Ejemplo n.º 1
0
int main(int argc, char** argv) {
	
	if (argc < 2) 
	{
		printf("usage: %s <libpath>\n", strrchr(argv[0], '/') + 1);
		exit(0);
	}
	
	/*
	 * find PIDs of target processes
	 */
	pid_t sys_svr_pid 	= find_pid_of(proc_sys_svr);
	pid_t med_svr_pid 	= find_pid_of(proc_med_svr);
	pid_t phone_pid 	= find_pid_of(proc_phone);
	
	printf("[+] system_server       : %d\n", sys_svr_pid);
	printf("[+] mediaserver         : %d\n", med_svr_pid);
	printf("[+] com.android.phone   : %d\n", phone_pid);
	
	char *path = argv[1];
	char *param = "";
	
	/*
	 * inject into target processes
	 */
	inject_remote_process( sys_svr_pid, path, "so_entry", param, strlen(param) );
	inject_remote_process( med_svr_pid, path, "so_entry", param, strlen(param) );
	inject_remote_process( phone_pid,   path, "so_entry", param, strlen(param) );
		
	exit(0);
}
Ejemplo n.º 2
0
int main(int argc, char** argv) {
    char* module_name = "com.android.settings";
    char* apk_path = "/data/inject.apk";
    int hello = 0;
    if (argc == 2) {
        module_name = argv[1];
    } else if (argc == 3) {
        module_name = argv[1];
        apk_path = argv[2];
    } else if (argc == 4) {
        module_name = argv[1];
        apk_path = argv[2];
        hello = argv[3][0] - '0';
    }

    pid_t target_pid;
    target_pid = find_pid_of(module_name);
    if (-1 == target_pid) {
        printf("Can't find the process\n");
        return -1;
    }
    LOGD("================= start =================");
    LOGD("inject apk path: %s", apk_path);
    if (hello == 0) {
        DEBUG_PRINT("[+] inject /data/libimportdex.so, hello=%d", hello);
        inject_remote_process(target_pid, "/data/libimportdex.so", "callback", apk_path, strlen(apk_path));
    } else {
        DEBUG_PRINT("[+] inject /data/libhello.so, hello=%d", hello);
        inject_remote_process(target_pid, "/data/libhello.so", "hook_entry", apk_path, strlen(apk_path));
    }
    LOGD("=================  end  =================");
    return 0;
}
Ejemplo n.º 3
0
int main(int argc, char** argv) {
    char * libs = DEFAULT_LIBS;
    char * entry = DEFAULT_ENTRY;
    char * target = DEFAULT_TARGET;
    pid_t target_pid = 0;
    switch(argc) {
    case 1:
        Usage(argv[0]);
        return 0;
    case 4:
        target_pid = atoi(argv[3]);
        if(target_pid == 0) {
            target = argv[3];
        }
    case 3:
        entry = argv[2];
    case 2:
        libs = argv[1];
    }
    if(target_pid == 0) {
        target_pid = find_pid_of(target);
    }
    if (-1 == target_pid) {
        printf("[E]Can't find the process %s\n", target);
        return -1;
    }

    inject_remote_process(target_pid, libs, entry,  "I'm parameter!", strlen("I'm parameter!"));
    return 0;
}
Ejemplo n.º 4
0
int main(int argc, char** argv) {
	pid_t target_pid;
	target_pid = find_pid_of("system_server");
	if(inject_remote_process(target_pid, "/system/lib/libtest.so", "java_hook_test", "I'm parameter!", strlen("I'm parameter!")) == 0)
		LOGV("inject success");
	else
		LOGV("inject wrong");
	return 0;
}
Ejemplo n.º 5
0
int main(int argc, char** argv) {
    pid_t target_pid;
    target_pid = find_pid_of(argv[1]);
    if (-1 == target_pid) {
        printf("Can't find the process\n");
        return -1;
    }
    //target_pid = find_pid_of("/data/test");
    inject_remote_process(target_pid, "/system/lib/libtest.so", "hook_entry",  "I'm parameter!", strlen("I'm parameter!"));
    return 0;
}
Ejemplo n.º 6
0
int main(int argc, char** argv) {

	DEBUG_PRINT( "[+] main start");

	// 找到要注入的进程 /system/bin/servicemanager
	pid_t target_pid;

	target_pid = find_pid_of("/system/bin/servicemanager");

	// 注入已经准备好的libinjectso.so
	inject_remote_process( target_pid, "/sdcard/libinjectso.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!") );

	DEBUG_PRINT( "[+] main end");
}
Ejemplo n.º 7
0
int main( int argc, char** argv )
{
    int target_pid;
    char *libpath;

    const char *pname = strrchr( argv[0], '/' ) + 1;
    if (argc < 2)
        print_usage(pname, 1);

    int next_opt;
    const char *short_opts = "hp:l:";
    const struct option long_opts[] = {
        {"help",    0, NULL, 'h'},
        {"pid",     1, NULL, 'p'},
        {"libpath", 1, NULL, 'l'},
        {NULL,      0, NULL,  0 }
    };

    do
    {
        next_opt = getopt_long( argc, argv, short_opts, long_opts, NULL );
        switch ( next_opt )
        {
            case 'h':
                print_usage( pname, 0 );
            case 'p':
                target_pid = atoi( optarg );
                break;
            case 'l':
                libpath = optarg;
                break;
            case '?':
                printf("\n");
                print_usage( pname, 1 );
            case -1:
                break;
            default:
                ;
        }
    } while ( next_opt != -1 );

    char *param = "";

    inject_remote_process( target_pid, libpath, "hook_entry", param, strlen(param) );

    return 0;
}
Ejemplo n.º 8
0
int main(int argc, char* argv[])
{
	int pid;
	char *param = NULL;
	int param_size = 0;
	if(argc<4)
		printf("usage:ppinject pid path func [param]\n");
	else
	{
		if(argc == 5)
			param = strlen(param)+1;
		pid = atoi(argv[1]);
		inject_remote_process(pid,argv[2],argv[3],param,param_size);
	}
	//inject_remote_process(pid,"/data/local/tmp/libppdvm.so","HookJdwpProcessRequest",NULL,NULL);
	return 0;
}
Ejemplo n.º 9
0
int main(int argc, char* argv[]) {
    pid_t target_pid;
    // 通过指定目标进程名(即可执行文件名)完成注入
    /* target_pid = find_pid_of("//system/bin/surfaceflinger");
    if (-1 == target_pid) {
        printf("Can't find the process\n");
        return -1;
    }
    */

    // 通过指定进程号完成注入
    if (argc == 0) {
    	printf("Please input the pid!");
    	exit(-1);
    } else
    	target_pid = atoi(argv[1]);

    // 将位于library_path的动态链接库的function_name注入到target_pid并执行
    const char *library_path = "/data/local/tmp/libhello.so";
    const char *function_name = "hook_entry";
    const char *function_parameters = "I'm parameter!";
    inject_remote_process(target_pid, library_path, function_name, function_parameters, strlen(function_parameters));
    return 0;
}