Skip to content

Fix Process.enumerateModules() under x86(-64) arch. #1079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Redbeanw44602 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix Process.enumerateModules() under x86(-64) arch. #1079

Redbeanw44602 wants to merge 3 commits into from

Conversation

@Redbeanw44602
Copy link

@Redbeanw44602 Redbeanw44602 commented Dec 21, 2025
edited
Loading

Fix: frida/frida#3582; May be related? #392

In short, the rtld_db_dlactivity on x64 is shorter, only one byte.

(lldb) disassemble -s 0x7f2b2d374140 -c 10
0x7f2b2d374140: retq
0x7f2b2d374141: int3   
0x7f2b2d374142: int3   
0x7f2b2d374143: int3   
0x7f2b2d374144: int3   
0x7f2b2d374145: int3   
0x7f2b2d374145: int3   
0x7f2b2d374146: int3   
0x7f2b2d374147: int3   
0x7f2b2d374148: int3

Unfortunately, the interceptor has issues handling short functions; investigations suggest it requires at least 5 bytes.

I'm unsure if the interceptor‘s arm64 backend also has this problem. I disassembled the linker64 on the phone and found the function is 8 bytes long, potentially avoiding the issue.

.text:00000000000F06E4                   ; void _dl_rtld_db_dlactivity()
.text:00000000000F06E4                                   EXPORT __dl_rtld_db_dlactivity
.text:00000000000F06E4                   __dl_rtld_db_dlactivity                 ; CODE XREF: __dl_notify_gdb_of_load+38↑p
.text:00000000000F06E4                                                           ; __dl_notify_gdb_of_load+60↑p ...
.text:00000000000F06E4                   ; __unwind {
.text:00000000000F06E4 5F 24 03 D5                       BTI             c
.text:00000000000F06E8 C0 03 5F D6                       RET
.text:00000000000F06E8                   ; } // starts at F06E4

The patch attempts to resolve the problem using the aligned bytes after the function; generally, overwriting them is safe.

Additionally, I added error logging to the gum_hook_rtld_notifier; I believe errors shouldn't be ignored here, as they complicate troubleshooting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dynamically loaded library missing in exported modules on android x86

1 participant

@Redbeanw44602