modify PLT to hook api, supported android 5\6.
这份ElfHook的代码参考boyliang的AllHookInOne, 修复AllHookInOne的 ElfHook中的一些问题,同时也解决我们项目中遇到的一些问题。
NOT DT_HAST in .dynmaic section,but .gun.hash instead.
NOT DTREL and DTRELSZ in .dynmaic section, but DTANDROIDREL and DTANDROIDRELSZ instead.
计算动态库加载的baseaddr是错误的,应该使用biasaddr来计算出ehdr、phdr和shdr之外的所有地址。
替换函数时,修改page的读写权限时,在SEAndroid上PROTEXEC和PROTWRITE同时设置可能会导致异常,
after hook "dlopen" function, how to get base_addr from return value of old dlopen in new dlopen function.
support aarch64 (arm64-v8a)
ref:
AllHookInOne : [https://github.com/boyliang/AllHookInOne.git]
AllHookInOne说明 : [http://bbs.pediy.com/showthread.php?p=1328038]
bionic : [https://android.googlesource.com/platform/bionic]
export -p PATH=$PATH:$ANDROID_NDK
make
make clean
make install # copy libElfHook.so to jniLibs dir in Demo.
ndk-build NDKPROJECTPATH=. NDKOUT=./objs NDKLIBSOUT=./bin APPBUILDSCRIPT=./Android.mk APPPLATFORM=android-23 APPABI=arm64-v8a,armeabi-v7a APPSTL=stlport_static
elfmodule is a shared library or executable, elfhooker is wrapper of hook function.
phrase /proc/self/maps to create all elf modules have been loadded
print all elf moudle's info, base addr and full path.
set a callback function, which would be invoked before hooked. if it return false, prehook_cb function like this:
bool prehookcb(const char* modulename, const char* func_name);
module_name: the full filename of shared library or executable.
func_name: function name would be hooked.
hook a function of all the modules, MUST call phraseprocmaps() before hookallmodules()
func_name: the name of function that will be hooked.
pfn_new: new function pointer
ppfnold: return raw function pointer, ppfnold MUST NOT be NULL
hook a function of a single module.
module: pointer of elf_module.
other parameters is the same as hookallmodules()