shadowhook_hook_sym_name of __system_property_read_callback broken on Android 14 QPR2 Betas #53
Description
ShadowHook Version
1.0.8
Android OS Version
14.0 QPR2
Android ABIs
armeabi-v7a, arm64-v8a
Device Manufacturers and Models
Google Pixel Fold, and others
Describe the Bug
The following code is working well on Android 14, but it fails to find the handle (handle == nullptr) starting on the Android 14 QPR2 Betas. My tester is currently on QPR2 Beta 1.1.
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
static std::map<void *, T_Callback> callbacks;
static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
static void my_system_property_read_callback(const prop_info *pi, T_Callback callback, void *cookie) {
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
return o_system_property_read_callback(pi, callback, cookie);
}
callbacks[cookie] = callback;
return o_system_property_read_callback(pi, modify_callback, cookie);
}
static void doHook() {
shadowhook_init(SHADOWHOOK_MODE_UNIQUE, false);
void *handle = shadowhook_hook_sym_name(
"libc.so",
"__system_property_read_callback",
reinterpret_cast<void *>(my_system_property_read_callback),
reinterpret_cast<void **>(&o_system_property_read_callback)
);
if (handle == nullptr) {
LOGD("Couldn't find '__system_property_read_callback' handle");
return;
}
LOGD("Found '__system_property_read_callback' handle at %p", handle);
}
To be honest I've inherited this part of the code so I'm still learning about hooking and such, but it does seem to be a new issue from QPR2, and I'm told Dobby remains working for the same hook on a different fork, so hopefully that might give you some ideas! 🙂
My project's full ShadowHook use code is here:
https://github.com/osm0sis/PlayIntegrityFork/blob/802c0a7617a623ac1f028f1a41368536629bce65/app/src/main/cpp/main.cpp