int main(int argc, char** argv) { if (argc < 2) { printf("usage: %s <libpath>\n", strrchr(argv[0], '/') + 1); exit(0); } /* * find PIDs of target processes */ pid_t sys_svr_pid = find_pid_of(proc_sys_svr); pid_t med_svr_pid = find_pid_of(proc_med_svr); pid_t phone_pid = find_pid_of(proc_phone); printf("[+] system_server : %d\n", sys_svr_pid); printf("[+] mediaserver : %d\n", med_svr_pid); printf("[+] com.android.phone : %d\n", phone_pid); char *path = argv[1]; char *param = ""; /* * inject into target processes */ inject_remote_process( sys_svr_pid, path, "so_entry", param, strlen(param) ); inject_remote_process( med_svr_pid, path, "so_entry", param, strlen(param) ); inject_remote_process( phone_pid, path, "so_entry", param, strlen(param) ); exit(0); }
int main(int argc, char** argv) { char* module_name = "com.android.settings"; char* apk_path = "/data/inject.apk"; int hello = 0; if (argc == 2) { module_name = argv[1]; } else if (argc == 3) { module_name = argv[1]; apk_path = argv[2]; } else if (argc == 4) { module_name = argv[1]; apk_path = argv[2]; hello = argv[3][0] - '0'; } pid_t target_pid; target_pid = find_pid_of(module_name); if (-1 == target_pid) { printf("Can't find the process\n"); return -1; } LOGD("================= start ================="); LOGD("inject apk path: %s", apk_path); if (hello == 0) { DEBUG_PRINT("[+] inject /data/libimportdex.so, hello=%d", hello); inject_remote_process(target_pid, "/data/libimportdex.so", "callback", apk_path, strlen(apk_path)); } else { DEBUG_PRINT("[+] inject /data/libhello.so, hello=%d", hello); inject_remote_process(target_pid, "/data/libhello.so", "hook_entry", apk_path, strlen(apk_path)); } LOGD("================= end ================="); return 0; }
int main(int argc, char** argv) { char * libs = DEFAULT_LIBS; char * entry = DEFAULT_ENTRY; char * target = DEFAULT_TARGET; pid_t target_pid = 0; switch(argc) { case 1: Usage(argv[0]); return 0; case 4: target_pid = atoi(argv[3]); if(target_pid == 0) { target = argv[3]; } case 3: entry = argv[2]; case 2: libs = argv[1]; } if(target_pid == 0) { target_pid = find_pid_of(target); } if (-1 == target_pid) { printf("[E]Can't find the process %s\n", target); return -1; } inject_remote_process(target_pid, libs, entry, "I'm parameter!", strlen("I'm parameter!")); return 0; }
int main(int argc, char** argv) { pid_t target_pid; target_pid = find_pid_of("system_server"); if(inject_remote_process(target_pid, "/system/lib/libtest.so", "java_hook_test", "I'm parameter!", strlen("I'm parameter!")) == 0) LOGV("inject success"); else LOGV("inject wrong"); return 0; }
int main(int argc, char** argv) { pid_t target_pid; target_pid = find_pid_of(argv[1]); if (-1 == target_pid) { printf("Can't find the process\n"); return -1; } //target_pid = find_pid_of("/data/test"); inject_remote_process(target_pid, "/system/lib/libtest.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!")); return 0; }
int main(int argc, char** argv) { DEBUG_PRINT( "[+] main start"); // 找到要注入的进程 /system/bin/servicemanager pid_t target_pid; target_pid = find_pid_of("/system/bin/servicemanager"); // 注入已经准备好的libinjectso.so inject_remote_process( target_pid, "/sdcard/libinjectso.so", "hook_entry", "I'm parameter!", strlen("I'm parameter!") ); DEBUG_PRINT( "[+] main end"); }
int main( int argc, char** argv ) { int target_pid; char *libpath; const char *pname = strrchr( argv[0], '/' ) + 1; if (argc < 2) print_usage(pname, 1); int next_opt; const char *short_opts = "hp:l:"; const struct option long_opts[] = { {"help", 0, NULL, 'h'}, {"pid", 1, NULL, 'p'}, {"libpath", 1, NULL, 'l'}, {NULL, 0, NULL, 0 } }; do { next_opt = getopt_long( argc, argv, short_opts, long_opts, NULL ); switch ( next_opt ) { case 'h': print_usage( pname, 0 ); case 'p': target_pid = atoi( optarg ); break; case 'l': libpath = optarg; break; case '?': printf("\n"); print_usage( pname, 1 ); case -1: break; default: ; } } while ( next_opt != -1 ); char *param = ""; inject_remote_process( target_pid, libpath, "hook_entry", param, strlen(param) ); return 0; }
int main(int argc, char* argv[]) { int pid; char *param = NULL; int param_size = 0; if(argc<4) printf("usage:ppinject pid path func [param]\n"); else { if(argc == 5) param = strlen(param)+1; pid = atoi(argv[1]); inject_remote_process(pid,argv[2],argv[3],param,param_size); } //inject_remote_process(pid,"/data/local/tmp/libppdvm.so","HookJdwpProcessRequest",NULL,NULL); return 0; }
int main(int argc, char* argv[]) { pid_t target_pid; // 通过指定目标进程名(即可执行文件名)完成注入 /* target_pid = find_pid_of("//system/bin/surfaceflinger"); if (-1 == target_pid) { printf("Can't find the process\n"); return -1; } */ // 通过指定进程号完成注入 if (argc == 0) { printf("Please input the pid!"); exit(-1); } else target_pid = atoi(argv[1]); // 将位于library_path的动态链接库的function_name注入到target_pid并执行 const char *library_path = "/data/local/tmp/libhello.so"; const char *function_name = "hook_entry"; const char *function_parameters = "I'm parameter!"; inject_remote_process(target_pid, library_path, function_name, function_parameters, strlen(function_parameters)); return 0; }