GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → asLody → Elfhook

asLody / Elfhook

modify PLT to hook api, supported android 5\6.

Labels

androidhookelf

Projects that are alternatives of or similar to Elfhook

Fbhookfork
从 fb 的 profilo 项目里提取出来的hook 库,自己用
Stars: ✭ 98 (-51.49%)
Mutual labels:  hook, elf
AndroidGotHook
GOT Hook implemented in Android
Stars: ✭ 63 (-68.81%)
Mutual labels:  hook, elf
Xhook
🔥 A PLT hook library for Android native ELF.
Stars: ✭ 2,996 (+1383.17%)
Mutual labels:  hook, elf
Elfhooker
兼容Android 32位和64位。基于EFL文件格式Hook的demo,hook了SurfaceFlinger进程的eglSwapBuffers函数,替换为new_eglSwapBuffers
Stars: ✭ 138 (-31.68%)
Mutual labels:  hook, elf
Fre
👻 Tiny Footprint Concurrent UI library for Fiber.
Stars: ✭ 3,195 (+1481.68%)
Mutual labels:  hook
Dobby
a lightweight, multi-platform, multi-architecture hook framework.
Stars: ✭ 2,550 (+1162.38%)
Mutual labels:  hook
Elf Parser
Lightweight elf binary parser with no external dependencies - Sections, Symbols, Relocations, Segments
Stars: ✭ 172 (-14.85%)
Mutual labels:  elf
Mandibule
linux elf injector for x86 x86_64 arm arm64
Stars: ✭ 171 (-15.35%)
Mutual labels:  elf
Lief
Authors
Stars: ✭ 2,730 (+1251.49%)
Mutual labels:  elf
Simple Git Hooks
A simple git hooks manager for small projects
Stars: ✭ 179 (-11.39%)
Mutual labels:  hook
Ios Monitor Platform
📚 iOS 性能监控 SDK —— Wedjat(华狄特)开发过程的调研和整理
Stars: ✭ 2,316 (+1046.53%)
Mutual labels:  hook
Elfkit
rust elf parsing, manipulation and (re)linking toolkit
Stars: ✭ 180 (-10.89%)
Mutual labels:  elf
Ocmethodtrace
Trace Any Objective-C Method Calls
Stars: ✭ 194 (-3.96%)
Mutual labels:  hook
Useworker
⚛️ useWorker() - A React Hook for Blocking-Free Background Tasks
Stars: ✭ 2,233 (+1005.45%)
Mutual labels:  hook
Wmi Static Spoofer
Spoofing the Windows 10 HDD/diskdrive serialnumber from kernel without hooking
Stars: ✭ 199 (-1.49%)
Mutual labels:  hook
React Nprogress
⌛️ A React primitive for building slim progress bars.
Stars: ✭ 173 (-14.36%)
Mutual labels:  hook
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS.
Stars: ✭ 2,982 (+1376.24%)
Mutual labels:  elf
Holodec
Decompiler for x86 and x86-64 ELF binaries
Stars: ✭ 195 (-3.47%)
Mutual labels:  elf
Checksec.py
Checksec tool in Python, Rich output. Based on LIEF
Stars: ✭ 188 (-6.93%)
Mutual labels:  elf
Faerie
Magical ELF and Mach-o object file writer backend
Stars: ✭ 187 (-7.43%)
Mutual labels:  elf
View All Similar Projects ➔

0x01 Brief About ElfHook

  这份ElfHook的代码参考boyliang的AllHookInOne, 修复AllHookInOne的 ElfHook中的一些问题,同时也解决我们项目中遇到的一些问题。

  • NOT DT_HAST in .dynmaic section,but .gun.hash instead.

  • NOT DT_REL and DT_RELSZ in .dynmaic section, but DT_ANDROID_REL and DT_ANDROID_RELSZ instead.

  • 计算动态库加载的base_addr是错误的,应该使用bias_addr来计算出ehdr、phdr和shdr之外的所有地址。

  • 替换函数时,修改page的读写权限时,在SEAndroid上PROT_EXEC和PROT_WRITE同时设置可能会导致异常,

  • after hook "dlopen" function, how to get base_addr from return value of old dlopen in new dlopen function.

  • support aarch64 (arm64-v8a)

ref:

 AllHookInOne : [https://github.com/boyliang/AllHookInOne.git]

 AllHookInOne说明 : [http://bbs.pediy.com/showthread.php?p=1328038]

 bionic : [https://android.googlesource.com/platform/bionic]

0x02 How To Build

Export android ndk path

export -p PATH=$PATH:$ANDROID_NDK

Build

make

make clean

make install # copy libElfHook.so to jniLibs dir in Demo.

or

ndk-build NDK_PROJECT_PATH=. NDK_OUT=./objs NDK_LIBS_OUT=./bin APP_BUILD_SCRIPT=./Android.mk APP_PLATFORM=android-23 APP_ABI=arm64-v8a,armeabi-v7a APP_STL=stlport_static

0x03 How To Use

elf_module is a shared library or executable, elf_hooker is wrapper of hook function.

  • bool elf_hooker::phrase_proc_maps()

phrase /proc/self/maps to create all elf modules have been loadded

  • void elf_hooker::dump_module_list()

print all elf moudle's info, base addr and full path.

  • void elf_hooker::set_prehook_cb( prehook_cb ):

set a callback function, which would be invoked before hooked. if it return false, prehook_cb function like this:

bool prehook_cb(const char* module_name, const char* func_name);

 module_name: the full filename of shared library or executable.

 func_name: function name would be hooked.

  • void elf_hooker::hook_all_modules(const char *func_name, void *pfn_new, void** ppfn_old)

hook a function of all the modules, MUST call phrase_proc_maps() before hook_all_modules()

 func_name: the name of function that will be hooked.

 pfn_new: new function pointer

 ppfn_old: return raw function pointer, ppfn_old MUST NOT be NULL

  • bool elf_hooker::hook(elf_module *module, const char* func_name, void *pfn_new, void **ppfn_old)

hook a function of a single module.

 module: pointer of elf_module.

 other parameters is the same as hook_all_modules()

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].