int main(int argc, char** argv) {
if (argc < 2)
{
printf("usage: %s <libpath>\n", strrchr(argv[0], '/') + 1);
exit(0);
}
/*
* find PIDs of target processes
*/
pid_t sys_svr_pid = find_pid_of(proc_sys_svr);
pid_t med_svr_pid = find_pid_of(proc_med_svr);
pid_t phone_pid = find_pid_of(proc_phone);
printf("[+] system_server : %d\n", sys_svr_pid);
printf("[+] mediaserver : %d\n", med_svr_pid);
printf("[+] com.android.phone : %d\n", phone_pid);
char *path = argv[1];
char *param = "";
/*
* inject into target processes
*/
inject_remote_process( sys_svr_pid, path, "so_entry", param, strlen(param) );
inject_remote_process( med_svr_pid, path, "so_entry", param, strlen(param) );
inject_remote_process( phone_pid, path, "so_entry", param, strlen(param) );
exit(0);
}
int main(int argc, char** argv) {
char * libs = DEFAULT_LIBS;
char * entry = DEFAULT_ENTRY;
char * target = DEFAULT_TARGET;
pid_t target_pid = 0;
switch(argc) {
case 1:
Usage(argv[0]);
return 0;
case 4:
target_pid = atoi(argv[3]);
if(target_pid == 0) {
target = argv[3];
}
case 3:
entry = argv[2];
case 2:
libs = argv[1];
}
if(target_pid == 0) {
target_pid = find_pid_of(target);
}
if (-1 == target_pid) {
printf("[E]Can't find the process %s\n", target);
return -1;
}
inject_remote_process(target_pid, libs, entry, "I'm parameter!", strlen("I'm parameter!"));
return 0;
}
int main(int argc, char** argv) {
char* module_name = "com.android.settings";
char* apk_path = "/data/inject.apk";
int hello = 0;
if (argc == 2) {
module_name = argv[1];
} else if (argc == 3) {
module_name = argv[1];
apk_path = argv[2];
} else if (argc == 4) {
module_name = argv[1];
apk_path = argv[2];
hello = argv[3][0] - '0';
}
pid_t target_pid;
target_pid = find_pid_of(module_name);
if (-1 == target_pid) {
printf("Can't find the process\n");
return -1;
}
LOGD("================= start =================");
LOGD("inject apk path: %s", apk_path);
if (hello == 0) {
DEBUG_PRINT("[+] inject /data/libimportdex.so, hello=%d", hello);
inject_remote_process(target_pid, "/data/libimportdex.so", "callback", apk_path, strlen(apk_path));
} else {
DEBUG_PRINT("[+] inject /data/libhello.so, hello=%d", hello);
inject_remote_process(target_pid, "/data/libhello.so", "hook_entry", apk_path, strlen(apk_path));
}
LOGD("================= end =================");
return 0;
}
int main(int argc, char** argv) {
pid_t target_pid;
target_pid = find_pid_of("system_server");
if(inject_remote_process(target_pid, "/system/lib/libtest.so", "java_hook_test", "I'm parameter!", strlen("I'm parameter!")) == 0)
LOGV("inject success");
else
LOGV("inject wrong");
return 0;
}
int main(int argc, char** argv) {
pid_t target_pid;
target_pid = find_pid_of(argv[1]);
if (-1 == target_pid) {
printf("Can't find the process\n");
return -1;
}
//target_pid = find_pid_of("/data/test");
inject_remote_process(target_pid, "/system/lib/libtest.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!"));
return 0;
}
int main(int argc, char** argv) {
int i =0;
int target_pid = -1;
char *pid_name = NULL;
target_pid = find_pid_of("system_server");
if(target_pid == -1){
LOGD("Can not find target process.");
return -1;
}
inject(target_pid, "system/lib/libpayload.so", "hook_entry", "hello world", 3);
}
int main(int argc, char** argv) {
DEBUG_PRINT( "[+] main start");
// 找到要注入的进程 /system/bin/servicemanager
pid_t target_pid;
target_pid = find_pid_of("/system/bin/servicemanager");
// 注入已经准备好的libinjectso.so
inject_remote_process( target_pid, "/sdcard/libinjectso.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!") );
DEBUG_PRINT( "[+] main end");
}
//NOTE .inject process_name system_server
int main(int argc, char** argv) {
int i =0;
int target_pid = -1;
char *pid_name = NULL;
if (argc > 1){
for(i=1; i < argc; i++){
pid_name = argv[i];
target_pid = find_pid_of(pid_name);
if (-1 == target_pid) {
printf("Can't find the process: %s\n", pid_name);
} else {
//inject(target_pid, "/data/libjavapayload.so", "hook_entry", pid_name, strlen(pid_name));
inject(target_pid, "/data/libpayload.so", "hook_entry", pid_name, strlen(pid_name));
}
}
}
else {
printf("Please input the process name: %s\n", pid_name);
}
/*
printf("Press enter to restore\n");
getchar();
if (argc > 1){
for(i=1; i < argc; i++){
pid_name = argv[i];
target_pid = find_pid_of(pid_name);
if (-1 == target_pid) {
printf("Can't find the process: %s\n", pid_name);
} else {
//restore(target_pid, "/data/libtouchbio.so", "restore_entry", pid_name, strlen(pid_name));
restore(target_pid, "/data/libpayload.so", "restore_entry", pid_name, strlen(pid_name));
}
}
}
else {
pid_name = "system_server";
target_pid = find_pid_of(pid_name);
if (-1 == target_pid) {
printf("Can't find the process: %s\n", pid_name);
} else {
//restore(target_pid, "/data/libtouchbio.so", "restore_entry", pid_name, strlen(pid_name));
restore(target_pid, "/data/libpayload.so", "restore_entry", pid_name, strlen(pid_name));
}
}
return 0;
*/
}
int main(int argc, char* argv[]) {
int pid;
struct link_map *map;
struct elf_info einfo;
extern dl_fl_t ldl;
void *handle = NULL;
long proc = 0;
long hooker_fopen = 0;
char pathfile[100];
if (argc != 4) {
LOGE("illegal arguments, injection reject");
return -1;
}
LOGD("inject begin");
pid = find_pid_of(argv[1]);
ptrace_attach(pid);
ptrace_find_dlinfo(pid);
handle = ptrace_dlopen(pid, str_contact(argv[2], HOOK_LIB), 1);
printf("ptrace_dlopen handle %p\n", handle);
proc = (long) ptrace_dlsym(pid, handle, "hook");
printf("main = %lx\n", proc);
ptrace_arg arg;
arg.s = argv[3];
arg.type = PAT_STR;
static char buffer[0x1000];
strcpy(buffer, argv[1]);
strcat(buffer, "#");
strcat(buffer, argv[3]);
arg.s = buffer;
printf("arg.s=%s\n", arg.s);
ptrace_call(pid, proc, 1, &arg);
ptrace_detach(pid);
LOGD("inject end");
exit(0);
return 0;
}
