/PKQ1.180904.001/20.3.26:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 23608, tid: 23608, name: m.comeback.data  >>> com.comeback.data <<<
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xe98fd43c
    r0  ed99a608  r1  e9f8ce40  r2  e9b51ae1  r3  ec033039
    r4  0000ffff  r5  e9f8ce40  r6  ffdebae0  r7  00000001
    r8  ed99a608  r9  e9b51ae1  r10 12d0da68  r11 12d0da38
    ip  e9b51ae1  sp  ffdebaa8  lr  e981f581  pc  e98fd43c

backtrace:
    #00 pc 001be43c  /system/lib/libart.so (offset 0x1b2000) (art::instrumentation::Instrumentation::UpdateMethodsCodeForJavaDebuggable(art::ArtMethod*, void const*)+28)
    #01 pc 01f3bffd  /dev/ashmem/dalvik-data-code-cache (deleted)

stack:
         ffdeba68  00000001
         ffdeba6c  ccda3c68  [anon:.bss]
         ffdeba70  e9f8ce40  /dev/ashmem/dalvik-LinearAlloc (deleted)
         ffdeba74  ccda6330  [anon:.bss]
         ffdeba78  e9f8ce40  /dev/ashmem/dalvik-LinearAlloc (deleted)
         ffdeba7c  ccde2460  [anon:.bss]
         ffdeba80  e9b51a01  /system/lib/libart.so (art_quick_resolution_trampoline+32)
         ffdeba84  e9f8ce40  /dev/ashmem/dalvik-LinearAlloc (deleted)
         ffdeba88  e9b51ae1  /system/lib/libart.so (art_quick_to_interpreter_bridge)
         ffdeba8c  ed99a608  [anon:libc_malloc]
         ffdeba90  12d0da38  /dev/ashmem/dalvik-main space (region space) (deleted)
         ffdeba94  ccda641c  [anon:.bss]
         ffdeba98  0000ffff
         ffdeba9c  e9f8ce40  /dev/ashmem/dalvik-LinearAlloc (deleted)
         ffdebaa0  12d0da38  /dev/ashmem/dalvik-main space (region space) (deleted)
         ffdebaa4  e981f581  /system/lib/libart.so (_ZN3art11ClassLinker22FixupStaticTrampolinesENS_6ObjPtrINS_6mirror5ClassEEE+568)
    #00  ffdebaa8  00000000
         ........  ........
    #01  ffdebab8  e9b51a51  /system/lib/libart.so (art_quick_generic_jni_trampoline)
         ffdebabc  ed9dd180  [anon:libc_malloc]
         ffdebac0  00000000
         ffdebac4  00000000
         ffdebac8  ed9df580  [anon:libc_malloc]
         ffdebacc  9ff3ad0e
         ffdebad0  00000002
         ffdebad4  00000000
         ffdebad8  00000000
         ffdebadc  019f868f
         ffdebae0  00000001
         ffdebae4  00000000
         ffdebae8  00000014
         ffdebaec  00000000
         ffdebaf0  00000020
         ffdebaf4  00000009

hook成功但无法跑到钩子(replaced method)

感谢您的阅读，通过调用lsplant::hook hook方法以后返回的backup获取方法名是正确的，但是无法跑到钩子方法(replaced method)，没有任何崩溃日志，错误日志出现，尝试过deOptimize仍然未解决问题；
Android 10, Google Pixel真机，arm64-v8a

代码如下：

        Method target = Class.forName("android.content.pm.IPackageManager$Stub$Proxy").getDeclaredMethod("getPackageInfo", String.class, int.class, int.class);
        Method replaced = App.class.getDeclaredMethod("Hook", Object[].class);
        backup = ArtHooker.doHook(target, replaced, new App());
        //ArtHooker.deOptimize(target);

        Method t = PackageInfo.CREATOR.getClass().getDeclaredMethod("createFromParcel", Parcel.class);
        Method r = App.class.getDeclaredMethod("Hook1", Object[].class);
        backup1 = ArtHooker.doHook(t, r, new App());
        //ArtHooker.deOptimize(t);

        Log.i(TAG, "attachBaseContext: " + backup.getName());
        Log.i(TAG, "attachBaseContext: " + backup1.getName());

控制台log：
attachBaseContext: getPackageInfo
attachBaseContext: createFromParcel

Not working on Android 13/Tiramisu (API 33)

Tried LSPlant to hook android.app.Activity#getSystemService as a sample, the hook result returns true, but the callback has never been called. Why? trying to deoptimize not work. It works on Android 6 ~ 12 though.

Version5.2 build failed!

Use LSPlant in zygisk modules

Is it possible to integrame LSPlant in an zygisk module? I tried searching for way of doing it but I can't seem to find an optimal way of doing it. Is there a way to maybe use it in an ndk project and statically include lsposed in the zygisk library?

完全按照官方例子，就是初始化直接崩溃

2023-11-07 12:05:54.400 2411-2411 LSPlant-test 2023-11-07 12:05:54.400 2411-2411 LSPlant-test 2023-11-07 12:05:54.400 2411-2411 LSPlant-test 2023-11-07 12:05:54.461 2411-2411 LSPlant-test 2023-11-07 12:05:54.461 2411-2411 LSPlant-test 2023-11-07 12:05:54.461 2411-2411 LSPlant-test 2023-11-07 12:05:54.461 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.471 2411-2411 LSPlant-test 2023-11-07 12:05:54.472 2411-2411 LSPlant-test 2023-11-07 12:05:54.472 2411-2411 LSPlant-test 2023-11-07 12:05:54.472 2411-2411 LSPlant-test 2023-11-07 12:05:54.472 2411-2411 LSPlant-test 2023-11-07 12:05:54.476 2411-2411 libc com.mz.zldlx.a233 D elf_util.cpp:254#bool SandHook::ElfImg::findModuleBase(): found: 7769142000-776973b000 r-xp 00000000 103:0b 1926 /system/lib64/libart.so
com.mz.zldlx.a233 D elf_util.cpp:260#bool SandHook::ElfImg::findModuleBase(): update path: /system/lib64/libart.so
com.mz.zldlx.a233 D elf_util.cpp:280#bool SandHook::ElfImg::findModuleBase(): get module base /system/lib64/libart.so: 7769142000
com.mz.zldlx.a233 D elf_util.cpp:229#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3artL15GetMethodShortyEP7_JNIEnvP10_jmethodID 0x3cb7b0 in /system/lib64/libart.so in symtab by linear lookup
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art9ArtMethod12PrettyMethodEPS0_b 0xde944 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art6Thread14CurrentFromGdbEv 0x4a6848 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv 0x131568 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art11ClassLinker22FixupStaticTrampolinesENS_6ObjPtrINS_6mirror5ClassEEE 0x131694 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art9ArtMethod14RegisterNativeEPKvb 0xdcf38 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art9ArtMethod16UnregisterNativeEv 0xdd1f8 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZNK3art11ClassLinker27SetEntryPointsToInterpreterEPNS_9ArtMethodE 0x14a3c4 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art6mirror5Class13GetDescriptorEPNSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE 0x3ac498 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art6mirror5Class11GetClassDefEv 0x3b354c in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art6mirror5Class9SetStatusENS_6HandleIS1_EENS1_6StatusEPNS_6ThreadE 0x3ab318 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art16ScopedSuspendAllC2EPKcb 0x4b4778 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art16ScopedSuspendAllD2Ev 0x4b4790 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art2gc23ScopedGCCriticalSectionC2EPNS_6ThreadENS0_7GcCauseENS0_13CollectorTypeE 0x237938 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art2gc23ScopedGCCriticalSectionD2Ev 0x237978 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found ZN3art3jit12JitCodeCache18MoveObsoleteMethodEPNS_9ArtMethodES3 0x325aa4 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art3jit12JitCodeCache19GarbageCollectCacheEPNS_6ThreadE 0x322ed4 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art7Runtime9instance_E 0x632160 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 D elf_util.cpp:221#Elf64_Addr SandHook::ElfImg::getSymbOffset(std::string_view, uint32_t, uint32_t) const: found _ZN3art7Runtime17SetJavaDebuggableEb 0x47f390 in /system/lib64/libart.so in dynsym by gnuhash
com.mz.zldlx.a233 A Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 2411 (m.mz.zldlx.a233), pid 2411 (m.mz.zldlx.a233)

编译失败

链接liblsplant.so时失败，FAILED: [Path]/app/build/intermediates/cxx/RelWithDebInfo/36371buv/obj/arm64-v8a/liblsplant.so
原因应该是在RelWithDebInfo/36371buv/obj/arm64-v8a目录中，并未编译出liblsplant.so

sh: <stdin>[4]: /data/user/0/moe.shizuku.redirectstorage/files/starter: Permission denied Unable to open root shell. Please make sure your device is rooted and check your root manager app.

Fatal signal 4 (SIGILL) on armv7, Android 10 (Nexus 7 2013)

I'm using LSPlant (via Aliuhook) in an app, and while it works perfectly on modern armv8 devices, I've just tried to get it going on armv7 for laughs and LSPlant seems to not like the platform:

Ignore the fingerprint, the device is actually running Android 10, this ROM (QQ2A.2000405.005)

06-14 20:15:04.090 10935 10935 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-14 20:15:04.090 10935 10935 F DEBUG   : Build fingerprint: 'google/razor/flo:6.0.1/MOB30X/3036618:user/release-keys'
06-14 20:15:04.090 10935 10935 F DEBUG   : Revision: '0'
06-14 20:15:04.090 10935 10935 F DEBUG   : ABI: 'arm'
06-14 20:15:04.102 10935 10935 F DEBUG   : Timestamp: 2022-06-14 20:15:04+0100
06-14 20:15:04.102 10935 10935 F DEBUG   : pid: 10867, tid: 10867, name: xelambientmusic  >>> com.kieronquinn.app.pixelambientmusic <<<
06-14 20:15:04.102 10935 10935 F DEBUG   : uid: 10158
06-14 20:15:04.103 10935 10935 F DEBUG   : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xa74e0004 (*pc=0xf010f8df)
06-14 20:15:04.103 10935 10935 F DEBUG   :     r0  aab6aa80  r1  13026628  r2  a74e0001  r3  80c092c4
06-14 20:15:04.103 10935 10935 F DEBUG   :     r4  13026628  r5  aab6aa80  r6  aab6aa80  r7  be9c56b0
06-14 20:15:04.103 10935 10935 F DEBUG   :     r8  be9c5728  r9  0000015f  r10 5a587b3d  r11 aa60c260
06-14 20:15:04.103 10935 10935 F DEBUG   :     ip  80033d1c  sp  be9c55a0  lr  80076761  pc  a74e0004
06-14 20:15:08.048 10935 10935 F DEBUG   :
06-14 20:15:08.048 10935 10935 F DEBUG   : backtrace:
06-14 20:15:08.048 10935 10935 F DEBUG   :       #00 pc 00000004  <anonymous:a74e0000>
06-14 20:15:08.048 10935 10935 F DEBUG   :       #01 pc 0001175f  /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/lib/arm/liblsplant.so (BuildId: 4283a16ea35097d9497b6c7d2fe132833796d5d9)
06-14 20:15:08.048 10935 10935 F DEBUG   :       #02 pc 00100e45  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0xfd000) (art::ClassLinker::InitializeClass(art::Thread*, art::Handle<art::mirror::Class>, bool, bool)+2048) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #03 pc 000f10f3  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0xed000) (art::ClassLinker::EnsureInitialized(art::Thread*, art::Handle<art::mirror::Class>, bool, bool)+58) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #04 pc 001f2d25  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+352) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.052 10935 10935 F DEBUG   :       #05 pc 0020dfa1  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+768) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #06 pc 0042dbe5  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeStatic+336) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #07 pc 000d2994  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.053 10935 10935 F DEBUG   :       #08 pc 0000f3b6  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.hookMethod+6)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #09 pc 0042d749  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeDirect+940) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #10 pc 000d2914  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #11 pc 0000f66e  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.setupHooks+650)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #12 pc 0042d749  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeDirect+940) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.055 10935 10935 F DEBUG   :       #13 pc 000d2914  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #14 pc 0000f69a  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks.init+2)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #15 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #16 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #17 pc 0000edae  [anon:dalvik-classes11.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes11.dex] (com.kieronquinn.app.pixelambientmusic.xposed.XposedHooks$Companion.setupHooks+546)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #18 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #19 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #20 pc 00004ade  [anon:dalvik-classes10.dex extracted in memory from /data/app/com.kieronquinn.app.pixelambientmusic-_oc8J-QUsJLPPRDJx6ViFQ==/base.apk!classes10.dex] (com.kieronquinn.app.pixelambientmusic.Injector.attachBaseContext+74)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #21 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.056 10935 10935 F DEBUG   :       #22 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #23 pc 00199a20  /system/framework/framework.jar (android.app.Application.attach)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #24 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #25 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #26 pc 001e5f08  /system/framework/framework.jar (android.app.Instrumentation.newApplication+24)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #27 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #28 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #29 pc 001ea874  /system/framework/framework.jar (android.app.LoadedApk.makeApplication+120)
06-14 20:15:08.057 10935 10935 F DEBUG   :       #30 pc 0042b8dd  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (MterpInvokeVirtual+1200) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #31 pc 000d2814  /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #32 pc 0017f018  /system/framework/framework.jar (android.app.ActivityThread.handleBindApplication+2032)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #33 pc 001ee197  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.8948476230334279806+170) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #34 pc 001f2b79  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x1e9000) (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+120) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #35 pc 0041fced  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (artQuickToInterpreterBridge+820) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #36 pc 000dc5a1  /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #37 pc 000d7bc5  /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #38 pc 004363ab  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x37f000) (art_quick_invoke_stub+250) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #39 pc 000dff93  /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+166) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #40 pc 00376a67  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x338000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+54) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.058 10935 10935 F DEBUG   :       #41 pc 00377d31  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x338000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+788) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.059 10935 10935 F DEBUG   :       #42 pc 003237f3  /apex/com.android.runtime/lib/libart.so!libart.so (offset 0x2e9000) (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+30) (BuildId: 05244180e8793b3072772e09a73d0db0)
06-14 20:15:08.059 10935 10935 F DEBUG   :       #43 pc 000b97ef  /system/framework/arm/boot.oat (BuildId: 6b3463fcb05baab29017e055a20411ff5c16d16c)

Other logs before the crash:

                 Zygote  I  seccomp disabled by setenforce 0
         xelambientmusi  I  Late-enabling -Xcheck:jni
                         E  Unknown bits set in runtime_flags: 0x8000
                   Riru  V  hook removed
                         V  edxp: forkAndSpecializePost
         xelambientmusi  W  Unsupported class loader
               SandHook  D  method <public java.lang.ClassLoader android.app.LoadedApk.getClassLoader()> hook <replacement> success!

Using the latest Aliuhook build, which itself uses LSPlant v4.0

As far as I can tell the crash is in LSPlant, but if it's within the scope of Aliuhook, I'll move it there.

This is a pretty old device so if it doesn't work that's not the end of the world, but I thought I'd report it anyway.

Cheers!

App crashes when debugger is attached

Hi there,

Thanks for providing and maintaining this awesome library. I'm currently building a testing app to test the library and it works fine as long as there is no attached debugger. When I attach a debugger, I get this error message, and the app crashes:

A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfffffffe01864cb8 in tid 22089 (JDWP Transport )

A stack trace if that would be helpful:

art_sigsegv_fault 0x0000006e34a7d0a0
art::FaultManager::HandleFault(int, siginfo*, void*) 0x0000006e34a7d5d4
art::SignalChain::Handler(int, siginfo*, void*) 0x0000005af6fc7ea0
<unknown> 0x00000070cb6a58b0
unsigned long art::jni::JniIdManager::EncodeGenericId<art::ArtMethod>(art::ReflectiveHandle<art::ArtMethod>) 0x0000006e34bd6b3c
art::jni::JniIdManager::EncodeMethodId(art::ArtMethod*) 0x0000006e34bd65f8
openjdkjvmti::ClassUtil::GetClassMethods(_jvmtiEnv*, _jclass*, int*, _jmethodID***) 0x0000006dcd267088
methods1 0x0000006dcd1cff88
methodsWithGeneric 0x0000006dcd1cf8a0
debugLoop_run 0x0000006dcd1db420
acceptThread 0x0000006dcd1ee6ac
openjdkjvmti::AgentCallback(void*) 0x0000006dcd2e5f54
__pthread_start(void*) 0x00000070c6f7475c
__start_thread 0x00000070c6f14154

I'm using this version: org.lsposed.lsplant:lsplant-standalone:5.0 and testing on a Pixel 2XL running Android 11. I would appreciate it if you give me any hints to overcome this issue.

Regards.

signal 4 (SIGILL), code -6 (SI_TKILL) on moto edge s pro android 13

我自己编译了lsplant (release)，做了一个so库加到手机qq的apk里，测试了test里的例子（如下），从日志可以看到hook是成功的。

Method normalMethod = LSPTest.class.getDeclaredMethod("normalMethod", String.class, int.class, long.class);
Method normalMethodReplacement = Replacement.class.getDeclaredMethod("normalMethodReplacement", Hooker.MethodCallback.class);
String a = "test";
int b = 114514;
long c = 1919810L;
String o = a + b + c;
String r = a + b + c + "replace";
LSPTest test = new LSPTest();
Log.e("TAG", "before hook: " + test.normalMethod(a, b, c));

Hooker hooker = Hooker.hook(normalMethod, normalMethodReplacement, new Replacement());
Log.e("TAG", "after hook: " + test.normalMethod(a, b, c));
hooker.unhook();
Log.e("TAG", "after remove hook: " + test.normalMethod(a, b, c));

但打开手q以后什么也不干，过一会儿手q就崩溃了，堆栈如下。

手机是moto edge s pro，android 13。

大佬能不能帮忙看看什么原因？

2023-10-30 20:25:25.719  1063-1063  Zygote                  pid-1063                             I  Process 24756 exited due to signal 9 (Killed)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  Build fingerprint: 'motorola/pstar_cmcc/pstar:13/T1RAA33.39-11-2/ef936f-1008e:user/release-keys'
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  Revision: 'pvt'
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  ABI: 'arm64'
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  Timestamp: 2023-10-30 20:25:25.225754869+0800
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  Process uptime: 12s
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  Cmdline: com.tencent.mobileqq
2023-10-30 20:25:25.720  1799-1891  libprocessgroup         pid-1799                             I  Successfully killed process cgroup uid 10326 pid 24756 in 0ms
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  pid: 26628, tid: 26662, name: QQ_SUB  >>> com.tencent.mobileqq <<<
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  uid: 10402
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  signal 4 (SIGILL), code -6 (SI_TKILL), fault addr --------
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x0  000000706b0f1ecc  x1  0000000000000004  x2  0000000000000000  x3  000000706b0f1ecc
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x4  0000000015552360  x5  000000706b0f1ee8  x6  00000070791b15bc  x7  0000000015672388
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x8  000000000004b703  x9  0000007105b92070  x10 0000000000000070  x11 0000000000000001
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x12 003d2814531dbc9b  x13 0000000000000001  x14 000000706b0f1d78  x15 000000710a8d8f90
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x16 0000000000000001  x17 00000b1916991675  x18 000000706a958000  x19 00000070791b15bc
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x20 000000706b0f1ecc  x21 00000071c20745d0  x22 0000000015552360  x23 b4000071f2066980
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x24 0000000012dc0d20  x25 000000706b0f3000  x26 0000000000000001  x27 00000071c20745d0
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      x28 00000070791b15bc  x29 000000706b0f1db0
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A      lr  000000710abce94c  sp  000000706b0f1da0  pc  0000007102d89030  pst 0000000040001000
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A  backtrace:
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #00 pc 0000000000000030  <anonymous:7102d89000>
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #01 pc 00000000003ce948  /apex/com.android.art/lib64/libart.so (art::ClassLinker::SetupClass(art::DexFile const&, art::dex::ClassDef const&, art::Handle<art::mirror::Class>, art::ObjPtr<art::mirror::ClassLoader>)+336) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #02 pc 00000000003cc498  /apex/com.android.art/lib64/libart.so (art::ClassLinker::DefineClass(art::Thread*, char const*, unsigned long, art::Handle<art::mirror::ClassLoader>, art::DexFile const&, art::dex::ClassDef const&)+1200) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #03 pc 00000000003c9b28  /apex/com.android.art/lib64/libart.so (art::ClassLinker::FindClassInBaseDexClassLoader(art::ScopedObjectAccessAlreadyRunnable&, art::Thread*, char const*, unsigned long, art::Handle<art::mirror::ClassLoader>, art::ObjPtr<art::mirror::Class>*)+1124) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #04 pc 00000000003c58d8  /apex/com.android.art/lib64/libart.so (art::ClassLinker::FindClass(art::Thread*, char const*, art::Handle<art::mirror::ClassLoader>)+1052) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #05 pc 00000000003b7144  /apex/com.android.art/lib64/libart.so (art::ClassLinker::DoResolveType(art::dex::TypeIndex, art::Handle<art::mirror::DexCache>, art::Handle<art::mirror::ClassLoader>)+156) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #06 pc 00000000003add18  /apex/com.android.art/lib64/libart.so (NterpGetStaticField+2596) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #07 pc 000000000020f180  /apex/com.android.art/lib64/libart.so (nterp_get_static_field+48) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #08 pc 0000000000208f44  /apex/com.android.art/lib64/libart.so (nterp_op_sget_object_slow_path+20) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #09 pc 0000000003bc1f84  /data/app/~~RUIND5RDG7gSOPq3hxxISg==/com.tencent.mobileqq-Nd3T46ZS_-VsHeNvssD2kg==/oat/arm64/base.vdex (com.tencent.mobileqq.startup.monitor.NtStartupMonitor$onColdEnd$1.run+544)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #10 pc 000000000050bfac  /data/app/~~RUIND5RDG7gSOPq3hxxISg==/com.tencent.mobileqq-Nd3T46ZS_-VsHeNvssD2kg==/oat/arm64/base.odex (mqq.os.MqqHandler.dispatchMessage+172)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #11 pc 00000000004bb4b4  /data/app/~~RUIND5RDG7gSOPq3hxxISg==/com.tencent.mobileqq-Nd3T46ZS_-VsHeNvssD2kg==/oat/arm64/base.odex (mqq.os.MqqHandler$NativeHandler.dispatchMessage+68)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #12 pc 000000000201f2c0  /memfd:jit-cache (deleted) (android.os.Looper.loopOnce+2496)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #13 pc 000000000056ac90  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+576) (BuildId: a5d6d160516d322e4161117049e2b5ce9118543c)
2023-10-30 20:25:25.720 26922-26922 DEBUG                   pid-26922                            A        #14 pc 0000000000569e14  /system/framework/arm64/boot-framework.oat (android.os.HandlerThread.run+436) (BuildId: a5d6d160516d322e4161117049e2b5ce9118543c)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #15 pc 0000000000457b6c  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+556) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #16 pc 0000000000484e54  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+156) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #17 pc 0000000000484b20  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+400) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #18 pc 00000000005ce334  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1684) (BuildId: 289d75599f6112d5757113220599e90b)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #19 pc 00000000000ba598  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208) (BuildId: a6dff06a8692e32fa3d76a20ab123774)
2023-10-30 20:25:25.721 26922-26922 DEBUG                   pid-26922                            A        #20 pc 0000000000053f3c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68) (BuildId: a6dff06a8692e32fa3d76a20ab123774)
2023-10-30 20:25:25.748   916-916   tombstoned              pid-916                              E  Tombstone written to: tombstone_25
2023-10-30 20:25:25.751  1799-26931 DropBoxManagerService   pid-1799                             I  add tag=data_app_native_crash isTagEnabled=true flags=0x2

bump to 3.3

please?

Failed to find GetMethodShorty

When using LSPosed on the latest LineageOS build for my device (LineageOS 21.0, Android 14), LSPlant (and in turn, LSPosed) fails to start with the following error.

I don't really know how to investigate the issue. I've done a custom LSPosed build with the latest version of LSPlant at the time of this comment and the same issue is happening.

If you need any more info, logs, or dumps, let me know.

04-17 23:23:46.576  1940  3272 I ActivityTaskManager: START u0 {act=android.intent.action.MAIN cat=[df59a6a2-e596-4dd4-b8b8-fc176da40f09,org.lsposed.manager.LAUNCH_MANAGER] flg=0x10000000 pkg=com.android.shell cmp=com.android.shell/.BugreportWarningActivity} with LAUNCH_MULTIPLE from uid 1000 (BAL_ALLOW_ALLOWLISTED_UID) result code=0
04-17 23:23:46.577  1940  2297 W ActivityManager: ProcessRecord{f14e49d 0:com.android.shell/2000} is attached to a previous process 9607
04-17 23:23:46.577  3242  3284 V WindowManagerShell: Transition requested (#23): android.os.BinderProxy@add59c7 TransitionRequestInfo { type = OPEN, triggerTask = TaskInfo{userId=0 taskId=224 displayId=0 isRunning=true baseIntent=Intent { act=android.intent.action.MAIN cat=[df59a6a2-e596-4dd4-b8b8-fc176da40f09,org.lsposed.manager.LAUNCH_MANAGER] flg=0x10800000 pkg=com.android.shell cmp=com.android.shell/.BugreportWarningActivity } baseActivity=ComponentInfo{com.android.shell/com.android.shell.BugreportWarningActivity} topActivity=ComponentInfo{com.android.shell/com.android.shell.BugreportWarningActivity} origActivity=null realActivity=ComponentInfo{com.android.shell/com.android.shell.BugreportWarningActivity} numActivities=1 lastActiveTime=629870 supportsMultiWindow=true resizeMode=1 isResizeable=true minWidth=-1 minHeight=-1 defaultMinSize=220 token=WCT{android.window.IWindowContainerToken$Stub$Proxy@8840bf4} topActivityType=1 pictureInPictureParams=null shouldDockBigOverlays=false launchIntoPipHostTaskId=-1 lastParentTaskIdBeforePip=-1 displayCutoutSafeInsets=Rect(0, 87 - 0, 0) topActivityInfo=ActivityInfo{e959f1d com.android.shell.BugreportWarningActivity} launchCookies=[] positionInParent=Point(0, 0) parentTaskId=-1 isFocused=false isVisible=false isVisibleRequested=false isSleeping=false locusId=null displayAreaFeatureId=1 isTopActivityTransparent=true appCompatTaskInfo=AppCompatTaskInfo { topActivityInSizeCompat=false topActivityEligibleForLetterboxEducation= false isLetterboxDoubleTapEnabled= false topActivityEligibleForUserAspectRatioButton= false topActivityBoundsLetterboxed= false isFromLetterboxDoubleTap= false topActivityLetterboxVerticalPosition= -1 topActivityLetterboxHorizontalPosition= -1 topActivityLetterboxWidth=-1 topActivityLetterboxHeight=-1 isUserFullscreenOverrideEnabled=false cameraCompatControlState=hidden}}, pipTask = null, remoteTransition = null, displayChange = null, flags = 0, debugId = 23 }
04-17 23:23:46.577  1940  2297 I ActivityManager: com.android.shell is exempt from freezer
04-17 23:23:46.577  1940  2297 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 2000; state: DISABLED
04-17 23:23:46.577  1940  2297 D CompatibilityChangeReporter: Compat change id reported: 177438394; UID 2000; state: DISABLED
04-17 23:23:46.578  1940  2297 D CompatibilityChangeReporter: Compat change id reported: 135772972; UID 2000; state: DISABLED
04-17 23:23:46.578  1940  2297 D CompatibilityChangeReporter: Compat change id reported: 135754954; UID 2000; state: ENABLED
04-17 23:23:46.579  1940  2297 W ActivityManager: ProcessRecord{f14e49d 0:com.android.shell/2000} is attached to a previous process 9607
04-17 23:23:46.579  1940  2297 W ActivityManager: ProcessRecord{f14e49d 0:com.android.shell/2000} is attached to a previous process 9607
04-17 23:23:46.581  3242  3284 D WindowManagerShell: setLauncherKeepClearAreaHeight: visible=false, height=257
04-17 23:23:46.586  1439  1439 I BpBinder: onLastStrongRef automatically unlinking death recipients: 
04-17 23:23:46.588  1165  1165 I Zygote  : Process 9607 exited due to signal 9 (Killed)
04-17 23:23:46.588  1940  4067 V ActivityManager: Got obituary of 9607:com.android.shell
04-17 23:23:46.588  1940  2297 W ActivityManager: setHasOverlayUi called on unknown pid: 9607
04-17 23:23:46.595  1165  1165 D Zygote  : Forked child process 9983
04-17 23:23:46.596  1940  2308 I ActivityManager: Start proc 9983:com.android.shell/2000 for next-top-activity {com.android.shell/com.android.shell.BugreportWarningActivity}
04-17 23:23:46.603  9983  9983 I m.android.shell: Using CollectorTypeCMC GC.
04-17 23:23:46.605  9983  9983 E m.android.shell: Not starting debugger since process cannot load the jdwp agent.
04-17 23:23:46.608  9983  9983 W m.android.shell: Core platform API violation: Ljava/lang/Class;->accessFlags:I from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.608  9983  9983 W m.android.shell: Core platform API violation: Ljava/lang/reflect/Executable;->artMethod:J from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.608  9983  9983 W m.android.shell: Core platform API violation: Ljava/lang/reflect/Executable;->accessFlags:I from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.609  9983  9983 E LSPlant : Failed to find GetMethodShorty
04-17 23:23:46.609  9983  9983 E LSPlant : Failed to init art method
04-17 23:23:46.609  9983  9983 E LSPosed : Failed to init lsplant
04-17 23:23:46.610  9983  9983 W m.android.shell: Core platform API violation: Ldalvik/system/BaseDexClassLoader;->pathList:Ldalvik/system/DexPathList; from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.610  9983  9983 W m.android.shell: Core platform API violation: Ldalvik/system/DexPathList;->dexElements:[Ldalvik/system/DexPathList$Element; from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.610  9983  9983 W m.android.shell: Core platform API violation: Ldalvik/system/DexPathList$Element;->dexFile:Ldalvik/system/DexFile; from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.610  9983  9983 W m.android.shell: Core platform API violation: Ldalvik/system/DexFile;->mCookie:Ljava/lang/Object; from Lcom/android/internal/os/Zygote; using JNI
04-17 23:23:46.611  9983  9983 W BpBinder: Linking to death on org.lsposed.lspd.service.ILSPApplicationService but there are no threads (yet?) listening to incoming transactions. See ProcessState::startThreadPool and ProcessState::setThreadPoolMaxThreadCount. Generally you should setup the binder threadpool before other initialization steps.
04-17 23:23:46.616  9983  9983 F libc    : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 9983 (m.android.shell), pid 9983 (m.android.shell)
04-17 23:23:46.636  9992  9992 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto
04-17 23:23:46.637   958   958 I tombstoned: received crash request for pid 9983
04-17 23:23:46.637  9992  9992 I crash_dump64: performing dump of process 9983 (target tid = 9983)
04-17 23:23:46.643  9992  9992 E DEBUG   : failed to read process info: failed to open /proc/9983: No such file or directory
04-17 23:23:46.658  1842  1842 E BATTERY_CHG: power_supply_read_temp: batt_thermal temp:360 ,delta:10154 rc=0
04-17 23:23:46.678  4867  4867 I A       : onPause
04-17 23:23:46.683  1940  2284 W ActivityTaskManager: takeTaskSnapshot: taskId=213 not found or not visible
04-17 23:23:46.685  1940  2284 W ActivityTaskManager: takeTaskSnapshot: taskId=224 not found or not visible
04-17 23:23:46.702  9992  9992 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-17 23:23:46.702  9992  9992 F DEBUG   : LineageOS Version: '21.0-20240417-UNOFFICIAL-GMS-cupid'
04-17 23:23:46.702  9992  9992 F DEBUG   : Build fingerprint: 'Xiaomi/lineage_cupid/cupid:14/AP1A.240405.002.A1/eng.arian.20240417.102102:userdebug/test-keys'
04-17 23:23:46.702  9992  9992 F DEBUG   : Revision: '0'
04-17 23:23:46.702  9992  9992 F DEBUG   : ABI: 'arm64'
04-17 23:23:46.702  9992  9992 F DEBUG   : Timestamp: 2024-04-17 23:23:46.643625651+0200
04-17 23:23:46.702  9992  9992 F DEBUG   : Process uptime: 0s
04-17 23:23:46.702  9992  9992 F DEBUG   : Cmdline: zygote64
04-17 23:23:46.702  9992  9992 F DEBUG   : pid: 9983, tid: 9983, name: m.android.shell  >>> zygote64 <<<
04-17 23:23:46.702  9992  9992 F DEBUG   : uid: 2000
04-17 23:23:46.702  9992  9992 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
04-17 23:23:46.702  9992  9992 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
04-17 23:23:46.702  9992  9992 F DEBUG   : Cause: null pointer dereference
04-17 23:23:46.702  9992  9992 F DEBUG   :     x0  0000000000000000  x1  0000000000000000  x2  b400007ae7d7f7b0  x3  0000000000000010
04-17 23:23:46.702  9992  9992 F DEBUG   :     x4  0000000000000000  x5  0000000000000000  x6  000000000000004a  x7  7f7f7f7f7f7f7f7f
04-17 23:23:46.702  9992  9992 F DEBUG   :     x8  0000000000000000  x9  41269d51e873cbbc  x10 000000000000004a  x11 00000000ce07d022
04-17 23:23:46.702  9992  9992 F DEBUG   :     x12 000000000000000f  x13 b400007bc7d79c10  x14 000000000000000a  x15 0000007d37a09058
04-17 23:23:46.702  9992  9992 F DEBUG   :     x16 0000007a3702f9a8  x17 0000007d112c4f80  x18 0000007d3848c000  x19 0000000000000000
04-17 23:23:46.702  9992  9992 F DEBUG   :     x20 0000007fe814ad80  x21 0000007a37038cc0  x22 0000000000000000  x23 0000000000000011
04-17 23:23:46.702  9992  9992 F DEBUG   :     x24 0000007fe814b58c  x25 0000000070502a98  x26 000000798000d7e0  x27 0000007d37a09041
04-17 23:23:46.702  9992  9992 F DEBUG   :     x28 0000007a37030e08  x29 b400007bc7d79bf0
04-17 23:23:46.702  9992  9992 F DEBUG   :     lr  0000007a3700c76c  sp  0000007fe814ace0  pc  0000007d112c4f90  pst 0000000080001000
04-17 23:23:46.702  9992  9992 F DEBUG   : 2 total frames
04-17 23:23:46.702  9992  9992 F DEBUG   : backtrace:
04-17 23:23:46.702  9992  9992 F DEBUG   :       #00 pc 0000000000056f90  /apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64+16) (BuildId: 6fc89baec7cc2ccf271be8211fe7d9f0)
04-17 23:23:46.702  9992  9992 F DEBUG   :       #01 pc 000000000000b768  /memfd:jit-cache (deleted)
04-17 23:23:46.708   958   958 E tombstoned: Tombstone written to: tombstone_08
04-17 23:23:46.710  1940  2984 E NativeTombstoneManager: Tombstone's UID (2000) not an app, ignoring
04-17 23:23:46.711  1940  9996 I DropBoxManagerService: add tag=system_app_native_crash isTagEnabled=true flags=0x2
04-17 23:23:46.723     1     1 I init    : Untracked pid 9992 exited with status 0
04-17 23:23:46.723     1     1 I init    : Untracked pid 9992 did not have an associated service entry and will not be reaped
04-17 23:23:46.715  1940  2984 I BootReceiver: Copying /data/tombstones/tombstone_08 to DropBox (SYSTEM_TOMBSTONE)
04-17 23:23:46.715  1940  2984 I DropBoxManagerService: add tag=SYSTEM_TOMBSTONE isTagEnabled=true flags=0x6
04-17 23:23:46.728     1     1 I init    : Untracked pid 9994 exited with status 0
04-17 23:23:46.728     1     1 I init    : Untracked pid 9994 did not have an associated service entry and will not be reaped
04-17 23:23:46.718  1165  1165 I Zygote  : Process 9983 exited due to signal 11 (Segmentation fault)

Regards,
Iscle

closed

done

LSPosed EoL

Is there still development on LSPosed? The repo says archived?

feedback

nothing

根据文档无法执行初始化

初始化需要保证 art_symbol_resolver art_symbol_prefix_resolver 非空，测试示例中使用了

lsparself::Elf art("/libart.so");

进行初始化，但是实际使用过程中，无法获取 lsparself 源码或者库。

logging.hpp

if add add_definitions(-DLOG_DISABLED)

use of undeclared identifier 'PLOGE'
PLOGE("mmap trampoline");

#define PLOGE(fmt, args...) LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno))
You may forget to set up the PLOGE (...) 0

Jsvh

elf_util may be some problems

/system/lib64/libmediandk.so

This so does not have a (. symtab) section 。
This is a system of so 。I need to get one of his non-export functions 。
AMediaDrm_getPropertyByteArray_0

But now I get getting null

void* getSymCompat(const char * filename, const char *symbol){
    void *phandle = dlopen_compat(filename, RTLD_NOW);
    if(phandle==nullptr){
        LOG(ERROR)<< "getSymCompat get handle error "<< filename;
        return nullptr;
    }

    void *pSymbol = dlsym_compat(phandle, symbol);
    if(pSymbol!=nullptr){
        return pSymbol;
    }else{
        LOG(INFO)<< "getSymCompat get sym error , start get debug symbol "<< symbol;
    }
   
    SandHook::ElfImg elfImg(filename);
    pSymbol = reinterpret_cast<void *>(elfImg.getSymbAddress(symbol));
    if(pSymbol!= nullptr){
        LOG(INFO)<< "get debug symbol sucess!  "<< symbol;
    } else{
        LOG(ERROR)<< "get debug symbol fail !  "<< symbol;
    }
    dlclose_compat(phandle);
    return pSymbol;
}

Android 14 removed SetJavaDebuggable

https://android-review.googlesource.com/c/platform/art/+/2185979

  enum class RuntimeDebugState {
    // This doesn't support any debug features / method tracing. This is the expected state usually.
    kNonJavaDebuggable,
    // This supports method tracing and a restricted set of debug features (for ex: redefinition
    // isn't supported). We transition to this state when method tracing has started or when the
    // debugger was attached and transition back to NonDebuggable once the tracing has stopped /
    // the debugger agent has detached..
    kJavaDebuggable,
    // The runtime was started as a debuggable runtime. This allows us to support the extended set
    // of debug features (for ex: redefinition). We never transition out of this state.
    kJavaDebuggableAtInit
  };

void Runtime::SetRuntimeDebugState(RuntimeDebugState state) {
  if (state != RuntimeDebugState::kJavaDebuggableAtInit) {
    // We never change the state if we started as a debuggable runtime.
    DCHECK(runtime_debug_state_ != RuntimeDebugState::kJavaDebuggableAtInit);
  }
  runtime_debug_state_ = state;
}

Might there be Java/Kotlin API (core or module) support in the future?

很棒的项目！~~（也许这个应该放到讨论中，但这个仓库没开🤐）~~
我有一个项目，内部使用 d8 来实现 java method hook，但最近有一些系统 runtime 方面的 hook 需求 d8 无法实现，因此发现了这个项目给我很大的惊喜，但目前似乎没有提供 java/kotlin 的 api? 请问有提供的打算吗？如果没有的话是否愿意接受 kotlin api 的贡献？（因为我发现几乎全部 lsp 项目都是用 java 编写的，kotlin 可能不受宠 😰）

我的项目内部使用着一套自己设计的不算太完善的 hook api，它是由 Kotlin 编译器和 IDE 实现的基于声明式和强类型理念的 api...大概
因此如果可以我很乐意补充这个项目缺少的易用 api . 如果有讨论区或者你们对此感兴趣，我可以提交一些设计细节，我可以随时开始 pr（我承认我是lsp的粉丝！😇

它目前大概长这样

class MainActivity : Suannai<Activity>(primaryHook = "com.example.main.MainActivity".type) {
  // 反射名为 viewBinding 的字段
  val Activity.viewBinding: ViewBinding = field()
 
  fun init() = hookConstructor(
    head = {
      require(arguments.isEmpty())
      ...
    },
    tail = {
      require(returns == Void)
      ...
    }
  )
  
  // Hook: 'public boolean isShowBottomNavigation(boolean show)'
  fun changeBottomNavigationState(isShow: Boolean) = hook(
    name = "isShowBottomNavigation",
    body = {
      // 替换传参
      isShow = false
      val activity: Activity = thiz
      activity.viewBinding.apply {
        if (activity.isFaild) { 
          activity.recreate()
          callOriginal(isShow)
        }
        bottomNavigationView.alpha = 0f
        return(false)
      }
    }
  )
  
  class ViewBinding : InstanceMock(actual = "com.example.databinding.ActivityMainBinding".type) {
    val bottomNavigationView = field<View>(type = "com.example.views.ThemeBottomNavigationView")
  }
}

Android 13's static method Hook failed

release打包下模式打包软件白屏

以下是在miui运行的堆栈：
W/MIUIScout App: Event:APP_SCOUT_WARNING Thread:main backtrace:
at dalvik.system.DexFile.openInMemoryDexFilesNative(Native Method)
at dalvik.system.DexFile.openInMemoryDexFiles(DexFile.java:393)
at dalvik.system.DexFile.(DexFile.java:121)
at dalvik.system.DexPathList.initByteBufferDexPath(DexPathList.java:264)
at dalvik.system.BaseDexClassLoader.(BaseDexClassLoader.java:197)
at dalvik.system.InMemoryDexClassLoader.(InMemoryDexClassLoader.java:40)
at dalvik.system.InMemoryDexClassLoader.(InMemoryDexClassLoader.java:52)
at dalvik.system.InMemoryDexClassLoader.(InMemoryDexClassLoader.java:63)
at myApp.attachBaseContext(Native Method)#在attachBaseContext调用hook java方法(不进行hook同样会白屏)
at android.app.Application.attach(Application.java:333)
at android.app.Instrumentation.newApplication(Instrumentation.java:1178)
at android.app.LoadedApk.makeApplication(LoadedApk.java:1369)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:7033)

hook方式：

在debug打包模式下正常hook并且打开软件

cmake配置：
不编译lsplant动态库，仅编译lsplant静态库，并将lsplant与dobby的静态库均链接至我的so

在原生android也进行了测试，同样白屏，但软件并未崩溃退出
miui13 android12，google pixel原生android10

ZTE A606 v27 arm64 hook虽然成功返回方法备份，但方法并没有被hook

InlineHookFunType,InlineUnhookFunType,ArtSymbolResolver,ArtSymbolPrefixResolver均已实现且可正常使用，只在这台设备无法hook，其他设备都能正常hook
LSPlant为最新一次提交debug版
logcat如下:

--------- beginning of main
12-20 17:35:43.821 13042 13042 I zygote64: Late-enabling -Xcheck:jni
12-20 17:35:44.175 13042 13042 I LoadedApk: No resource references to update in package androidzte
12-20 17:35:44.210 13042 13042 I Settings: Requested generation tracker for type: /global in package:com.example.lsptest and user:0
12-20 17:35:44.214 13042 13042 I Settings: Received generation tracker for type:/global in package:com.example.lsptest and user:0 with index:0
12-20 17:35:44.317 13042 13042 W asset   : addOverlayPath: packagePath: /data/resource-cache/theme/default_theme_01/androidzte/, idmapPath Path: /data/resource-cache/theme/default_theme_01/androidzte/idmap, resApkPath /data/resource-cache/theme/default_theme_01/androidzte/resources.apk
12-20 17:35:44.378 13042 13042 E BitmapFactory: Unable to decode stream: java.io.FileNotFoundException: /data/resource-cache/cache/icon-cache/icon/icon/com_example_lsptest.png (No such file or directory)
12-20 17:35:44.393 13042 13042 I IconPackHelper: translateBitMap bmp = android.graphics.Bitmap@b5422d1
12-20 17:35:44.431 13042 13042 I IconPackHelper: light = 54 start = 66 end = 100
12-20 17:35:44.431 13042 13042 I IconPackHelper: light = 54 start = 0 end = 65
12-20 17:35:44.443 13042 13042 I IconPackHelper: translateBitMap bgBmp = android.graphics.Bitmap@414b136 maskBmp = android.graphics.Bitmap@921837
12-20 17:35:44.443 13042 13042 I IconPackHelper: translateBitMap overlap = 0
12-20 17:35:44.942 13042 13042 W System.err: java.lang.Exception: Stack trace
12-20 17:35:44.942 13042 13042 W System.err: 	at java.lang.Thread.dumpStack(Thread.java:1348)
12-20 17:35:44.943 13042 13042 W System.err: 	at com.example.lsptest.MainActivity.test(MainActivity.java:32)
12-20 17:35:44.943 13042 13042 W System.err: 	at com.example.lsptest.MainActivity.onCreate(MainActivity.java:16)
12-20 17:35:44.943 13042 13042 W System.err: 	at android.app.Activity.performCreate(Activity.java:7023)
12-20 17:35:44.944 13042 13042 W System.err: 	at android.app.Activity.performCreate(Activity.java:7014)
12-20 17:35:44.944 13042 13042 W System.err: 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-20 17:35:44.945 13042 13042 W System.err: 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-20 17:35:44.945 13042 13042 W System.err: 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-20 17:35:44.945 13042 13042 W System.err: 	at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-20 17:35:44.946 13042 13042 W System.err: 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-20 17:35:44.946 13042 13042 W System.err: 	at android.os.Handler.dispatchMessage(Handler.java:106)
12-20 17:35:44.947 13042 13042 W System.err: 	at android.os.Looper.loop(Looper.java:164)
12-20 17:35:44.947 13042 13042 W System.err: 	at android.app.ActivityThread.main(ActivityThread.java:6542)
12-20 17:35:44.947 13042 13042 W System.err: 	at java.lang.reflect.Method.invoke(Native Method)
12-20 17:35:44.947 13042 13042 W System.err: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-20 17:35:44.947 13042 13042 W System.err: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-20 17:35:44.948 13042 13042 I MainActivity: test = -1
12-20 17:35:44.948 13042 13042 I MainActivity: before hook
12-20 17:35:44.952 13042 13042 W linker  : "/data/app/com.example.lsptest-Zpn1qdRg_PchPja5bP__tg==/lib/arm64/libc++_shared.so" unused DT entry: type 0x70000001 arg 0x0
12-20 17:35:44.966 13042 13042 D LSPlant : art_method.hpp:186#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod size: 48
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:240#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::declaring_class offset: 0
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:241#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::entrypoint offset: 40
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:242#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::data offset: 32
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:243#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::access_flags offset: 4
12-20 17:35:44.973 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE' not found in elf libart.so
12-20 17:35:44.976 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker14RegisterNativeEPNS_6ThreadEPNS_9ArtMethodEPKv' not found in elf libart.so
12-20 17:35:44.978 13042 13042 E LSPTestNative: Symbol '_ZN3art9ArtMethod14RegisterNativeEPKv' not found in elf libart.so
12-20 17:35:44.981 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker16UnregisterNativeEPNS_6ThreadEPNS_9ArtMethodE' not found in elf libart.so
12-20 17:35:44.985 13042 13042 E LSPTestNative: Symbol '_ZN3art6mirror5Class9SetStatusENS_6HandleIS1_EENS_11ClassStatusEPNS_6ThreadE' not found in elf libart.so
12-20 17:35:44.990 13042 13042 D LSPlant : runtime.hpp:75#static bool lsplant::art::Runtime::Init(const lsplant::HookHandler &): runtime instance = 0x7092abd600
12-20 17:35:44.991 13042 13042 D LSPTestNative: LSPlant-Init return true
12-20 17:35:45.005 13042 13042 V LSPlant : lsplant.cc:505#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Hooking: target = int com.example.lsptest.MainActivity.test()(0x7116ef7050), hook = int LSPHooker_.test()(0x7114c34160), backup = int LSPHooker_.backup()(0x7114c34130)
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:486#void *lsplant::(anonymous namespace)::GenerateTrampolineFor(art::ArtMethod *): trampoline: count = 0, address = 7115f4c000, target = 7115f4c000
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:512#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Generated trampoline 0x7115f4c000
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:528#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Done hook: target(0x7116ef7050:0x2080009) -> 0x7115f4c000; backup(0x7114c34130:0x2080009) -> 0x70927ff2b0; hook(0x7114c34160:0x2080009) -> 0x70927ff2b0
12-20 17:35:45.008 13042 13042 I MainActivity: backup = public static int LSPHooker_.test()
12-20 17:35:45.008 13042 13042 I MainActivity: after hook
12-20 17:35:45.008 13042 13042 W System.err: java.lang.Exception: Stack trace
12-20 17:35:45.009 13042 13042 W System.err: 	at java.lang.Thread.dumpStack(Thread.java:1348)
12-20 17:35:45.010 13042 13042 W System.err: 	at com.example.lsptest.MainActivity.test(MainActivity.java:32)
12-20 17:35:45.010 13042 13042 W System.err: 	at com.example.lsptest.MainActivity.onCreate(MainActivity.java:28)
12-20 17:35:45.011 13042 13042 W System.err: 	at android.app.Activity.performCreate(Activity.java:7023)
12-20 17:35:45.011 13042 13042 W System.err: 	at android.app.Activity.performCreate(Activity.java:7014)
12-20 17:35:45.012 13042 13042 W System.err: 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-20 17:35:45.012 13042 13042 W System.err: 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-20 17:35:45.013 13042 13042 W System.err: 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-20 17:35:45.014 13042 13042 W System.err: 	at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-20 17:35:45.014 13042 13042 W System.err: 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-20 17:35:45.015 13042 13042 W System.err: 	at android.os.Handler.dispatchMessage(Handler.java:106)
12-20 17:35:45.015 13042 13042 W System.err: 	at android.os.Looper.loop(Looper.java:164)
12-20 17:35:45.016 13042 13042 W System.err: 	at android.app.ActivityThread.main(ActivityThread.java:6542)
12-20 17:35:45.016 13042 13042 W System.err: 	at java.lang.reflect.Method.invoke(Native Method)
12-20 17:35:45.017 13042 13042 W System.err: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-20 17:35:45.017 13042 13042 W System.err: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-20 17:35:45.018 13042 13042 I MainActivity: test = -1
12-20 17:35:45.038 13042 13042 I SurfaceFactory: [static] sSurfaceFactory = com.mediatek.view.impl.SurfaceFactoryImpl@fc4b10e
12-20 17:35:45.050 13042 13042 D WindowClient: Add to mViews: DecorView@2f19ec5[MainActivity], this = [email protected]()=1
12-20 17:35:45.052 13042 13042 D OpenGLRenderer: Dumper init 2 threads <0x7087397b00>
12-20 17:35:45.053 13042 13042 D OpenGLRenderer: <com.example.lsptest> is running.
12-20 17:35:45.059 13042 13042 D ViewRootImpl[MainActivity]: hardware acceleration = true , fakeHwAccelerated = false, sRendererDisabled = false, forceHwAccelerated = false, sSystemRendererDisabled = false
12-20 17:35:45.066 13042 13042 V PhoneWindow: DecorView setVisiblity: visibility = 0, Parent = ViewRoot{522b74b com.example.lsptest/com.example.lsptest.MainActivity,ident = 0}, this = DecorView@2f19ec5[MainActivity]
12-20 17:35:45.112 13042 13042 D Surface : Surface::allocateBuffers(this=0x707cddd000)
12-20 17:35:45.112 13042 13042 W RenderThread: type=1400 audit(0.0:500): avc: denied { search } for name="clients" dev="debugfs" ino=7234 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs_ion:s0 tclass=dir permissive=0
12-20 17:35:45.126 13042 13069 I zygote64: android::hardware::configstore::V1_0::ISurfaceFlingerConfigs::hasWideColorDisplay retrieved: 0
12-20 17:35:45.127 13042 13069 I OpenGLRenderer: Initialized EGL, version 1.4
12-20 17:35:45.127 13042 13069 D OpenGLRenderer: Swap behavior 2
12-20 17:35:45.143 13042 13069 D OpenGLRenderer: [init] completed
12-20 17:35:45.143 13042 13069 D HWUIExtension: MTKProgramCache.init: enable enhancement 1
12-20 17:35:45.143 13042 13069 I HWUIExtension: Get disable program binary service property (0)
12-20 17:35:45.143 13042 13069 I HWUIExtension: Initializing program atlas...
12-20 17:35:45.144 13042 13069 I ProgramBinary/Service: ProgramBinaryService client side disable debugging.
12-20 17:35:45.145 13042 13069 I ProgramBinary/Service: ProgramBinaryService client side disable binary content debugging.
12-20 17:35:45.145 13042 13069 D ProgramBinary/Service: BpProgramBinaryService.getReady
12-20 17:35:45.145 13042 13069 D ProgramBinary/Service: zhiyin- 1 BpProgramBinaryService::getReady()
12-20 17:35:45.146 13042 13069 D ProgramBinary/Service: zhiyin- 2 BpProgramBinaryService::getReady()
12-20 17:35:45.146 13042 13069 D ProgramBinary/Service: BpProgramBinaryService.getProgramBinaryData
12-20 17:35:45.146 13042 13069 I HWUIExtension: Program binary detail: Binary length is 314660, program map length is 104.
12-20 17:35:45.147 13042 13069 I HWUIExtension: Succeeded to mmap program binaries. File descriptor is 66, and path is /dev/ashmem.
12-20 17:35:45.147 13042 13069 I HWUIExtension: No need to use file discriptor anymore, close fd(66).
12-20 17:35:45.147 13042 13069 D HWUIExtension: Dumper init 2 threads <0x707c294b00>
12-20 17:35:45.147 13042 13069 D HWUIExtension: <com.example.lsptest> is running.
12-20 17:35:45.148 13042 13069 D HWUIExtension: Initializing program cache from 0x0, size = -1
12-20 17:35:45.148 13042 13069 D Surface : Surface::connect(this=0x707cddd000,api=1)
12-20 17:35:45.173 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 0
12-20 17:35:45.174 13042 13069 D HWUIExtension: createProgram 0x0000000000000000, binary 0x708776f000, length 10736, format 37168 within 1056ns
12-20 17:35:45.183 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 240518168576
12-20 17:35:45.184 13042 13069 D HWUIExtension: createProgram 0x0000003800000000, binary 0x7087774661, length 11450, format 37168 within 720ns
12-20 17:35:45.189 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 562984313159683
12-20 17:35:45.190 13042 13069 D HWUIExtension: createProgram 0x0002000800000003, binary 0x7087782603, length 11471, format 37168 within 695ns
12-20 17:35:45.992 13042 13042 V PhoneWindow: DecorView setVisiblity: visibility = 4, Parent = ViewRoot{522b74b com.example.lsptest/com.example.lsptest.MainActivity,ident = 0}, this = DecorView@2f19ec5[MainActivity]
12-20 17:35:46.026 13042 13069 D Surface : Surface::disconnect(this=0x707cddd000,api=1)

Debugging crashes on pixel5 android13

Dumper process exited with status -11

B

Galaxy Z Flip3 5G android 13 not working bug

2022-12-07 15:46:36.227 26940-26940/com.test.hook E/LSPlant: Failed to find GetMethodShorty
2022-12-07 15:46:36.227 26940-26940/com.test.hook E/LSPlant: Failed to init art method
2022-12-07 15:46:36.229 26940-26940/com.test.hook A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 26940 (com.test.hook), pid 26940 (com.test.hook)
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Build fingerprint: 'samsung/b2qzcx/b2q:13/TP1A.220624.014/F7110ZCU2DVK8:user/release-keys'
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Revision: '5'
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: ABI: 'arm64'
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Processor: '7'
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Timestamp: 2022-12-07 15:46:36.278775130+0800
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Process uptime: 8s
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Cmdline: com.test.hook
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: pid: 26940, tid: 26940, name: com.test.hook >>> com.test.hook <<<
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: uid: 10260
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000000
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: Cause: null pointer dereference
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x0 0000000000000000 x1 0000000000000000 x2 000000716c4782c0 x3 0000006ffa0ba936
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x4 0000000000000000 x5 00000070bc485f58 x6 000000006f2b86e8 x7 000000006f2b85a8
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x8 0000000000000000 x9 b6e4b98efa77aec3 x10 0000007fcff145b0 x11 0000000000000002
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x12 0000000000008333 x13 000000006f2b8788 x14 0000006ffa804230 x15 0000000000000000
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x16 0000006fe52210f8 x17 00000072fa218a00 x18 000000730ebf6000 x19 0000000000000000
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x20 0000007fcff148c0 x21 0000000000000000 x22 0000006fe5226378 x23 0000006fe5226000
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x24 0000000010380002 x25 0000006fdf54a210 x26 0000007fcff1507c x27 0000007fcff15078
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: x28 0000007fcff14f90 x29 00000070bc468690
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: lr 0000006fe5214e6c sp 0000007fcff14820 pc 00000072fa218a10 pst 0000000080001000
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: backtrace:
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: #00 pc 000000000004ca10 /apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64+16) (BuildId: 784f720bdf1e7f57e231baa4c56d239c)
2022-12-07 15:46:36.476 28372-28372/? A/DEBUG: #1 pc 000000000000ce68 /data/app/~~MMf4nri1puKS9LAM8ViJEA==/com.test.hook-KQVyC2BmhQ0oo9z4z7SglQ==/lib/arm64/liblsplant.so (BuildId: 0279dfc9148c34e876c53f58e63fffa764df9eb8)
三星几个机型都是这问题，看样子是GetMethodShorty和method这两个导出函数没找到，别的机型不知道有没有这问题

Debug Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC) on Android 13 (RealmeGT 2 Pro)

My Reproduction steps：
The first time the application is opened, the hook is successful and taps on the blank screen are normal.
After killing the app and opening it again, the hook succeeds, but when i click on the blank screen and leave it for a minute or so, it suddenly crashes.

The test is for the latest Dec 25 code, please point me in the right direction, thanks!

2022-12-23 16:00:41.132 27001-27001/com.demo.thook A/libc: Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x717832f024 in tid 27001 (om.demo.thook), pid 27001 (om.demo.thook)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Process name is com.demo.thook, not key_process
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: keyProcess: 0
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Build fingerprint: 'realme/RMX3300/RE547F:13/SKQ1.220617.001/S.c61e13-1-458dc:user/release-keys'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Revision: '0'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: ABI: 'arm64'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Timestamp: 2022-12-23 16:00:41.188651293+0800
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Process uptime: 43s
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Cmdline: com.demo.thook
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: pid: 27001, tid: 27001, name: om.demo.thook  >>> com.demo.thook <<<
2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: uid: 10365
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x000000717832f024
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x0  b400007184430020  x1  0000007fd374e930  x2  0000000000000000  x3  2f4f626a6563743b
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x4  3b7463656a624f2f  x5  2f4f626a6563743b  x6  3b7463656a624f2f  x7  7f7f7f7f7f7f7f7f
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x8  0000007fd374e930  x9  000000717fecd000  x10 0000000000000000  x11 000000000000000c
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x12 0000000000000010  x13 0000000000000003  x14 0000007180247844  x15 0000000000000007
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x16 0000007182ca3360  x17 000000721275dec0  x18 0000007227ee4000  x19 00000000700f2ca8
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x20 0000007226fef000  x21 00000071806041e8  x22 0000007fd374e900  x23 0000007226fef000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x24 0000007180815000  x25 b400007184410800  x26 0000007180816000  x27 0000007226fef000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x28 000000005c000000  x29 0000007fd374e940
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     lr  000000718025e030  sp  0000007fd374e8f0  pc  000000717832f024  pst 0000000060001000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG: backtrace:
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #00 pc 0000000000000024  <anonymous:717832f000>
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #01 pc 000000000045e02c  /apex/com.android.art/lib64/libart.so (art::jni::JniIdManager::EncodeMethodId(art::ArtMethod*)+108) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #02 pc 00000000004cd1c4  /apex/com.android.art/lib64/libart.so (art::JNI<true>::GetMethodID(_JNIEnv*, _jclass*, char const*, char const*)+636) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #03 pc 00000000004490c4  /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::GetMethodIDInternal(char const*, _JNIEnv*, _jclass*, char const*, char const*, bool)+680) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #04 pc 000000000012e9e0  /system/lib64/libandroid_runtime.so (android::NativeInputEventReceiver::consumeEvents(_JNIEnv*, bool, long, bool*)+468) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #05 pc 000000000012e6e4  /system/lib64/libandroid_runtime.so (android::NativeInputEventReceiver::handleEvent(int, int, void*)+268) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #06 pc 0000000000018024  /system/lib64/libutils.so (android::Looper::pollInner(int)+1064) (BuildId: c6b04c835ef7be0565ae9fb9535f8ad7)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #07 pc 0000000000017b98  /system/lib64/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+116) (BuildId: c6b04c835ef7be0565ae9fb9535f8ad7)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #08 pc 00000000001655a8  /system/lib64/libandroid_runtime.so (android::android_os_MessageQueue_nativePollOnce(_JNIEnv*, _jobject*, long, int)+48) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #09 pc 00000000001d1094  /system/framework/arm64/boot-framework.oat (art_jni_trampoline+116) (BuildId: a20cbdd7b6fcc1874a3f964d32b8043ece204a32)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #10 pc 000000000020a910  /apex/com.android.art/lib64/libart.so (nterp_helper+5648) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #11 pc 00000000001f3b22  /system/framework/framework.jar (android.os.MessageQueue.next+34)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #12 pc 000000000020a254  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #13 pc 00000000001f2a04  /system/framework/framework.jar (android.os.Looper.loopOnce+12)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #14 pc 0000000000209334  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #15 pc 00000000001f32fe  /system/framework/framework.jar (android.os.Looper.loop+190)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #16 pc 0000000000209334  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #17 pc 00000000001ca72a  /system/framework/framework.jar (android.app.ActivityThread.main+262)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #18 pc 0000000000210c00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #19 pc 000000000027b4ac  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+240) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #20 pc 000000000061042c  /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1400) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #21 pc 000000000058ff48  /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #22 pc 00000000000a1148  /system/framework/arm64/boot.oat (art_jni_trampoline+120) (BuildId: 64b90e1946c4040a8fdd4e07387e0466a7c65f75)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #23 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #24 pc 0000000000417a0e  /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #25 pc 000000000087ede4  /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteInit.main+4212) (BuildId: a20cbdd7b6fcc1874a3f964d32b8043ece204a32)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #26 pc 0000000000210c00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #27 pc 000000000027b4ac  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+240) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #28 pc 0000000000610bb4  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+452) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #29 pc 00000000006110a0  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+96) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #30 pc 00000000004faaa8  /apex/com.android.art/lib64/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+600) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #31 pc 00000000000c0c04  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+124) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #32 pc 00000000000cd228  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+936) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #33 pc 0000000000002610  /system/bin/app_process64 (main+1464) (BuildId: 8198beb2d5e7f73418c12a4f1374ff9b)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #34 pc 0000000000075c7c  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+100) (BuildId: 59222d1015276d9a9031ee1ea28c0bcd)
2022-12-23 16:00:41.132 27001-27001/com.demo.thook A/libc: Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x717832f024 in tid 27001 (om.demo.thook), pid 27001 (om.demo.thook)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Process name is com.demo.thook, not key_process
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: keyProcess: 0
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Build fingerprint: 'realme/RMX3300/RE547F:13/SKQ1.220617.001/S.c61e13-1-458dc:user/release-keys'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Revision: '0'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: ABI: 'arm64'
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Timestamp: 2022-12-23 16:00:41.188651293+0800
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Process uptime: 43s
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: Cmdline: com.demo.thook
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: pid: 27001, tid: 27001, name: om.demo.thook  >>> com.demo.thook <<<
2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: uid: 10365
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x000000717832f024
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x0  b400007184430020  x1  0000007fd374e930  x2  0000000000000000  x3  2f4f626a6563743b
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x4  3b7463656a624f2f  x5  2f4f626a6563743b  x6  3b7463656a624f2f  x7  7f7f7f7f7f7f7f7f
        2022-12-23 16:00:41.342 27158-27158/? A/DEBUG:     x8  0000007fd374e930  x9  000000717fecd000  x10 0000000000000000  x11 000000000000000c
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x12 0000000000000010  x13 0000000000000003  x14 0000007180247844  x15 0000000000000007
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x16 0000007182ca3360  x17 000000721275dec0  x18 0000007227ee4000  x19 00000000700f2ca8
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x20 0000007226fef000  x21 00000071806041e8  x22 0000007fd374e900  x23 0000007226fef000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x24 0000007180815000  x25 b400007184410800  x26 0000007180816000  x27 0000007226fef000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     x28 000000005c000000  x29 0000007fd374e940
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:     lr  000000718025e030  sp  0000007fd374e8f0  pc  000000717832f024  pst 0000000060001000
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG: backtrace:
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #00 pc 0000000000000024  <anonymous:717832f000>
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #01 pc 000000000045e02c  /apex/com.android.art/lib64/libart.so (art::jni::JniIdManager::EncodeMethodId(art::ArtMethod*)+108) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #02 pc 00000000004cd1c4  /apex/com.android.art/lib64/libart.so (art::JNI<true>::GetMethodID(_JNIEnv*, _jclass*, char const*, char const*)+636) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #03 pc 00000000004490c4  /apex/com.android.art/lib64/libart.so (art::(anonymous namespace)::CheckJNI::GetMethodIDInternal(char const*, _JNIEnv*, _jclass*, char const*, char const*, bool)+680) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #04 pc 000000000012e9e0  /system/lib64/libandroid_runtime.so (android::NativeInputEventReceiver::consumeEvents(_JNIEnv*, bool, long, bool*)+468) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #05 pc 000000000012e6e4  /system/lib64/libandroid_runtime.so (android::NativeInputEventReceiver::handleEvent(int, int, void*)+268) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #06 pc 0000000000018024  /system/lib64/libutils.so (android::Looper::pollInner(int)+1064) (BuildId: c6b04c835ef7be0565ae9fb9535f8ad7)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #07 pc 0000000000017b98  /system/lib64/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+116) (BuildId: c6b04c835ef7be0565ae9fb9535f8ad7)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #08 pc 00000000001655a8  /system/lib64/libandroid_runtime.so (android::android_os_MessageQueue_nativePollOnce(_JNIEnv*, _jobject*, long, int)+48) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #09 pc 00000000001d1094  /system/framework/arm64/boot-framework.oat (art_jni_trampoline+116) (BuildId: a20cbdd7b6fcc1874a3f964d32b8043ece204a32)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #10 pc 000000000020a910  /apex/com.android.art/lib64/libart.so (nterp_helper+5648) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #11 pc 00000000001f3b22  /system/framework/framework.jar (android.os.MessageQueue.next+34)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #12 pc 000000000020a254  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #13 pc 00000000001f2a04  /system/framework/framework.jar (android.os.Looper.loopOnce+12)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #14 pc 0000000000209334  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #15 pc 00000000001f32fe  /system/framework/framework.jar (android.os.Looper.loop+190)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #16 pc 0000000000209334  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #17 pc 00000000001ca72a  /system/framework/framework.jar (android.app.ActivityThread.main+262)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #18 pc 0000000000210c00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #19 pc 000000000027b4ac  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+240) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #20 pc 000000000061042c  /apex/com.android.art/lib64/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1400) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #21 pc 000000000058ff48  /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #22 pc 00000000000a1148  /system/framework/arm64/boot.oat (art_jni_trampoline+120) (BuildId: 64b90e1946c4040a8fdd4e07387e0466a7c65f75)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #23 pc 000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #24 pc 0000000000417a0e  /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #25 pc 000000000087ede4  /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteInit.main+4212) (BuildId: a20cbdd7b6fcc1874a3f964d32b8043ece204a32)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #26 pc 0000000000210c00  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+576) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #27 pc 000000000027b4ac  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+240) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #28 pc 0000000000610bb4  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+452) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #29 pc 00000000006110a0  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+96) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #30 pc 00000000004faaa8  /apex/com.android.art/lib64/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+600) (BuildId: 92658024bf7788a87bc9a27e03d6a499)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #31 pc 00000000000c0c04  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+124) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #32 pc 00000000000cd228  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+936) (BuildId: 39023390ba25abcc16f4d8ad93112d56)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #33 pc 0000000000002610  /system/bin/app_process64 (main+1464) (BuildId: 8198beb2d5e7f73418c12a4f1374ff9b)
        2022-12-23 16:00:41.343 27158-27158/? A/DEBUG:       #34 pc 0000000000075c7c  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+100) (BuildId: 59222d1015276d9a9031ee1ea28c0bcd)

LSPlant crashes on Init in zygote with magisk module

I build simple module to reproduce this: https://github.com/miuirussia/PlayIntegrityFix (see https://github.com/miuirussia/PlayIntegrityFix/blob/main/app/src/main/cpp/module.cpp), use ./gradlew clean build to test. Maybe I'm doing something wrong?

01-05 13:19:07.610  3244  3244 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-05 13:19:07.610  3244  3244 F DEBUG   : Build fingerprint: 'Xiaomi/shennong/shennong:14/UKQ1.230804.001/V816.0.23.12.26.DEV:user/release-keys'
01-05 13:19:07.610  3244  3244 F DEBUG   : Revision: '0'
01-05 13:19:07.610  3244  3244 F DEBUG   : ABI: 'arm64'
01-05 13:19:07.610  3244  3244 F DEBUG   : Timestamp: 2024-01-05 13:19:07.525450362+0300
01-05 13:19:07.610  3244  3244 F DEBUG   : Process uptime: 1s
01-05 13:19:07.610  3244  3244 F DEBUG   : ZygotePid: 4950
01-05 13:19:07.611  3244  3244 F DEBUG   : Cmdline: zygote64
01-05 13:19:07.611  3244  3244 F DEBUG   : pid: 3228, tid: 3228, name: system_server  >>> zygote64 <<<
01-05 13:19:07.611  3244  3244 F DEBUG   : uid: 1000
01-05 13:19:07.611  3244  3244 F DEBUG   : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
01-05 13:19:07.611  3244  3244 F DEBUG   : pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY)
01-05 13:19:07.611  3244  3244 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x00000079a7e01bf4
01-05 13:19:07.611  3244  3244 F DEBUG   :     x0  0000000012c0b0b0  x1  0000007fe41f73b0  x2  0000000000000001  x3  0000000000000006
01-05 13:19:07.611  3244  3244 F DEBUG   :     x4  00000079104ccadb  x5  b4000078ecde7461  x6  0000000000000020  x7  6465766c6f736552
01-05 13:19:07.611  3244  3244 F DEBUG   :     x8  b4000078f127caa0  x9  000000000000ffff  x10 00000079a7dc1bf8  x11 b4000078ecde7460
01-05 13:19:07.611  3244  3244 F DEBUG   :     x12 0000000000000010  x13 0000000000000060  x14 0000000000000000  x15 0000000000200000
01-05 13:19:07.611  3244  3244 F DEBUG   :     x16 0000007910c0f688  x17 00000079a3128d00  x18 00000079bd81a000  x19 0000007fe41f73b0
01-05 13:19:07.611  3244  3244 F DEBUG   :     x20 0000000000000000  x21 00000079bd390000  x22 b400007916ece540  x23 0000007fe41f7391
01-05 13:19:07.611  3244  3244 F DEBUG   :     x24 00000079104bfcb4  x25 00000079104a40d7  x26 00000079104c46c8  x27 00000079104a4ee5
01-05 13:19:07.611  3244  3244 F DEBUG   :     x28 00000079104c6374  x29 0000007fe41f7360
01-05 13:19:07.611  3244  3244 F DEBUG   :     lr  006a3c791093b36c  sp  0000007fe41f7320  pc  00000079109392c8  pst 0000000040001000
01-05 13:19:07.611  3244  3244 F DEBUG   : 3 total frames
01-05 13:19:07.611  3244  3244 F DEBUG   : backtrace:
01-05 13:19:07.611  3244  3244 F DEBUG   :       #00 pc 00000000005392c8  /apex/com.android.art/lib64/libart.so (art::mirror::Class::GetDescriptor(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)+260) (BuildId: 096b65f75fd6940ab855d0160a2d68f3)
01-05 13:19:07.611  3244  3244 F DEBUG   :       #01 pc 000000000053b368  /apex/com.android.art/lib64/libart.so (art::mirror::Class::SetStatus(art::Handle<art::mirror::Class>, art::ClassStatus, art::Thread*)+2388) (BuildId: 096b65f75fd6940ab855d0160a2d68f3)
01-05 13:19:07.611  3244  3244 F DEBUG   :       #02 pc b400007916ece540  <unknown>

Please, publish lsparself as it needed to recursive clone this repo

lsplant may be a mark

My lsposed module, when choosing some software with "shell", found that it would crash. After analysis, the possible reason is that the Lsplant mark was found, because my module can not import & lt;lsplant.h>, so there is no good way to solve this problem.
For some strings with marks, I think you can set it up using random strings.

Yes

Crash on all 32bit Unisoc & JLQ Android Go devices

Both test cases and app with lsplant initializer were crashed on start up.
e.g. POCO C40 / Nokia C2
Logs may looks like these:

2023-06-16 20:32:56.884 10343-10365/? A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xb22018a8 in tid 10365 (pool-2-thread-1), pid 10343 (com.whatsapp)
2023-06-16 20:32:56.946 10368-10368/? I/crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2023-06-16 20:32:56.946 358-358/? I//system/bin/tombstoned: received crash request for pid 10365
2023-06-16 20:32:56.950 10368-10368/? I/crash_dump32: performing dump of process 10343 (target tid = 10365)
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: Native Crash TIME: 75389841
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: Build fingerprint: 'PSZ/alsgs8990_io09/alsgs8990_io09_go:9/PPR1.180610.011/372:user/release-keys'
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: Revision: '0'
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: ABI: 'arm'
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: pid: 10343, tid: 10365, name: pool-2-thread-1  >>> com.whatsapp <<<
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xb22018a8
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG:     r0  b22018a8  r1  4731a6b1  r2  9c20e2b2  r3  0000001a
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG:     r4  9c225954  r5  9bd806f0  r6  0000001c  r7  9c20ea87
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG:     r8  aa25d700  r9  9c225ac8  r10 aa25d700  r11 9c225b40
2023-06-16 20:32:56.974 10368-10368/? A/DEBUG:     ip  b22018a8  sp  9bd7f498  lr  b2aedaa7  pc  9c21230c
2023-06-16 20:32:56.975 10368-10368/? A/DEBUG: backtrace:
2023-06-16 20:32:56.975 10368-10368/? A/DEBUG:     #00 pc 0000630c  /data/app/com.whatsapp-DIUPK6U6RRcSp-EVXuCxBA==/lib/arm/liblsplant.so (lsplant::v2::Init(_JNIEnv*, lsplant::v2::InitInfo const&)+3952)