ByteHook v1.0.9

Announcements

1. Compatible with Android 14 (API level 34).

Bugs fixed

1. Fix the bug that can only hook ELF files with .so suffix.

In previous versions, it was limited to hooking only ELF files with the .so suffix. This restriction is now removed.

2. Fixed a bug that caused the arm64 MTE mechanism to fail.

The crash protection mechanism of bytehook registers the signal handler of sigsegv and sigbus, but SA_EXPOSE_TAGBITS was not added in previous versions. Because the signal handler of bytehook will be executed before the art sigchain, the tag bits in the address will be lost, which will lead to the failure of the MTE mechanism.

Improve

1. Optimized the signal stack memory usage issue of the crash protection mechanism.

In previous versions, bytehook's signal handler would occupy some signal stack memory (64 bytes for arm32 and 128 bytes for arm64). After optimization, the signal stack memory will not be occupied.

Since the Android signal stack memory space is very limited (depending on the Android version and CPU architecture, each thread is approximately between 8KB and 32KB), the additional occupation of the signal stack memory space can easily aggravate the risk of signal stack overflow.

公告

1. 兼容 Android 14 (API level 34)。

Bugs 修复

1. 修复只能 hook .so 后缀的 ELF 文件的 bug。

在之前的版本中，限制了只能 hook .so 后缀的 ELF 文件。现在去掉了这个限制。

2. 修复了一个导致 arm64 MTE 机制失效的 bug。

bytehook 的崩溃保护机制注册了 sigsegv 和 sigbus 的信号处理函数，但是在之前的版本中没有添加 SA_EXPOSE_TAGBITS。因为 bytehook 的信号处理函数会比 art sigchain 的先执行，于是导致了地址中 tag bits 丢失，进而导致 MTE 机制失效。

改进

1. 优化了崩溃保护机制的信号栈内存占用问题。

在之前的版本中，bytehook 的信号处理函数会占用一些信号栈内存（arm32 为 64 字节，arm64 为 128 字节）。优化后不会占用信号栈内存。

由于 Android 信号栈内存空间十分有限（根据 Android 版本和 CPU 架构不同，每个线程大约在 8KB 到 32 KB 之间），所以对信号栈内存空间的额外占用，很容易加剧信号栈溢出的风险。