KernelSU icon indicating copy to clipboard operation
KernelSU copied to clipboard

Additional instruction when using kprobes

Open pascua28 opened this issue 2 years ago • 0 comments

Hi! I noticed that on the instructions page, you mentioned something about kprobes not properly working on some kernels. However, the issue might not be the kprobes implementation itself as most OEMs do not even touch that code. Most of the kernels I inspected do not have some of the functions probed by kernelsu.

These functions include: __do_execve_file(), do_execveat_common() and input_handle_event().

While kallsyms can be used for this, it might complicate the code a bit. Exporting them via EXPORT_SYMBOL_GPL() instead makes them visible to kprobes_register().

This can be confirmed by running this command: cat /sys/kernel/debug/kprobes/list

pascua28 avatar Jul 14 '23 08:07 pascua28