int main(int argc, char** argv) { if (argc < 2) { printf("usage: %s <libpath>\n", strrchr(argv[0], '/') + 1); exit(0); } /* * find PIDs of target processes */ pid_t sys_svr_pid = find_pid_of(proc_sys_svr); pid_t med_svr_pid = find_pid_of(proc_med_svr); pid_t phone_pid = find_pid_of(proc_phone); printf("[+] system_server : %d\n", sys_svr_pid); printf("[+] mediaserver : %d\n", med_svr_pid); printf("[+] com.android.phone : %d\n", phone_pid); char *path = argv[1]; char *param = ""; /* * inject into target processes */ inject_remote_process( sys_svr_pid, path, "so_entry", param, strlen(param) ); inject_remote_process( med_svr_pid, path, "so_entry", param, strlen(param) ); inject_remote_process( phone_pid, path, "so_entry", param, strlen(param) ); exit(0); }
int main(int argc, char** argv) { char * libs = DEFAULT_LIBS; char * entry = DEFAULT_ENTRY; char * target = DEFAULT_TARGET; pid_t target_pid = 0; switch(argc) { case 1: Usage(argv[0]); return 0; case 4: target_pid = atoi(argv[3]); if(target_pid == 0) { target = argv[3]; } case 3: entry = argv[2]; case 2: libs = argv[1]; } if(target_pid == 0) { target_pid = find_pid_of(target); } if (-1 == target_pid) { printf("[E]Can't find the process %s\n", target); return -1; } inject_remote_process(target_pid, libs, entry, "I'm parameter!", strlen("I'm parameter!")); return 0; }
int main(int argc, char** argv) { char* module_name = "com.android.settings"; char* apk_path = "/data/inject.apk"; int hello = 0; if (argc == 2) { module_name = argv[1]; } else if (argc == 3) { module_name = argv[1]; apk_path = argv[2]; } else if (argc == 4) { module_name = argv[1]; apk_path = argv[2]; hello = argv[3][0] - '0'; } pid_t target_pid; target_pid = find_pid_of(module_name); if (-1 == target_pid) { printf("Can't find the process\n"); return -1; } LOGD("================= start ================="); LOGD("inject apk path: %s", apk_path); if (hello == 0) { DEBUG_PRINT("[+] inject /data/libimportdex.so, hello=%d", hello); inject_remote_process(target_pid, "/data/libimportdex.so", "callback", apk_path, strlen(apk_path)); } else { DEBUG_PRINT("[+] inject /data/libhello.so, hello=%d", hello); inject_remote_process(target_pid, "/data/libhello.so", "hook_entry", apk_path, strlen(apk_path)); } LOGD("================= end ================="); return 0; }
int main(int argc, char** argv) { pid_t target_pid; target_pid = find_pid_of("system_server"); if(inject_remote_process(target_pid, "/system/lib/libtest.so", "java_hook_test", "I'm parameter!", strlen("I'm parameter!")) == 0) LOGV("inject success"); else LOGV("inject wrong"); return 0; }
int main(int argc, char** argv) { pid_t target_pid; target_pid = find_pid_of(argv[1]); if (-1 == target_pid) { printf("Can't find the process\n"); return -1; } //target_pid = find_pid_of("/data/test"); inject_remote_process(target_pid, "/system/lib/libtest.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!")); return 0; }
int main(int argc, char** argv) { int i =0; int target_pid = -1; char *pid_name = NULL; target_pid = find_pid_of("system_server"); if(target_pid == -1){ LOGD("Can not find target process."); return -1; } inject(target_pid, "system/lib/libpayload.so", "hook_entry", "hello world", 3); }
int main(int argc, char** argv) { DEBUG_PRINT( "[+] main start"); // 找到要注入的进程 /system/bin/servicemanager pid_t target_pid; target_pid = find_pid_of("/system/bin/servicemanager"); // 注入已经准备好的libinjectso.so inject_remote_process( target_pid, "/sdcard/libinjectso.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!") ); DEBUG_PRINT( "[+] main end"); }
//NOTE .inject process_name system_server int main(int argc, char** argv) { int i =0; int target_pid = -1; char *pid_name = NULL; if (argc > 1){ for(i=1; i < argc; i++){ pid_name = argv[i]; target_pid = find_pid_of(pid_name); if (-1 == target_pid) { printf("Can't find the process: %s\n", pid_name); } else { //inject(target_pid, "/data/libjavapayload.so", "hook_entry", pid_name, strlen(pid_name)); inject(target_pid, "/data/libpayload.so", "hook_entry", pid_name, strlen(pid_name)); } } } else { printf("Please input the process name: %s\n", pid_name); } /* printf("Press enter to restore\n"); getchar(); if (argc > 1){ for(i=1; i < argc; i++){ pid_name = argv[i]; target_pid = find_pid_of(pid_name); if (-1 == target_pid) { printf("Can't find the process: %s\n", pid_name); } else { //restore(target_pid, "/data/libtouchbio.so", "restore_entry", pid_name, strlen(pid_name)); restore(target_pid, "/data/libpayload.so", "restore_entry", pid_name, strlen(pid_name)); } } } else { pid_name = "system_server"; target_pid = find_pid_of(pid_name); if (-1 == target_pid) { printf("Can't find the process: %s\n", pid_name); } else { //restore(target_pid, "/data/libtouchbio.so", "restore_entry", pid_name, strlen(pid_name)); restore(target_pid, "/data/libpayload.so", "restore_entry", pid_name, strlen(pid_name)); } } return 0; */ }
int main(int argc, char* argv[]) { int pid; struct link_map *map; struct elf_info einfo; extern dl_fl_t ldl; void *handle = NULL; long proc = 0; long hooker_fopen = 0; char pathfile[100]; if (argc != 4) { LOGE("illegal arguments, injection reject"); return -1; } LOGD("inject begin"); pid = find_pid_of(argv[1]); ptrace_attach(pid); ptrace_find_dlinfo(pid); handle = ptrace_dlopen(pid, str_contact(argv[2], HOOK_LIB), 1); printf("ptrace_dlopen handle %p\n", handle); proc = (long) ptrace_dlsym(pid, handle, "hook"); printf("main = %lx\n", proc); ptrace_arg arg; arg.s = argv[3]; arg.type = PAT_STR; static char buffer[0x1000]; strcpy(buffer, argv[1]); strcat(buffer, "#"); strcat(buffer, argv[3]); arg.s = buffer; printf("arg.s=%s\n", arg.s); ptrace_call(pid, proc, 1, &arg); ptrace_detach(pid); LOGD("inject end"); exit(0); return 0; }