├── FileObserver
├── .idea
│ ├── .name
│ ├── copyright
│ │ └── profiles_settings.xml
│ ├── encodings.xml
│ ├── modules.xml
│ ├── runConfigurations.xml
│ ├── compiler.xml
│ ├── gradle.xml
│ └── misc.xml
├── app
│ ├── .gitignore
│ ├── src
│ │ └── main
│ │ │ ├── res
│ │ │ ├── mipmap-hdpi
│ │ │ │ └── ic_launcher.png
│ │ │ ├── mipmap-mdpi
│ │ │ │ └── ic_launcher.png
│ │ │ ├── values
│ │ │ │ ├── dimens.xml
│ │ │ │ ├── colors.xml
│ │ │ │ ├── strings.xml
│ │ │ │ └── styles.xml
│ │ │ ├── values-w820dp
│ │ │ │ └── dimens.xml
│ │ │ └── layout
│ │ │ │ ├── activity_monitor.xml
│ │ │ │ └── activity_main.xml
│ │ │ ├── AndroidManifest.xml
│ │ │ └── java
│ │ │ └── com
│ │ │ └── demo
│ │ │ └── asus
│ │ │ └── fileobserver
│ │ │ ├── MainActivity.java
│ │ │ ├── MonitorActivity.java
│ │ │ └── RecursiveFileObserver.java
│ ├── proguard-rules.pro
│ └── build.gradle
├── settings.gradle
├── .gitignore
├── build.gradle
├── gradle.properties
├── gradlew.bat
└── gradlew
├── ProtectSection
├── jni
│ ├── Application.mk
│ ├── Android.mk
│ └── protect_section.cpp
├── APP
│ ├── ic_launcher-web.png
│ ├── libs
│ │ └── armeabi
│ │ │ └── libprotect_section.so
│ ├── res
│ │ ├── values
│ │ │ ├── strings.xml
│ │ │ └── styles.xml
│ │ └── layout
│ │ │ └── activity_main.xml
│ ├── AndroidManifest.xml
│ └── src
│ │ └── com
│ │ └── example
│ │ └── protectsection
│ │ └── MainActivity.java
└── crypto code
│ └── main.c
├── ProtectFunc
├── jni
│ ├── Application.mk
│ ├── Android.mk
│ └── ProtectFunc.cpp
├── App
│ └── ProtectFunc
│ │ ├── ic_launcher-web.png
│ │ ├── libs
│ │ └── armeabi
│ │ │ └── libProtectFunc.so
│ │ ├── res
│ │ ├── values
│ │ │ ├── strings.xml
│ │ │ └── styles.xml
│ │ └── layout
│ │ │ └── activity_main.xml
│ │ ├── AndroidManifest.xml
│ │ └── src
│ │ └── com
│ │ └── example
│ │ └── protectfunc
│ │ └── MainActivity.java
└── crypto code
│ └── main.c
├── dex_parser
├── readme.md
├── leb128.pyc
├── classes.dex
├── dex_class.pyc
├── parse_dex.pyc
├── leb128.py
├── method_code_class.py
├── dex_class.py
└── parse_dex.py
├── android_inlinehook
├── Application.mk
├── backtrace.h
├── utils.h
├── log.h
├── asm.S
├── Android.mk
├── README.md
├── list.h
├── utils.c
├── inlineHook.h
├── backtrace.c
└── inlineHook.c
├── EnulatorCache
├── ReadMe.md
├── jni
│ ├── EnulatorCache.cpp
│ └── Android.mk
└── src
│ └── com
│ └── example
│ └── enulatorcache
│ └── MainActivity.java
├── .gitattributes
└── .gitignore
/FileObserver/.idea/.name:
--------------------------------------------------------------------------------
1 | FileObserver
--------------------------------------------------------------------------------
/FileObserver/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build
2 |
--------------------------------------------------------------------------------
/FileObserver/settings.gradle:
--------------------------------------------------------------------------------
1 | include ':app'
2 |
--------------------------------------------------------------------------------
/ProtectSection/jni/Application.mk:
--------------------------------------------------------------------------------
1 |
2 | APP_ABI := armeabi
--------------------------------------------------------------------------------
/ProtectFunc/jni/Application.mk:
--------------------------------------------------------------------------------
1 | APP_ABI := armeabi armeabi-v7a x86
--------------------------------------------------------------------------------
/dex_parser/readme.md:
--------------------------------------------------------------------------------
1 | ###dex_parser
2 | Parse the dex file by python
--------------------------------------------------------------------------------
/android_inlinehook/Application.mk:
--------------------------------------------------------------------------------
1 | APP_ABI := armeabi armeabi-v7a
2 | APP_PIE:= true
--------------------------------------------------------------------------------
/dex_parser/leb128.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/dex_parser/leb128.pyc
--------------------------------------------------------------------------------
/EnulatorCache/ReadMe.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/EnulatorCache/ReadMe.md
--------------------------------------------------------------------------------
/dex_parser/classes.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/dex_parser/classes.dex
--------------------------------------------------------------------------------
/dex_parser/dex_class.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/dex_parser/dex_class.pyc
--------------------------------------------------------------------------------
/dex_parser/parse_dex.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/dex_parser/parse_dex.pyc
--------------------------------------------------------------------------------
/EnulatorCache/jni/EnulatorCache.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/EnulatorCache/jni/EnulatorCache.cpp
--------------------------------------------------------------------------------
/FileObserver/.idea/copyright/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/ProtectSection/APP/ic_launcher-web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/ProtectSection/APP/ic_launcher-web.png
--------------------------------------------------------------------------------
/FileObserver/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .gradle
3 | /local.properties
4 | /.idea/workspace.xml
5 | /.idea/libraries
6 | .DS_Store
7 | /build
8 | /captures
9 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/ic_launcher-web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/ProtectFunc/App/ProtectFunc/ic_launcher-web.png
--------------------------------------------------------------------------------
/ProtectSection/APP/libs/armeabi/libprotect_section.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/ProtectSection/APP/libs/armeabi/libprotect_section.so
--------------------------------------------------------------------------------
/android_inlinehook/backtrace.h:
--------------------------------------------------------------------------------
1 | #ifndef _BACKTRACE_H
2 | #define _BACKTRACE_H
3 |
4 | int checkThreadsafety(pid_t *tids, uint32_t *addrs, int length);
5 |
6 | #endif
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/FileObserver/app/src/main/res/mipmap-hdpi/ic_launcher.png
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/FileObserver/app/src/main/res/mipmap-mdpi/ic_launcher.png
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/libs/armeabi/libProtectFunc.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/ProtectFunc/App/ProtectFunc/libs/armeabi/libProtectFunc.so
--------------------------------------------------------------------------------
/EnulatorCache/src/com/example/enulatorcache/MainActivity.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ChengChengCC/Android-demo/HEAD/EnulatorCache/src/com/example/enulatorcache/MainActivity.java
--------------------------------------------------------------------------------
/FileObserver/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/EnulatorCache/jni/Android.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CLEAR_VARS)
4 |
5 | LOCAL_MODULE := EnulatorCache
6 | LOCAL_SRC_FILES := EnulatorCache.cpp
7 |
8 | include $(BUILD_SHARED_LIBRARY)
9 |
--------------------------------------------------------------------------------
/android_inlinehook/utils.h:
--------------------------------------------------------------------------------
1 | #ifndef _UTILS_H
2 | #define _UTILS_H
3 |
4 | void contAllThreads(pid_t pid, pid_t *tids);
5 | void stopAllThreads(pid_t pid, pid_t *tids);
6 | int getAllTids(pid_t pid, pid_t *tids);
7 |
8 | #endif
--------------------------------------------------------------------------------
/ProtectSection/APP/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ProtectSection
5 | Hello world!
6 |
7 |
8 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ProtectFunc
5 | Hello world!
6 |
7 |
8 |
--------------------------------------------------------------------------------
/ProtectFunc/jni/Android.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CLEAR_VARS)
4 |
5 | LOCAL_MODULE := ProtectFunc
6 | LOCAL_SRC_FILES := ProtectFunc.cpp
7 | LOCAL_LDLIBS += -L$(SYSROOT)/usr/lib -llog
8 | include $(BUILD_SHARED_LIBRARY)
9 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/values/dimens.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 16dp
4 | 16dp
5 |
6 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | #3F51B5
4 | #303F9F
5 | #FF4081
6 |
7 |
--------------------------------------------------------------------------------
/android_inlinehook/log.h:
--------------------------------------------------------------------------------
1 | #ifndef _LOG_H
2 | #define _LOG_H
3 |
4 | #ifdef ENABLE_DEBUG
5 | #include
6 | #define LOG_TAG "ele7enxxh_inlineHook"
7 | #define LOGD(fmt, args...) __android_log_print(ANDROID_LOG_DEBUG,LOG_TAG, fmt, ##args)
8 | #else
9 | #define LOGD(fmt,args...)
10 | #endif
11 |
12 | #endif
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 | FileObserver
3 | input the path to watch:
4 | click to start watch
5 | click to stop watch
6 |
7 |
--------------------------------------------------------------------------------
/ProtectSection/jni/Android.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CLEAR_VARS)
4 |
5 | LOCAL_MODULE := protect_section
6 | #VisualGDBAndroid: AutoUpdateSourcesInNextLine
7 | LOCAL_SRC_FILES := protect_section.cpp
8 | LOCAL_ARM_MODE := arm
9 | LOCAL_LDLIBS += -L$(SYSROOT)/usr/lib -llog
10 |
11 | APP_ABI := armeabi armeabi-v7a x86
12 | include $(BUILD_SHARED_LIBRARY)
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/FileObserver/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/values-w820dp/dimens.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 64dp
6 |
7 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 |
7 | # Standard to msysgit
8 | *.doc diff=astextplain
9 | *.DOC diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot diff=astextplain
13 | *.DOT diff=astextplain
14 | *.pdf diff=astextplain
15 | *.PDF diff=astextplain
16 | *.rtf diff=astextplain
17 | *.RTF diff=astextplain
18 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/values/styles.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/layout/activity_monitor.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
13 |
14 |
--------------------------------------------------------------------------------
/FileObserver/build.gradle:
--------------------------------------------------------------------------------
1 | // Top-level build file where you can add configuration options common to all sub-projects/modules.
2 |
3 | buildscript {
4 | repositories {
5 | jcenter()
6 | }
7 | dependencies {
8 | classpath 'com.android.tools.build:gradle:2.0.0'
9 |
10 | // NOTE: Do not place your application dependencies here; they belong
11 | // in the individual module build.gradle files
12 | }
13 | }
14 |
15 | allprojects {
16 | repositories {
17 | jcenter()
18 | }
19 | }
20 |
21 | task clean(type: Delete) {
22 | delete rootProject.buildDir
23 | }
24 |
--------------------------------------------------------------------------------
/FileObserver/.idea/runConfigurations.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
11 |
12 |
--------------------------------------------------------------------------------
/android_inlinehook/asm.S:
--------------------------------------------------------------------------------
1 | .text
2 |
3 | .align 0
4 | .global asm_mmap2
5 | .type asm_mmap2, %function
6 | asm_mmap2:
7 | .fnstart
8 | mov ip, sp
9 | stmfd sp!, {r4, r5, r6, r7}
10 | ldmfd ip, {r4, r5, r6}
11 | ldr r7, =#0xC0
12 | swi #0
13 | ldmfd sp!, {r4, r5, r6, r7}
14 | bx lr
15 | .fnend;
16 | .size asm_mmap2, .-asm_mmap2;
17 |
18 | .align 0
19 | .global asm_cacheflush
20 | .type asm_cacheflush, %function
21 | asm_cacheflush:
22 | .fnstart
23 | mov ip, r7
24 | ldr r7, =#0xF0002
25 | swi #0
26 | mov r7, ip
27 | bx lr
28 | .fnend;
29 | .size asm_cacheflush, .-asm_cacheflush;
30 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
1 |
6 |
7 |
11 |
12 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/FileObserver/app/proguard-rules.pro:
--------------------------------------------------------------------------------
1 | # Add project specific ProGuard rules here.
2 | # By default, the flags in this file are appended to flags specified
3 | # in D:\android\android-sdk/tools/proguard/proguard-android.txt
4 | # You can edit the include path and order by changing the proguardFiles
5 | # directive in build.gradle.
6 | #
7 | # For more details, see
8 | # http://developer.android.com/guide/developing/tools/proguard.html
9 |
10 | # Add any project specific keep options here:
11 |
12 | # If your project uses WebView with JS, uncomment the following
13 | # and specify the fully qualified class name to the JavaScript interface
14 | # class:
15 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
16 | # public *;
17 | #}
18 |
--------------------------------------------------------------------------------
/FileObserver/app/build.gradle:
--------------------------------------------------------------------------------
1 | apply plugin: 'com.android.application'
2 |
3 | android {
4 | compileSdkVersion 23
5 | buildToolsVersion "22.0.0"
6 |
7 | defaultConfig {
8 | applicationId "com.demo.asus.fileobserver"
9 | minSdkVersion 19
10 | targetSdkVersion 23
11 | versionCode 1
12 | versionName "1.0"
13 | }
14 | buildTypes {
15 | release {
16 | minifyEnabled false
17 | proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
18 | }
19 | }
20 | }
21 |
22 | dependencies {
23 | compile fileTree(dir: 'libs', include: ['*.jar'])
24 | testCompile 'junit:junit:4.12'
25 | compile 'com.android.support:appcompat-v7:23.+'
26 | }
27 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Windows image file caches
2 | Thumbs.db
3 | ehthumbs.db
4 |
5 | # Folder config file
6 | Desktop.ini
7 |
8 | # Recycle Bin used on file shares
9 | $RECYCLE.BIN/
10 |
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 |
17 | # Windows shortcuts
18 | *.lnk
19 |
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 |
24 | # OSX
25 | # =========================
26 |
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 |
31 | # Thumbnails
32 | ._*
33 |
34 | # Files that might appear on external disk
35 | .Spotlight-V100
36 | .Trashes
37 |
38 | # Directories potentially created on remote AFP share
39 | .AppleDB
40 | .AppleDesktop
41 | Network Trash Folder
42 | Temporary Items
43 | .apdisk
44 |
--------------------------------------------------------------------------------
/FileObserver/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/ProtectSection/APP/res/values/styles.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
7 |
14 |
15 |
16 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/ProtectSection/APP/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
1 |
7 |
8 |
13 |
14 |
15 |
20 |
21 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/res/values/styles.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
7 |
14 |
15 |
16 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/FileObserver/.idea/gradle.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
23 |
24 |
--------------------------------------------------------------------------------
/android_inlinehook/Android.mk:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2009 The Android Open Source Project
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | #
16 | #
17 | LOCAL_PATH := $(call my-dir)
18 |
19 | include $(CLEAR_VARS)
20 |
21 | LOCAL_MODULE := hook
22 | LOCAL_SRC_FILES := inlineHook.c backtrace.c utils.c asm.S
23 | LOCAL_LDLIBS += -L$(SYSROOT)/usr/lib -llog
24 |
25 | include $(BUILD_STATIC_LIBRARY)
--------------------------------------------------------------------------------
/FileObserver/gradle.properties:
--------------------------------------------------------------------------------
1 | # Project-wide Gradle settings.
2 |
3 | # IDE (e.g. Android Studio) users:
4 | # Gradle settings configured through the IDE *will override*
5 | # any settings specified in this file.
6 |
7 | # For more details on how to configure your build environment visit
8 | # http://www.gradle.org/docs/current/userguide/build_environment.html
9 |
10 | # Specifies the JVM arguments used for the daemon process.
11 | # The setting is particularly useful for tweaking memory settings.
12 | # Default value: -Xmx10248m -XX:MaxPermSize=256m
13 | # org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
14 |
15 | # When configured, Gradle will run in incubating parallel mode.
16 | # This option should only be used with decoupled projects. More details, visit
17 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
18 | # org.gradle.parallel=true
--------------------------------------------------------------------------------
/ProtectSection/APP/AndroidManifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
10 |
11 |
16 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/AndroidManifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
10 |
11 |
16 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/ProtectFunc/App/ProtectFunc/src/com/example/protectfunc/MainActivity.java:
--------------------------------------------------------------------------------
1 | package com.example.protectfunc;
2 |
3 | import android.app.Activity;
4 | import android.os.Bundle;
5 | import android.view.Menu;
6 | import android.view.MenuItem;
7 | import android.view.View;
8 | import android.view.View.OnClickListener;
9 | import android.widget.Button;
10 |
11 | public class MainActivity extends Activity {
12 |
13 | static{
14 | //System.out.println()
15 | System.loadLibrary("ProtectFunc");
16 | }
17 |
18 | private Button btn = null;
19 | private native String getString();
20 |
21 |
22 | @Override
23 | protected void onCreate(Bundle savedInstanceState) {
24 | super.onCreate(savedInstanceState);
25 | setContentView(R.layout.activity_main);
26 |
27 | btn = (Button)findViewById(R.id.btn);
28 |
29 | btn.setOnClickListener(new OnClickListener() {
30 |
31 | @Override
32 | public void onClick(View v) {
33 | // TODO Auto-generated method stub
34 | getString();
35 | }
36 | });
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/android_inlinehook/README.md:
--------------------------------------------------------------------------------
1 | # Android-Inline-Hook
2 | thumb16 thumb32 arm32 inlineHook in Android
3 |
4 | # Build
5 | ```ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk NDK_APPLICATION_MK=./Application.mk```
6 |
7 | # Example
8 | ```C
9 | #include
10 | #include
11 |
12 | int new_a()
13 | {
14 | printf("new_a\n");
15 | }
16 |
17 | int a()
18 | {
19 | printf("a\n");
20 | }
21 |
22 | int thread()
23 | {
24 | while(1) {
25 | a();
26 | }
27 | }
28 |
29 | int (*old_a)() = NULL;
30 |
31 | int main()
32 | {
33 | int err;
34 | int i;
35 | pthread_t tid[10];
36 |
37 | for (i = 0; i < 1; ++i)
38 | {
39 | err = pthread_create(&tid[i], NULL, thread, NULL); //创建Hook线程
40 | if (err)
41 | {
42 | return -1;
43 | }
44 | }
45 |
46 | sleep(1);
47 |
48 | registerInlineHookByAddr(a, new_a, &old_a);
49 | while(inlineHook() < 0);
50 | sleep(5);
51 | unregisterInlineHookByAddr(a);
52 | while(inlineUnHook() < 0);
53 |
54 | for (i = 0; i < 1; ++i) {
55 | pthread_join(tid[i], NULL);
56 | }
57 |
58 | return 0;
59 | }
60 | ```
--------------------------------------------------------------------------------
/FileObserver/app/src/main/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
16 |
17 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/dex_parser/leb128.py:
--------------------------------------------------------------------------------
1 | import struct
2 |
3 |
4 | def get_uleb128(content):
5 | value = 0
6 | for i in xrange(0, 5): # composed by 1~5 byte
7 | tmp = ord(content[i]) & 0x7f
8 | value = tmp << (i * 7) | value
9 | if (ord(content[i]) & 0x80) != 0x80:
10 | break # highest bit not 1
11 | if i == 4 and (tmp & 0xf0) != 0:
12 | print "parse a error uleb128 number"
13 | return -1
14 | return i + 1, value
15 |
16 |
17 | def get_leb128(content):
18 | value = 0
19 | mask = [0xffffff80, 0xffffc000, 0xffe00000, 0xf0000000, 0]
20 | bitmask = [0x40, 0x40, 0x40, 0x40, 0x8]
21 |
22 | for i in xrange(0, 5):
23 | tmp = ord(content[i]) & 0x7f
24 | value = tmp << (i * 7) | value
25 | if (ord(content[i]) & 0x80) != 0x80:
26 | if bitmask[i] & tmp:
27 | value |= mask[i]
28 | break
29 | if i == 4 and (tmp & 0xf0) != 0:
30 | print "parse a error leb128 number"
31 | return -1
32 | buffer = struct.pack("I", value)
33 | value = struct.unpack("i", buffer)
34 | return i + 1, value
35 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/android_inlinehook/list.h:
--------------------------------------------------------------------------------
1 | #ifndef _LIST_H
2 | #define _LIST_H
3 |
4 | struct list_head {
5 | struct list_head *next, *prev;
6 | };
7 |
8 | #define LIST_HEAD_INIT(name) { &(name), &(name) }
9 | #define LIST_HEAD(name) \
10 | struct list_head name = LIST_HEAD_INIT(name)
11 | #define INIT_LIST_HEAD(ptr) do { \
12 | (ptr)->next = (ptr); (ptr)->prev = (ptr); \
13 | } while (0)
14 | #define list_entry(ptr, type, member) ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member)))
15 | #define list_for_each(pos, head) \
16 | for (pos = (head)->next; pos != (head); pos = pos->next)
17 | #define list_for_each_safe(pos, n, head) \
18 | for (pos = (head)->next, n = pos->next; pos != (head); pos = n, n = pos->next)
19 |
20 | static inline void _list_add(struct list_head *new, struct list_head *prev, struct list_head *next)
21 | {
22 | next->prev = new;
23 | new->next = next;
24 | new->prev = prev;
25 | prev->next = new;
26 | }
27 |
28 | static inline void list_add(struct list_head *new, struct list_head *head)
29 | {
30 | _list_add(new, head, head->next);
31 | }
32 |
33 | static inline void _list_del(struct list_head *prev, struct list_head *next)
34 | {
35 | next->prev = prev;
36 | prev->next = next;
37 | }
38 |
39 | static inline void list_del(struct list_head *entry)
40 | {
41 | _list_del(entry->prev, entry->next);
42 | entry->prev = 0;
43 | entry->next = 0;
44 | }
45 |
46 | #endif
--------------------------------------------------------------------------------
/android_inlinehook/utils.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | #include "utils.h"
8 |
9 | #define ENABLE_DEBUG
10 | #include "log.h"
11 |
12 | void contAllThreads(pid_t pid, pid_t *tids)
13 | {
14 | pid_t tid;
15 | int i;
16 |
17 | i = 0;
18 | for (tid = tids[i]; tid != 0; tid = tids[++i]) {
19 | tkill(pid, tid, SIGCONT);
20 | }
21 | }
22 |
23 | void stopAllThreads(pid_t pid, pid_t *tids)
24 | {
25 | pid_t tid;
26 | int i;
27 |
28 | i = 0;
29 | for (tid = tids[i]; tid != 0; tid = tids[++i]) {
30 | tkill(pid, tid, SIGSTOP);
31 | }
32 | }
33 |
34 | int getAllTids(pid_t pid, pid_t *tids)
35 | {
36 | char dir_path[32];
37 | DIR *dir;
38 | int i;
39 | struct dirent *entry;
40 | pid_t tid;
41 |
42 | if (pid < 0) {
43 | snprintf(dir_path, sizeof(dir_path), "/proc/self/task");
44 | }
45 | else {
46 | snprintf(dir_path, sizeof(dir_path), "/proc/%d/task", pid);
47 | }
48 |
49 | dir = opendir(dir_path);
50 | if (dir == NULL) {
51 | LOGD("opendir(): %s", strerror(errno));
52 | return -1;
53 | }
54 |
55 | i = 0;
56 | while((entry = readdir(dir)) != NULL) {
57 | tid = atoi(entry->d_name);
58 | if (tid != 0 && tid != getpid()) {
59 | tids[i++] = tid;
60 | }
61 | }
62 | closedir(dir);
63 | tids[i] = 0;
64 | return 0;
65 | }
66 |
--------------------------------------------------------------------------------
/ProtectSection/APP/src/com/example/protectsection/MainActivity.java:
--------------------------------------------------------------------------------
1 | package com.example.protectsection;
2 |
3 | import android.app.Activity;
4 | import android.os.Bundle;
5 | import android.util.Log;
6 | import android.view.Menu;
7 | import android.view.MenuItem;
8 | import android.view.View;
9 | import android.view.View.OnClickListener;
10 | import android.widget.Button;
11 | import android.widget.TextView;
12 |
13 | public class MainActivity extends Activity {
14 |
15 |
16 | TextView tv = null;
17 | Button btn = null;
18 |
19 | private native String getString();
20 | private native void initSo();
21 | static{
22 | try {
23 |
24 | System.loadLibrary("protect_section");
25 | } catch (Exception e) {
26 | // TODO: handle exception
27 | Log.d("CCDebug", "load lib exception");
28 | }
29 |
30 | }
31 |
32 | @Override
33 | protected void onCreate(Bundle savedInstanceState) {
34 | super.onCreate(savedInstanceState);
35 | setContentView(R.layout.activity_main);
36 |
37 | tv = (TextView)findViewById(R.id.tv_show);
38 | btn =(Button)findViewById(R.id.btn_load);
39 | btn.setOnClickListener(new OnClickListener() {
40 |
41 | @Override
42 | public void onClick(View v) {
43 | // TODO Auto-generated method stub
44 | //loadLibrary("protect_section");
45 | //tv.setText(getString());
46 | // initSo();
47 |
48 | getString();
49 | }
50 | });
51 |
52 | }
53 |
54 |
55 | public static void loadLibrary(String libName) {
56 | System.loadLibrary(libName);
57 |
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/android_inlinehook/inlineHook.h:
--------------------------------------------------------------------------------
1 | #ifndef _INLINEHOOK_H
2 | #define _INLINEHOOK_H
3 |
4 | #include
5 |
6 | #include "list.h"
7 |
8 | struct soinfo {
9 | char name[128];
10 | const Elf32_Phdr* phdr;
11 | size_t phnum;
12 | Elf32_Addr entry;
13 | Elf32_Addr base;
14 | unsigned size;
15 |
16 | uint32_t unused1; // DO NOT USE, maintained for compatibility.
17 |
18 | Elf32_Dyn* dynamic;
19 |
20 | uint32_t unused2; // DO NOT USE, maintained for compatibility
21 | uint32_t unused3; // DO NOT USE, maintained for compatibility
22 |
23 | struct _soinfo* next;
24 | unsigned flags;
25 |
26 | const char* strtab;
27 | Elf32_Sym* symtab;
28 |
29 | size_t nbucket;
30 | size_t nchain;
31 | unsigned* bucket;
32 | unsigned* chain;
33 |
34 | unsigned* plt_got;
35 |
36 | Elf32_Rel* plt_rel;
37 | size_t plt_rel_count;
38 |
39 | Elf32_Rel* rel;
40 | size_t rel_count;
41 | };
42 |
43 | struct inlineHookInfo {
44 | struct list_head list;
45 | char so_name[128];
46 | char function_name[128];
47 | uint32_t target_addr;
48 | uint32_t new_addr;
49 | uint32_t **proto_addr;
50 | void *orig_instructions;
51 | void *trampoline_instructions;
52 | int status;
53 | };
54 |
55 | int unregisterInlineHookByName(const char *function_name, const char *so_name);
56 | int unregisterInlineHookByAddr(uint32_t target_addr);
57 | int registerInlineHookByName(const char *function_name, const char *so_name, uint32_t offset, uint32_t new_addr, uint32_t **proto_addr);
58 | int registerInlineHookByAddr(uint32_t target_addr, uint32_t new_addr, uint32_t **proto_addr);
59 | int inlineUnHook();
60 | int inlineHook();
61 |
62 | #endif
--------------------------------------------------------------------------------
/FileObserver/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
19 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/java/com/demo/asus/fileobserver/MainActivity.java:
--------------------------------------------------------------------------------
1 | package com.demo.asus.fileobserver;
2 |
3 |
4 | import android.app.Activity;
5 | import android.content.Intent;
6 | import android.os.Bundle;
7 | import android.os.Process;
8 | import android.view.View;
9 | import android.widget.Button;
10 | import android.widget.EditText;
11 | import android.widget.Toast;
12 |
13 | import java.io.File;
14 |
15 | public class MainActivity extends Activity {
16 |
17 | public static String EXTAR_PATH = "path_to_monitor";
18 |
19 | private Button btnStart = null;
20 | private EditText editPath = null;
21 |
22 | @Override
23 | protected void onCreate(Bundle savedInstanceState) {
24 | super.onCreate(savedInstanceState);
25 | setContentView(R.layout.activity_main);
26 |
27 | btnStart = (Button) findViewById(R.id.btn_start);
28 | editPath = (EditText) findViewById(R.id.text_path);
29 |
30 | if (editPath != null){
31 | /*一次将/proc 目录下全加上会崩溃,文件太多*/
32 | // editPath.setText("/proc/"+getPid());
33 | // editPath.setText("/tmp/1"); //test
34 | editPath.setText("/proc/"+getPid()+"/status");
35 | }
36 | if (btnStart!=null){
37 | btnStart.setOnClickListener(new View.OnClickListener() {
38 | @Override
39 | public void onClick(View view) {
40 | String path = editPath.getText().toString();
41 | handlePath(path);
42 | }
43 | });
44 | }
45 |
46 | }
47 |
48 |
49 | public void handlePath(String path){
50 | if (path.isEmpty()){
51 | Toast.makeText(this,"the path is empty",Toast.LENGTH_SHORT).show();
52 | return;
53 | }
54 | try{
55 | File f = new File(path);
56 | if (f.exists()){
57 | int requestCode = 0;
58 | Intent i = new Intent("android.intent.action.MONITOR");
59 | i.putExtra(EXTAR_PATH,path);
60 | startActivityForResult(i,requestCode);
61 | }
62 | }catch (RuntimeException e){
63 | Toast.makeText(this,"the file is not exist",Toast.LENGTH_SHORT).show();
64 | return;
65 | }
66 | }
67 |
68 |
69 | private static String getPid() {
70 | return String.format("%d",Process.myPid());
71 | }
72 | }
73 |
--------------------------------------------------------------------------------
/android_inlinehook/backtrace.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 | #include "backtrace.h"
7 |
8 | #define ENABLE_DEBUG
9 | #include "log.h"
10 |
11 | #define MAX_DEPATH 32
12 |
13 | struct backtrace_frame {
14 | uintptr_t *absolute_pc;
15 | uintptr_t *stack_top;
16 | size_t stack_size;
17 | };
18 |
19 | typedef ssize_t (*t_unwind_backtrace_thread) (pid_t, struct backtrace_frame *, size_t, size_t);
20 |
21 | static t_unwind_backtrace_thread unwind_backtrace_thread = NULL;
22 |
23 | static const char *corkscrew_path = "/system/lib/libcorkscrew.so";
24 |
25 | static int registerUnwindFunction()
26 | {
27 | void *handle;
28 |
29 | if (unwind_backtrace_thread != NULL) {
30 | return 0;
31 | }
32 |
33 | handle = dlopen(corkscrew_path, RTLD_NOW);
34 | if (handle == NULL) {
35 | LOGD("dlopen(): %s", strerror(errno));
36 | return -1;
37 | }
38 |
39 | unwind_backtrace_thread = (t_unwind_backtrace_thread) dlsym(handle, "unwind_backtrace_thread");
40 | if (unwind_backtrace_thread == NULL) {
41 | LOGD("dlsym(): %s", strerror(errno));
42 | return -1;
43 | }
44 |
45 | return 0;
46 | }
47 |
48 | static ssize_t backtracePtrace(pid_t tid, struct backtrace_frame *backtrace)
49 | {
50 |
51 | LOGD("unwinding thread: %d from process: %d", tid, getpid());
52 | return unwind_backtrace_thread(tid, backtrace, 1, MAX_DEPATH);
53 | }
54 |
55 | static int doCheckThreadsafety(pid_t tid, uint32_t *addrs, int length)
56 | {
57 | struct backtrace_frame backtrace[MAX_DEPATH];
58 | ssize_t count;
59 | int i;
60 |
61 | count = backtracePtrace(tid, backtrace);
62 |
63 | for (i = 0; i < count; ++i) {
64 | int idx;
65 | uint32_t addr;
66 |
67 | idx = 0;
68 | for (addr = addrs[idx]; addr != 0; addr = addrs[++idx]) {
69 | if ((uint32_t) backtrace[i].absolute_pc >= addr && (uint32_t) backtrace[i].absolute_pc <= (addr + length)) {
70 | LOGD("thread function call stack contains the hook address(0x%x)", addr);
71 | return -1;
72 | }
73 | }
74 | }
75 |
76 | return 0;
77 | }
78 |
79 | int checkThreadsafety(pid_t *tids, uint32_t *addrs, int length)
80 | {
81 | pid_t tid;
82 | int i;
83 |
84 | if (registerUnwindFunction()== -1) {
85 | return -1;
86 | }
87 |
88 | i = 0;
89 | for (tid = tids[i]; tid != 0; tid = tids[++i]) {
90 | if (doCheckThreadsafety(tid, addrs, length) == -1) {
91 | return -1;
92 | }
93 | }
94 |
95 | LOGD("check thread safety success");
96 |
97 | return 0;
98 | }
--------------------------------------------------------------------------------
/FileObserver/gradlew.bat:
--------------------------------------------------------------------------------
1 | @if "%DEBUG%" == "" @echo off
2 | @rem ##########################################################################
3 | @rem
4 | @rem Gradle startup script for Windows
5 | @rem
6 | @rem ##########################################################################
7 |
8 | @rem Set local scope for the variables with windows NT shell
9 | if "%OS%"=="Windows_NT" setlocal
10 |
11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
12 | set DEFAULT_JVM_OPTS=
13 |
14 | set DIRNAME=%~dp0
15 | if "%DIRNAME%" == "" set DIRNAME=.
16 | set APP_BASE_NAME=%~n0
17 | set APP_HOME=%DIRNAME%
18 |
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 |
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 |
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 |
32 | goto fail
33 |
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 |
38 | if exist "%JAVA_EXE%" goto init
39 |
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 |
46 | goto fail
47 |
48 | :init
49 | @rem Get command-line arguments, handling Windowz variants
50 |
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 | if "%@eval[2+2]" == "4" goto 4NT_args
53 |
54 | :win9xME_args
55 | @rem Slurp the command line arguments.
56 | set CMD_LINE_ARGS=
57 | set _SKIP=2
58 |
59 | :win9xME_args_slurp
60 | if "x%~1" == "x" goto execute
61 |
62 | set CMD_LINE_ARGS=%*
63 | goto execute
64 |
65 | :4NT_args
66 | @rem Get arguments from the 4NT Shell from JP Software
67 | set CMD_LINE_ARGS=%$
68 |
69 | :execute
70 | @rem Setup the command line
71 |
72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
73 |
74 | @rem Execute Gradle
75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
76 |
77 | :end
78 | @rem End local scope for the variables with windows NT shell
79 | if "%ERRORLEVEL%"=="0" goto mainEnd
80 |
81 | :fail
82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
83 | rem the _cmd.exe /c_ return code!
84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
85 | exit /b 1
86 |
87 | :mainEnd
88 | if "%OS%"=="Windows_NT" endlocal
89 |
90 | :omega
91 |
--------------------------------------------------------------------------------
/FileObserver/app/src/main/java/com/demo/asus/fileobserver/MonitorActivity.java:
--------------------------------------------------------------------------------
1 | package com.demo.asus.fileobserver;
2 |
3 | import android.app.Activity;
4 |
5 | import android.os.Bundle;
6 |
7 | import android.util.Log;
8 | import android.view.View;
9 | import android.widget.Button;
10 |
11 |
12 | /**
13 | * Created by ASUS on 2016/5/23.
14 | */
15 | public class MonitorActivity extends Activity {
16 |
17 | //public static String MONITOR_TAG = "monitor_debug";
18 | private String path = null;
19 | private Button btn_stop = null;
20 | private RecursiveFileObserver observer = null;
21 |
22 | ;
23 | @Override
24 | protected void onCreate(Bundle savedInstanceState) {
25 | super.onCreate(savedInstanceState);
26 |
27 | Bundle extras = getIntent().getExtras();
28 | if (extras != null){
29 | path = extras.getString(MainActivity.EXTAR_PATH);
30 | }else {
31 | Log.d("C&C","observer path is null");
32 | }
33 |
34 | btn_stop = (Button)findViewById(R.id.btn_stop);
35 | if (btn_stop==null){
36 |
37 | }
38 |
39 | btn_stop.setOnClickListener(new View.OnClickListener() {
40 | @Override
41 | public void onClick(View view) {
42 | observer.stopWatching();
43 | }
44 | });
45 |
46 |
47 | observer = new RecursiveFileObserver(path);
48 | observer.startWatching();
49 |
50 | }
51 |
52 | /*
53 | public void log(String msg) {
54 | Log.d(MONITOR_TAG, msg);
55 | if (Environment.getExternalStorageState()
56 | .equals(Environment.MEDIA_MOUNTED)) {
57 | //存在sd卡
58 | String sd_path = Environment.getExternalStorageDirectory().getPath();
59 | Calendar c = Calendar.getInstance();
60 | SimpleDateFormat time = new SimpleDateFormat("yyyy-MM-dd");
61 | String strDay = time.format(c.getTime());
62 | String logFileName = sd_path + "/FileObserverDemo/log/"+strDay+".txt";
63 | MyLog log = new MyLog(logFileName);
64 | /*
65 | try {
66 | File f = new File(logFileName);
67 | if (f.exists()) {
68 |
69 |
70 | } else {//文件不存在
71 | if (f.getParentFile().mkdir()) {
72 | //创建父目录
73 | if (f.createNewFile()) {
74 | Log.d(MONITOR_TAG, "CCCC");
75 | }
76 | } else {
77 | Log.d(MONITOR_TAG, "CCCC");
78 | }
79 |
80 | }
81 |
82 | } catch (Exception e) {
83 | e.printStackTrace();
84 | }
85 |
86 | } else {
87 |
88 | }
89 | }
90 | */
91 |
92 | }
93 |
--------------------------------------------------------------------------------
/dex_parser/method_code_class.py:
--------------------------------------------------------------------------------
1 | import pdb
2 | import struct
3 | from leb128 import *
4 |
5 |
6 | class method_code_class:
7 |
8 | def __init__(self, dex_object, offset):
9 | '''
10 | /*
11 | * Direct-mapped "code_item".
12 | *
13 | * The "catches" table is used when throwing an exception,
14 | * "debugInfo" is used when displaying an exception stack trace or
15 | * debugging. An offset of zero indicates that there are no entries.
16 | */
17 | struct DexCode {
18 | u2 registersSize;
19 | u2 insSize;
20 | u2 outsSize;
21 | u2 triesSize;
22 | u4 debugInfoOff; /* file offset to debug info stream */
23 | u4 insnsSize; /* size of the insns array, in u2 units */
24 | u2 insns[1];
25 | /* followed by optional u2 padding */
26 | /* followed by try_item[triesSize] */
27 | /* followed by uleb128 handlersSize */
28 | /* followed by catch_handler_item[handlersSize] */
29 | };
30 | '''
31 | format = "H"
32 | self.m_registers_size = struct.unpack_from(
33 | format, dex_object.m_content, offset)
34 | offset += struct.calcsize(format)
35 |
36 | self.m_ins_size = struct.unpack_from(
37 | format, dex_object.m_content, offset)
38 | offset += struct.calcsize(format)
39 |
40 | self.m_outs_size = struct.unpack_from(
41 | format, dex_object.m_content, offset)
42 | offset += struct.calcsize(format)
43 |
44 | self.m_tries_size = struct.unpack_from(
45 | format, dex_object.m_content, offset)
46 | offset += struct.calcsize(format)
47 |
48 | format = "I"
49 | self.m_debug_info_off = struct.unpack_from(
50 | format, dex_object.m_content, offset)
51 | offset += struct.calcsize(format)
52 |
53 | self.m_insns_size = struct.unpack_from(
54 | format, dex_object.m_content, offset)
55 | offset += struct.calcsize(format)
56 |
57 | self.m_insns_array_off = offset
58 | offset += self.m_insns_size * 2 # insns
59 |
60 | if self.m_tries_size % 2 == 1:
61 | offset += 2 # u2 padding
62 |
63 | if self.m_tries_size == 0:
64 | self.m_try_item = 0
65 | skip, self.m_handlers_size = get_uleb128(
66 | dex_object.m_content[offset:])
67 | offset += skip
68 | self.m_catch_handlers_item = offset
69 | else:
70 | self.m_try_item = offset
71 | # try_item
72 | offset += self.m_tries_size * struct.calcsize("IHH") # IHH DexTry
73 | skip, self.m_handlers_size = get_uleb128(
74 | dex_object.m_content[offset:])
75 | offset += skip
76 | self.m_catch_handlers_item = offset
77 |
78 | def get_parameter_list(self, dex_object):
79 | if self.m_debug_info_off != 0:
80 | pass
81 |
--------------------------------------------------------------------------------
/ProtectSection/crypto code/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 |
7 |
8 | int main(int argc,char ** argv)
9 | {
10 | char section_name[] = ".mytext";
11 | Elf32_Ehdr ehdr;
12 | Elf32_Shdr shdr;
13 | char * ptr_shstrtab = NULL;
14 | Elf32_Off target_section_offset = 0;
15 | Elf32_Word target_section_size = 0;
16 | char * ptr_section_content = NULL;
17 | int page_size = 4096;
18 | int fd;
19 | if(argc < 2)
20 | {
21 | puts("input so file\n");
22 | return -1;
23 | }
24 | fd = open(argv[1],O_RDWR);
25 | if(fd < 0)
26 | {
27 | goto _error;
28 | }
29 | if(read(fd,&ehdr,sizeof(Elf32_Ehdr)) != sizeof(Elf32_Ehdr))
30 | {
31 | puts("read elf header failed\n");
32 | goto _error;
33 | }
34 |
35 | lseek(fd,ehdr.e_shoff+sizeof(Elf32_Shdr)*ehdr.e_shstrndx,SEEK_SET);
36 | if(read(fd,&shdr,sizeof(Elf32_Shdr)) != sizeof(Elf32_Shdr))
37 | {
38 | puts("read elf .shstrtab header failed\n");
39 | goto _error;
40 | }
41 |
42 | ptr_shstrtab = (char*)malloc(shdr.sh_size);
43 | if(NULL == ptr_shstrtab)
44 | {
45 | puts("apply mem failed\n");
46 | goto _error;
47 | }
48 |
49 | //read shstrtab
50 | lseek(fd,shdr.sh_offset,SEEK_SET);
51 | if(read (fd,ptr_shstrtab,shdr.sh_size) != shdr.sh_size)
52 | {
53 | goto _error;
54 | }
55 |
56 | lseek(fd,ehdr.e_shoff,SEEK_SET);
57 | int i = 0;
58 | for(i = 0;i < ehdr.e_shnum;i++)
59 | {
60 | if(read(fd,&shdr,sizeof(Elf32_Shdr)) != sizeof(Elf32_Shdr))
61 | {
62 | puts("find target section faile\nd");
63 | goto _error;
64 | }
65 | if( !strcmp(ptr_shstrtab + shdr.sh_name , section_name) )
66 | {
67 | target_section_offset = shdr.sh_offset;
68 | target_section_size = shdr.sh_size;
69 | break;
70 | }
71 | }
72 |
73 | lseek(fd,target_section_offset,SEEK_SET);
74 |
75 | ptr_section_content = (char*)malloc(target_section_size);
76 | if(NULL ==ptr_section_content)
77 | {
78 | goto _error;
79 | }
80 |
81 | if(read(fd,ptr_section_content,target_section_size) != target_section_size)
82 | {
83 | goto _error;
84 | }
85 |
86 | int num_page = target_section_size/page_size + 1;
87 | ehdr.e_entry = target_section_size;
88 | ehdr.e_shoff = target_section_offset;
89 |
90 |
91 | for(i = 0; i mSingleObservers = new ArrayList();
20 |
21 |
22 | public RecursiveFileObserver(String path){
23 |
24 | //解析子目录
25 | Stack pathStack = new Stack();
26 | pathStack.push(path);
27 | while (!pathStack.isEmpty()){
28 | String parentPath = pathStack.pop();
29 | if (mSingleObservers.add(new SingleFileObserver(parentPath))){
30 | Log.d("C&C","add observer success"+parentPath);
31 | }
32 |
33 | File parent = new File(parentPath);
34 |
35 | if (parent.isDirectory()){
36 | File[] files = parent.listFiles();
37 | for (int i =0;i
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 |
11 | /*
12 | #if defined (__arm__)
13 | #if defined(__ARM_ARCH_7A__)
14 | #if defined(__ARM_NEON__)
15 | #define ABI "armeabi-v7a/NEON"
16 | #else
17 | #define ABI "armeabi-v7a"
18 | #endif
19 | #else
20 | #define ABI "armabi"
21 | #endif
22 | #elif defined (__x86__)
23 | #define ABI "x86"
24 | #elif defined (__mips__)
25 | #define ABI "mips"
26 | #else
27 | #define ABI "unkown"
28 | #endif
29 |
30 | */
31 |
32 | #define LOG_TAG "CCDebug"
33 | /*
34 | #define LOGD(msg) \
35 | __android_log_write(ANDROID_LOG_ERROR , LOG_TAG , msg);
36 | */
37 |
38 |
39 | #define LOGI(msg) \
40 | __android_log_print(ANDROID_LOG_INFO,LOG_TAG,msg)
41 | #define LOGW(msg) \
42 | __android_log_print(ANDROID_LOG_WARN,LOG_TAG,msg)
43 | #define LOGE(msg) \
44 | __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,msg)
45 | #define LOGD(msg) \
46 | __android_log_print(ANDROID_LOG_DEBUG,LOG_TAG,msg)
47 |
48 | #ifdef __cplusplus
49 | extern "C" {
50 | #endif
51 | //JNIEXPORT jstring JNICALL Java_com_example_protect_MainActivity_getString(JNIEnv * env,jobject clazz);
52 | //JNIEXPORT void JNICALL Java_com_example_protect_MainActivity_initSo(JNIEnv * env,jobject clazz);
53 |
54 | JNIEXPORT jstring JNICALL getString(JNIEnv*,jobject)__attribute__((section(".mytext")));
55 |
56 | void init_getString()__attribute__((constructor)); //initarray
57 | unsigned long get_cur_lib_addr();
58 |
59 | #ifdef __cplusplus
60 | }
61 | #endif
62 |
63 |
64 |
65 | static JNINativeMethod g_methods[] = {
66 | {
67 | "getString",
68 | "()Ljava/lang/String;",
69 | (void*)getString
70 | }
71 | };
72 |
73 |
74 | unsigned long get_cur_lib_addr()
75 | {
76 | unsigned long addr = 0;
77 | char section_name[] = "libprotect_section.so";
78 | pid_t pid = 0; //
79 | char buf[1024] = {0};
80 | FILE* fp = NULL;
81 | char* tmp = NULL;
82 | pid = getpid(); //
83 | sprintf(buf,"/proc/%d/maps",pid); //
84 | fp = fopen(buf,"r");
85 | if(NULL == fp)
86 | {
87 | return 0;
88 | }
89 | while(fgets(buf,sizeof(buf),fp))
90 | {
91 | if(strstr(buf,section_name))
92 | {
93 | tmp = strtok(buf,"-");
94 | addr = strtoul(tmp,NULL,0x10); //
95 | break;
96 | }
97 | }
98 |
99 | fclose(fp);
100 | return addr;
101 | }
102 |
103 |
104 | void init_getString()
105 | {
106 | //LOGD("Hello init_getString");
107 |
108 | unsigned long lib_addr;
109 | Elf32_Ehdr* ptr_ehdr = NULL;
110 | Elf32_Shdr* ptr_shdr = NULL;
111 | unsigned long mytext_addr;
112 | unsigned long mytext_size = 0;
113 | unsigned long page_size = 0x1000;
114 | lib_addr = get_cur_lib_addr();
115 | if(NULL == lib_addr)
116 | {
117 | return ;
118 | }
119 |
120 | ptr_ehdr = (Elf32_Ehdr*)lib_addr;
121 | mytext_size = ptr_ehdr->e_entry; //size
122 | mytext_addr = ptr_ehdr->e_shoff + lib_addr; //offset
123 | unsigned long offset = mytext_addr % page_size;
124 | LOGD("invoke mprotect first");
125 | if(mprotect((const void*)(mytext_addr-offset) , mytext_size,PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
126 | {
127 | LOGD("change the mem failed");
128 | return ;
129 | }
130 |
131 | for(int i=0;iNewStringUTF("Hello_CC");
151 |
152 | }
153 |
154 |
155 | /*
156 | JNIEXPORT jstring JNICALL Java_com_example_protect_MainActivity_getString(JNIEnv * env,jobject clazz)
157 | {
158 | LOGD("getString invoke");
159 | return env->NewStringUTF("Hello_CC");
160 | }
161 | */
162 |
163 |
164 | //JNIEXPORT void JNICALL Java_com_example_protect_MainActivity_initSo(JNIEnv * env,jobject clazz)
165 | //{
166 | /*
167 | jclass clz_main_activity = env->FindClass("com/example/protect/MainActivity");
168 | if(clz_main_activity == NULL)
169 | {
170 | LOGD("find class failed");
171 | return ;
172 | }
173 |
174 |
175 | if(env->RegisterNatives(clz_main_activity,g_methods,sizeof(g_methods)/sizeof(g_methods[0]))<0)
176 | {
177 | LOGD("register failed");
178 | // abort();
179 | return;
180 | }
181 | */
182 |
183 | // return;
184 | //}
185 |
186 |
187 |
188 |
189 | jint JNI_OnLoad(JavaVM *vm,void * reserved)
190 | {
191 | jint result = -1;
192 | JNIEnv *env = NULL;
193 | if(vm->GetEnv((void**)&env,JNI_VERSION_1_4) == JNI_FALSE)
194 | {
195 | result = -1;
196 | }
197 | //com.example.protectsection
198 | jclass clazz = env->FindClass("com/example/protectsection/MainActivity");
199 | if(clazz == NULL)
200 | {
201 | LOGD("find class failed");
202 | return result;
203 | }
204 |
205 | if(env->RegisterNatives(clazz,g_methods,sizeof(g_methods)/sizeof(g_methods[0]))<0)
206 | {
207 | LOGD("register natives failed");
208 | return result;
209 | }
210 |
211 | result = JNI_VERSION_1_4;
212 | return result;
213 | }
214 |
215 |
216 |
--------------------------------------------------------------------------------
/FileObserver/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | ##############################################################################
4 | ##
5 | ## Gradle start up script for UN*X
6 | ##
7 | ##############################################################################
8 |
9 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
10 | DEFAULT_JVM_OPTS=""
11 |
12 | APP_NAME="Gradle"
13 | APP_BASE_NAME=`basename "$0"`
14 |
15 | # Use the maximum available, or set MAX_FD != -1 to use that value.
16 | MAX_FD="maximum"
17 |
18 | warn ( ) {
19 | echo "$*"
20 | }
21 |
22 | die ( ) {
23 | echo
24 | echo "$*"
25 | echo
26 | exit 1
27 | }
28 |
29 | # OS specific support (must be 'true' or 'false').
30 | cygwin=false
31 | msys=false
32 | darwin=false
33 | case "`uname`" in
34 | CYGWIN* )
35 | cygwin=true
36 | ;;
37 | Darwin* )
38 | darwin=true
39 | ;;
40 | MINGW* )
41 | msys=true
42 | ;;
43 | esac
44 |
45 | # Attempt to set APP_HOME
46 | # Resolve links: $0 may be a link
47 | PRG="$0"
48 | # Need this for relative symlinks.
49 | while [ -h "$PRG" ] ; do
50 | ls=`ls -ld "$PRG"`
51 | link=`expr "$ls" : '.*-> \(.*\)$'`
52 | if expr "$link" : '/.*' > /dev/null; then
53 | PRG="$link"
54 | else
55 | PRG=`dirname "$PRG"`"/$link"
56 | fi
57 | done
58 | SAVED="`pwd`"
59 | cd "`dirname \"$PRG\"`/" >/dev/null
60 | APP_HOME="`pwd -P`"
61 | cd "$SAVED" >/dev/null
62 |
63 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
64 |
65 | # Determine the Java command to use to start the JVM.
66 | if [ -n "$JAVA_HOME" ] ; then
67 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
68 | # IBM's JDK on AIX uses strange locations for the executables
69 | JAVACMD="$JAVA_HOME/jre/sh/java"
70 | else
71 | JAVACMD="$JAVA_HOME/bin/java"
72 | fi
73 | if [ ! -x "$JAVACMD" ] ; then
74 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
75 |
76 | Please set the JAVA_HOME variable in your environment to match the
77 | location of your Java installation."
78 | fi
79 | else
80 | JAVACMD="java"
81 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
82 |
83 | Please set the JAVA_HOME variable in your environment to match the
84 | location of your Java installation."
85 | fi
86 |
87 | # Increase the maximum file descriptors if we can.
88 | if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
89 | MAX_FD_LIMIT=`ulimit -H -n`
90 | if [ $? -eq 0 ] ; then
91 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
92 | MAX_FD="$MAX_FD_LIMIT"
93 | fi
94 | ulimit -n $MAX_FD
95 | if [ $? -ne 0 ] ; then
96 | warn "Could not set maximum file descriptor limit: $MAX_FD"
97 | fi
98 | else
99 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
100 | fi
101 | fi
102 |
103 | # For Darwin, add options to specify how the application appears in the dock
104 | if $darwin; then
105 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
106 | fi
107 |
108 | # For Cygwin, switch paths to Windows format before running java
109 | if $cygwin ; then
110 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
111 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
112 | JAVACMD=`cygpath --unix "$JAVACMD"`
113 |
114 | # We build the pattern for arguments to be converted via cygpath
115 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
116 | SEP=""
117 | for dir in $ROOTDIRSRAW ; do
118 | ROOTDIRS="$ROOTDIRS$SEP$dir"
119 | SEP="|"
120 | done
121 | OURCYGPATTERN="(^($ROOTDIRS))"
122 | # Add a user-defined pattern to the cygpath arguments
123 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
124 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
125 | fi
126 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
127 | i=0
128 | for arg in "$@" ; do
129 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
130 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
131 |
132 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
133 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
134 | else
135 | eval `echo args$i`="\"$arg\""
136 | fi
137 | i=$((i+1))
138 | done
139 | case $i in
140 | (0) set -- ;;
141 | (1) set -- "$args0" ;;
142 | (2) set -- "$args0" "$args1" ;;
143 | (3) set -- "$args0" "$args1" "$args2" ;;
144 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
145 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
146 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
147 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
148 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
149 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
150 | esac
151 | fi
152 |
153 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
154 | function splitJvmOpts() {
155 | JVM_OPTS=("$@")
156 | }
157 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
158 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
159 |
160 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
161 |
--------------------------------------------------------------------------------
/ProtectFunc/crypto code/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | #define SYMTAB 0x01
8 | #define HASH 0X02
9 | #define STRTAB 0x04
10 | #define STRSZ 0X08
11 |
12 | static unsigned elfhash(const char *_name)
13 | {
14 | const unsigned char *name = (const unsigned char *) _name;
15 | unsigned h = 0, g;
16 | while(*name) {
17 | h = (h << 4) + *name++;
18 | g = h & 0xf0000000;
19 | h ^= g;
20 | h ^= g >> 24;
21 | }
22 | return h;
23 | }
24 |
25 | int main(int argc ,char** argv)
26 | {
27 | Elf32_Ehdr ehdr;
28 | Elf32_Phdr phdr;
29 | Elf32_Word dyn_size,dyn_strsz;
30 | Elf32_Off dyn_off;
31 | Elf32_Dyn dyn;
32 | Elf32_Addr dyn_sym,dyn_str,dyn_hash;
33 | unsigned func_hash,nbucket,nchain,func_index;
34 | char * ptr_dynstr = NULL;
35 | char * ptr_func_content = NULL;
36 | Elf32_Sym func_sym;
37 |
38 | int flag = 0;
39 | int i = 0;
40 |
41 | char func_name[] = "getString";
42 | if(argc < 2)
43 | {
44 | printf("input the so file\n");
45 | return 0;
46 | }
47 | int fd = open(argv[1],O_RDWR);
48 | if(fd < 0)
49 | {
50 |
51 | printf("open file failed\n");
52 | goto _error;
53 | }
54 | lseek(fd,0,SEEK_SET);
55 | if(read(fd,&ehdr,sizeof(Elf32_Ehdr)) != sizeof(Elf32_Ehdr))
56 | {
57 | printf("read elf header failed\n");
58 | goto _error;
59 |
60 | }
61 |
62 | lseek(fd,ehdr.e_phoff,SEEK_SET);
63 | for(i=0; i= dex_object.m_classDefSize:
12 | return ""
13 | '''
14 |
15 | '''
16 | offset = dex_object.m_classDefOff + class_index * struct.calcsize("8I")
17 | self.offset = offset
18 | format = "I"
19 | # class_index : index to class_def_item
20 |
21 | # index to typeIds for this class
22 | self.m_class_idx, = struct.unpack_from(
23 | format, dex_object.m_content, offset)
24 | offset += struct.calcsize(format)
25 | #
26 | self.m_access_flags, = struct.unpack_from(
27 | format, dex_object.m_content, offset)
28 | offset += struct.calcsize(format)
29 | # index into typeIds for superclass
30 | self.m_super_class_idx, = struct.unpack_from(
31 | format, dex_object.m_content, offset)
32 | offset += struct.calcsize(format)
33 | # file offset to DexTypeList
34 | self.m_interfaces_off, = struct.unpack_from(
35 | format, dex_object.m_content, offset)
36 | offset += struct.calcsize(format)
37 | # index into stringIds for source file name
38 | self.m_source_file_idx, = struct.unpack_from(
39 | format, dex_object.m_content, offset)
40 | offset += struct.calcsize(format)
41 | # file offset to annotation_directory_name
42 | self.m_annotations_off, = struct.unpack_from(
43 | format, dex_object.m_content, offset)
44 | offset += struct.calcsize(format)
45 | # file offset to class_data_item
46 | self.m_class_data_off, = struct.unpack_from(
47 | format, dex_object.m_content, offset)
48 | offset += struct.calcsize(format)
49 | # file offset to DexEncodeArray
50 | self.m_static_value_off, = struct.unpack_from(
51 | format, dex_object.m_content, offset)
52 | offset += struct.calcsize(format)
53 |
54 | self.m_index = class_index # index to class_def_item
55 | if self.m_interfaces_off != 0:
56 | # DexTypeList size
57 | self.m_interfaces_size = struct.unpack_from(
58 | "I", dex_object.m_content, self.m_interfaces_off)
59 | if self.m_class_data_off != 0:
60 |
61 | offset = self.m_class_data_off # offset ---> DexclassData
62 | # count , num = count,self.numStaticFields = get_uleb128(dex_object.m_content[offset:])
63 | skip, self.m_static_field_size, = get_uleb128(
64 | dex_object.m_content[offset:])
65 | # pdb.set_trace()
66 | offset += skip
67 |
68 | skip, self.m_instance_fields_size, = get_uleb128(
69 | dex_object.m_content[offset:])
70 | offset += skip
71 |
72 | skip, self.m_direct_methods_size, = get_uleb128(
73 | dex_object.m_content[offset:])
74 | offset += skip
75 |
76 | skip, self.m_virtual_methods_size, = get_uleb128(
77 | dex_object.m_content[offset:])
78 | else:
79 | self.m_static_field_size = 0
80 | self.m_instance_fields_size = 0
81 | self.m_direct_methods_size = 0
82 | self.m_virtual_methods_size = 0
83 |
84 | def printf(self, dex_object):
85 | pass
86 |
87 | def format_classname(self, name):
88 | name = name[1: -1].replace("/", "_")
89 | name = name.replace("$", "_")
90 | return name
91 |
92 | def create_header_file_cplusplus(self, dex_object):
93 | field_list = []
94 | name = self.format_classname(dex_object.get_typename(self.m_class_idx))
95 | f = open(name + ".smail", "w")
96 | str1 = "class %s" % name
97 | super_name = dex_object.get_typename(self.m_super_class_idx)
98 |
99 | if dex_object.m_class_name_id.has_key(super_name):
100 | str1 += ":"
101 | str1 += self.format_classname(super_name)
102 | str1 += "\n{\n"
103 |
104 | offset = self.m_class_data_off # ---> DexClassData
105 |
106 | # staticFieldsSize
107 | skip, tmp_val, = get_uleb128(dex_object.m_content[offset:])
108 | offset += skip
109 |
110 | # instanceFieldsSize
111 | skip, tmp_val, = get_uleb128(dex_object.m_content[offset:])
112 | offset += skip
113 |
114 | # directMethodsSize
115 | skip, tmp_val = get_uleb128(dex_object.m_content[offset:])
116 | offset += skip
117 |
118 | # virtualMethodsSize
119 | skip, tmp_val = get_uleb128(dex_object.m_content[offset:])
120 | offset += skip
121 |
122 | # traverse DexField staticFields
123 | for x in xrange(0, self.m_static_field_size):
124 | # field_idx : index to a field_id_item
125 | skip, field_idx = get_uleb128(dex_object.m_content[offset:])
126 | offset += skip
127 |
128 | skip, access_flags = get_uleb128(dex_object.m_content[offset:])
129 | offset += skip
130 |
131 | access_str = dex_object.get_access_flags(access_flags)
132 | str1 += access_str
133 | str1 += dex_object.get_field_fullname(field_idx)
134 | str1 += ";\n"
135 | if field_idx not in field_list:
136 | field_list.append(field_idx)
137 |
138 | # travser instance fields DexField
139 | for x in xrange(0, self.m_instance_fields_size):
140 | skip, field_idx = get_uleb128(dex_object.m_content[offset:])
141 | offset += skip
142 | skip, access_flags = get_uleb128(dex_object.m_content[offset:])
143 | offset += skip
144 | access_str = dex_object.get_access_flags(access_flags)
145 | str1 += access_str
146 | str1 += dex_object.get_field_fullname(field_idx)
147 | str1 += ";\n"
148 |
149 | '''
150 | /* expanded form of encoded_method */
151 | struct DexMethod {
152 | u4 methodIdx; /* index to a method_id_item */
153 | u4 accessFlags;
154 | u4 codeOff; /* file offset to a code_item */
155 | };
156 | '''
157 | for x in xrange(0, self.m_direct_methods_size):
158 | skip, method_idx = get_uleb128(dex_object.m_content[offset:])
159 | offset += skip
160 |
161 | skip, access_flags = get_uleb128(dex_object.m_content[offset:])
162 | access_str = dex_object.get_access_flags(access_flags)
163 | offset += skip
164 |
165 | skip, code_off = get_uleb128(dex_object.m.m_content[offset:])
166 | offset += skip
167 |
168 | dex_code_class(dex_object, code_off)
169 |
--------------------------------------------------------------------------------
/ProtectFunc/jni/ProtectFunc.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 |
11 | #define LOG_TAG "CCDebug"
12 |
13 |
14 | #define LOGI(msg) \
15 | __android_log_print(ANDROID_LOG_INFO,LOG_TAG,msg)
16 | #define LOGW(msg) \
17 | __android_log_print(ANDROID_LOG_WARN,LOG_TAG,msg)
18 | #define LOGE(msg) \
19 | __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,msg)
20 | #define LOGD(msg) \
21 | __android_log_print(ANDROID_LOG_DEBUG,LOG_TAG,msg)
22 |
23 |
24 | #define SYMTAB 0x01
25 | #define HASH 0X02
26 | #define STRTAB 0x04
27 | #define STRSZ 0X08
28 |
29 |
30 | #ifdef __cplusplus
31 | extern "C"{
32 | #endif
33 |
34 | //JNIEXPORT void JNICALL Java_com_example_protectfunc_MainActivity_initSo(JNIEnv* env,jobject clazz);
35 | JNIEXPORT jstring getString(JNIEnv* env,jobject clzz);
36 | //JNIEXPORT void JNICALL Java_com_example_protectfunc_MainActivity_initgetString();//__attribute__ ((constructor)); //.initArray
37 | void init_getString() __attribute__((constructor));
38 |
39 | #ifdef __cplusplus
40 | }
41 | #endif
42 |
43 | JNINativeMethod g_method[] = {
44 | {
45 | "getString",
46 | "()Ljava/lang/String;",
47 | (void*)getString
48 | }
49 | };
50 |
51 |
52 | void Java_com_example_protectfunc_MainActivity_initSo(JNIEnv* env,jobject clazz)
53 | {
54 | jclass clz_mainActivity = env->FindClass("com/example/protectfunc/MainActivity");
55 | if(NULL == clz_mainActivity)
56 | {
57 | LOGD("find class failed");
58 | return;
59 | }
60 | if(env->RegisterNatives(clz_mainActivity,g_method,sizeof(g_method)/sizeof(JNINativeMethod)) <0)
61 | {
62 | LOGD("register failed");
63 | return;
64 | }
65 |
66 | }
67 |
68 |
69 |
70 |
71 | jint JNI_OnLoad(JavaVM* vm,void* reserved)
72 | {
73 | JNIEnv *env = NULL;
74 |
75 | if(vm->GetEnv((void**)&env,JNI_VERSION_1_6) != JNI_OK)
76 | {
77 | LOGD("get Env failed");
78 | return JNI_ERR;
79 | }
80 |
81 | jclass clz_mainActivity = env->FindClass("com/example/protectfunc/MainActivity");
82 | if(NULL == clz_mainActivity)
83 | {
84 | LOGD("find class failed");
85 | return JNI_ERR;
86 | }
87 | if(env->RegisterNatives(clz_mainActivity,g_method,sizeof(g_method)/sizeof(JNINativeMethod)) <0)
88 | {
89 | LOGD("register failed");
90 | return JNI_ERR;
91 | }
92 |
93 | LOGD("register success!");
94 | return JNI_VERSION_1_6;
95 | }
96 |
97 |
98 |
99 | unsigned long get_cur_lib_addr()
100 | {
101 | FILE *fp = NULL;
102 | pid_t pid = -1;
103 | char sz_maps_path[24] = {0};
104 | char sz_lib_name[] = "libProtectFunc.so";
105 | char sz_buf[512] = {0};
106 | char *ptr_tmp = NULL;
107 | unsigned long addr = 0;
108 | pid = getpid();
109 | sprintf(sz_maps_path,"/proc/%d/maps",pid);
110 | fp = fopen(sz_maps_path,"r");
111 | if(NULL == fp)
112 | {
113 | return 0;
114 | }
115 | while(fgets(sz_buf,sizeof(sz_buf),fp))
116 | {
117 | if(strstr(sz_buf,sz_lib_name))
118 | {
119 | ptr_tmp = strtok(sz_buf,"-");
120 | addr = strtoul(ptr_tmp,NULL,0x10);
121 | break;
122 | }
123 | }
124 | fclose(fp);
125 | return addr;
126 | }
127 |
128 |
129 | // \bonic\linker\Linker.cpp
130 | static unsigned elfhash(const char* _name) {
131 | const unsigned char* name = (const unsigned char*) _name;
132 | unsigned h = 0, g;
133 |
134 | while(*name) {
135 | h = (h << 4) + *name++;
136 | g = h & 0xf0000000;
137 | h ^= g;
138 | h ^= g >> 24;
139 | }
140 | return h;
141 | }
142 |
143 | void init_getString()
144 | {
145 | unsigned long lib_addr = 0;
146 | Elf32_Ehdr* ptr_ehdr = NULL;
147 | Elf32_Phdr* ptr_phdr = NULL;
148 | Elf32_Dyn* ptr_dyn = NULL;;
149 | Elf32_Sym* ptr_dynsym = NULL;
150 | Elf32_Sym* sym = NULL;
151 | const char* ptr_hashtab = NULL;
152 | const char* ptr_dynstr = NULL;
153 | int flag = 0;
154 | unsigned long strtab_size = 0;
155 | unsigned func_hash = 0;
156 | const char func_name[] = "getString";
157 | unsigned long func_addr = 0;
158 | unsigned func_size =0;
159 | unsigned long func = (unsigned long)getString;
160 | size_t nbucket;
161 | size_t nchain;
162 | unsigned* bucket;
163 | unsigned* chain;
164 | const unsigned page_size = 0x1000;
165 |
166 | int i =0;
167 | lib_addr = get_cur_lib_addr();
168 | if(0 == lib_addr)
169 | {
170 | LOGD("get_cur_lib_addr failed");
171 | return;
172 | }
173 | ptr_ehdr = (Elf32_Ehdr*)lib_addr;
174 | ptr_phdr = (Elf32_Phdr*)(lib_addr+ptr_ehdr->e_phoff);
175 | for(i=0;ie_phnum;i++,ptr_phdr++)
176 | {
177 | if(PT_DYNAMIC == ptr_phdr->p_type)
178 | {
179 | ptr_dyn = (Elf32_Dyn*)(lib_addr+ptr_phdr->p_vaddr);
180 | break;
181 | }
182 |
183 | }
184 | if(NULL == ptr_dyn)
185 | {
186 | LOGD("find .dynamic failed");
187 | return ;
188 | }
189 | // .dynsym .dynstr .hash .
190 | for (Elf32_Dyn* d = ptr_dyn; d->d_tag != DT_NULL; ++d)
191 | {
192 | switch(d->d_tag)
193 | {
194 | case DT_SYMTAB:
195 | ptr_dynsym = (Elf32_Sym*)(lib_addr+d->d_un.d_ptr);
196 | flag |= SYMTAB;
197 | break;
198 | case DT_STRTAB:
199 | ptr_dynstr = (const char*)(lib_addr + d->d_un.d_ptr);
200 | flag |= STRTAB;
201 | break;
202 | case DT_STRSZ:
203 | strtab_size = d->d_un.d_val;
204 | flag |= STRSZ;
205 | break;
206 | case DT_HASH:
207 | ptr_hashtab = (const char*)(lib_addr + d->d_un.d_ptr);
208 | flag |= HASH;
209 | break;
210 | }
211 | }
212 |
213 | if(flag & 0xf == 0xf)
214 | {
215 | LOGD("all segement get");
216 | }
217 |
218 | nbucket = *(unsigned*)ptr_hashtab;
219 | nchain = *(unsigned*)(ptr_hashtab+4);
220 | bucket = (unsigned*)(ptr_hashtab+8);
221 | chain = bucket + nbucket;
222 |
223 | func_hash = elfhash(func_name);
224 |
225 | for (unsigned n = bucket[func_hash % nbucket]; n != 0; n = chain[n])
226 | {
227 | sym = ptr_dynsym + n;
228 | if (strcmp(ptr_dynstr + sym->st_name, func_name)) continue;
229 |
230 | switch(ELF32_ST_BIND(sym->st_info))
231 | {
232 | case STB_GLOBAL:
233 | case STB_WEAK:
234 | if (sym->st_shndx == SHN_UNDEF)
235 | {
236 | continue;
237 | }
238 | }
239 |
240 | func_addr = lib_addr+sym->st_value;
241 | func_size = sym->st_size;
242 | break;
243 | }
244 |
245 | unsigned page_off = func_addr % page_size;
246 |
247 | if(mprotect((const void*)(func_addr-page_off),func_size+page_off,PROT_WRITE|PROT_READ|PROT_EXEC)!= JNI_OK)
248 | {
249 | int n = errno;
250 | char *msg = strerror(errno);
251 | LOGD("change page protect failed");
252 | LOGD(msg);
253 | return;
254 |
255 | }
256 |
257 | for(int i =0;iNewStringUTF("hello getstring");
282 | }
283 |
--------------------------------------------------------------------------------
/dex_parser/parse_dex.py:
--------------------------------------------------------------------------------
1 | import sys
2 | import struct
3 | import pdb
4 | import array
5 | from leb128 import *
6 | from dex_class import *
7 |
8 | DEX_MAGIC = "dex\n"
9 | DEX_OPT_MAGIC = "dey\n"
10 |
11 |
12 | class dex_parser:
13 | """docstring for dex_parser"""
14 |
15 | def __init__(self, file_path):
16 | global DEX_MAGIC
17 | global DEX_OPT_MAGIC
18 |
19 | self.m_file_path = file_path
20 | self.m_fd = open(file_path, "rb")
21 | self.m_content = self.m_fd.read()
22 | self.m_fd.close()
23 |
24 | self.m_dex_optheader = None
25 | self.m_class_name_id = {} # dirct class_name : index
26 | self.m_string_table = [] # list
27 |
28 | if self.m_content[0:4] == DEX_OPT_MAGIC:
29 | # self.init_optheader()
30 | pass
31 | elif self.m_content[0:4] == DEX_MAGIC:
32 | self.init_header(self.m_content, 0)
33 | bOffset = self.m_stringIdsoff
34 | if self.m_stringIdsSize > 0:
35 | for i in xrange(0, self.m_stringIdsSize):
36 | # pdb.set_trace()
37 | offset, = struct.unpack_from(
38 | "I", self.m_content, bOffset + i * 4)
39 | start = offset
40 | skip, length = get_uleb128(self.m_content[start:start + 5])
41 | # self.string_table.append(self.m_content[start+skip:offset-1])
42 | self.m_string_table.append(
43 | self.m_content[start + skip: start + skip + length])
44 |
45 | for x in xrange(0, self.m_classDefSize):
46 | str1 = self.get_classname(x)
47 | self.m_class_name_id[str1] = x
48 | '''
49 | str1 'Lcom/example/inotify/BuildConfig;'
50 | 'Lcom/example/inotify/MainActivity$1;'
51 | ......
52 | '''
53 |
54 | for i in xrange(0, self.m_classDefSize):
55 | dex_class(self, i) . printf(self)
56 |
57 | def create_all_headers(self):
58 | # traverse all class in class_def_item
59 | for x in xrange(0, self.m_classDefSize):
60 | str1 = self.get_classname(x)
61 | pdb.set_trace()
62 | self.create_cpp_header(str1)
63 |
64 | def create_cpp_header(self, class_name="Landroid/app/Activity;"):
65 | # if self.m_class_name_id.in(class_name):
66 | # index into typeIds for this class
67 | if self.m_class_name_id.has_key(class_name):
68 | class_idx = self.m_class_name_id[class_name]
69 | field_list = dex_class(
70 | self, class_idx).create_header_file_cplusplus(self)
71 |
72 | def get_typename(self, type_id):
73 | if type_id >= self.m_typeIdsSize:
74 | return ""
75 | offset = self.m_typeIdsOff + type_id * struct.calcsize("I")
76 | descriptorIdx, = struct.unpack_from("I", self.m_content, offset)
77 | return self.m_string_table[descriptorIdx]
78 |
79 | def get_classname(self, class_id):
80 | if class_id >= self.m_classDefSize:
81 | return ""
82 |
83 | offset = self.m_classDefOff + class_id * struct.calcsize("8I")
84 | # DexClassDef
85 | '''
86 | class_idx, access_flags, superclass_idx, interfaces_off, source_file,
87 | annotations_off, class_dataoff, static_value_off, = struct.unpack_from(
88 | "8I", self.m_content, offset)
89 | '''
90 |
91 | class_idx, access_flags, superclass_idx, interfaces_off, source_file, \
92 | annotations_off, class_data_off, static_value_off, = struct.unpack_from(
93 | "8I", self.m_content, offset)
94 |
95 | return self.get_typename(class_idx)
96 |
97 | def init_header(self, content, offset):
98 |
99 | format = "4s"
100 | self.m_magic = struct.unpack_from(format, content, offset)
101 | offset += struct.calcsize(format)
102 |
103 | format = "I"
104 | self.m_version = struct.unpack_from(format, content, offset)
105 | offset += struct.calcsize(format)
106 | self.m_checksum = struct.unpack_from(format, content, offset)
107 | offset += struct.calcsize(format)
108 | format = "20s"
109 | self.m_signature = struct.unpack_from(format, content, offset)
110 | offset += struct.calcsize(format)
111 |
112 | format = "I"
113 | self.m_filesize, = struct.unpack_from(format, content, offset)
114 | offset += struct.calcsize(format)
115 | self.m_headerSize, = struct.unpack_from(format, content, offset)
116 | offset += struct.calcsize(format)
117 | self.m_endianTag, = struct.unpack_from(format, content, offset)
118 | offset += struct.calcsize(format)
119 | self.m_linkSize, = struct.unpack_from(format, content, offset)
120 | offset += struct.calcsize(format)
121 | self.m_linkOff, = struct.unpack_from(format, content, offset)
122 | offset += struct.calcsize(format)
123 | self.m_mapOff, = struct.unpack_from(format, content, offset)
124 | offset += struct.calcsize(format)
125 | self.m_stringIdsSize, = struct.unpack_from(format, content, offset)
126 | offset += struct.calcsize(format)
127 | self.m_stringIdsoff, = struct.unpack_from(format, content, offset)
128 | offset += struct.calcsize(format)
129 | self.m_typeIdsSize, = struct.unpack_from(format, content, offset)
130 | offset += struct.calcsize(format)
131 | self.m_typeIdsOff, = struct.unpack_from(format, content, offset)
132 | offset += struct.calcsize(format)
133 | self.m_protoIdsSize, = struct.unpack_from(format, content, offset)
134 | offset += struct.calcsize(format)
135 | self.m_protoIdsOff, = struct.unpack_from(format, content, offset)
136 | offset += struct.calcsize(format)
137 | self.m_fieldIdsSize, = struct.unpack_from(format, content, offset)
138 | offset += struct.calcsize(format)
139 | self.m_fieldIdsOff, = struct.unpack_from(format, content, offset)
140 | offset += struct.calcsize(format)
141 | self.m_methodIdsSize, = struct.unpack_from(format, content, offset)
142 | offset += struct.calcsize(format)
143 | self.m_methodIdsOff, = struct.unpack_from(format, content, offset)
144 | offset += struct.calcsize(format)
145 | self.m_classDefSize, = struct.unpack_from(format, content, offset)
146 | offset += struct.calcsize(format)
147 | self.m_classDefOff, = struct.unpack_from(format, content, offset)
148 | offset += struct.calcsize(format)
149 | self.m_dataSize, = struct.unpack_from(format, content, offset)
150 | offset += struct.calcsize(format)
151 | self.m_dataOff, = struct.unpack_from(format, content, offset)
152 | offset += struct.calcsize(format)
153 |
154 | def get_access_flags(self, access_flags):
155 | val = {
156 | 1: "public",
157 | 2: "private",
158 | 4: "protected",
159 | 8: "static",
160 | 0x10: "final",
161 | 0x20: "synchronized",
162 | 0x40: "volatile",
163 | 0x80: "bridge",
164 | 0x100: "native",
165 | 0x200: "interface",
166 | 0x400: "abstract",
167 | 0x800: "strict",
168 | 0x1000: "synthetic",
169 | 0x2000: "annotation",
170 | 0x4000: "enum",
171 | 0x8000: "unused",
172 | 0x10000: "constructor",
173 | 0x20000: "declared_synchronized"
174 | }
175 | value = ""
176 | bFirst = True
177 | for key in val:
178 | if access_flags & key:
179 | if bFirst == True:
180 | value += ""
181 | bFirst = False
182 | else:
183 | value += " "
184 | value += val[key]
185 |
186 | if value == "":
187 | value += "public"
188 |
189 | return value
190 |
191 | def get_field_fullname(self, field_idx):
192 | # DexFieldId
193 | if field_idx >= self.m_fieldIdsSize:
194 | return ""
195 | offset = self.m_fieldIdsOff + field_idx * struct.calcsize("HHI")
196 | '''
197 | struct DexFieldId {
198 | u2 classIdx; /* index into typeIds list for defining class */
199 | u2 typeIdx; /* index into typeIds for field type */
200 | u4 nameIdx; /* index into stringIds for field name */
201 | };
202 | '''
203 | class_idx, type_idx, name_idx, = struct.unpack_from(
204 | "HHI", self.m_content, offset)
205 | type_sign = self.get_typename(type_idx) # sign
206 | type_str = decode_signature(type_sign)
207 | name_str = self.m_string_table[name_idx]
208 |
209 | return " " + type_str + " " + name_str
210 |
211 | def get_method_fullname(self, method_idx):
212 | pass
213 |
214 |
215 | def decode_signature(sign):
216 | val = {
217 | "V": "void",
218 | "Z": "boolean",
219 | "B": "byte",
220 | "S": "short",
221 | "C": "char",
222 | "I": "int",
223 | "J": "long",
224 | "F": "float",
225 | "D": "double",
226 | "L": "L"
227 | }
228 | value = ""
229 |
230 | if sign[-1] == ":":
231 | if sign[0] == 'L':
232 | return sign[1: -1].repalce("/", ".")
233 | if sign[0] == '[':
234 | if sign[1] == 'L':
235 | return sign[2: -1].repalce("/", ".") + "[]"
236 | else:
237 | return sign[1: -1] + "[]"
238 |
239 | value = ""
240 | for ch in sign:
241 | if val.has_key(ch):
242 | value += val[ch]
243 |
244 | if '[' in sign:
245 | value += "[]"
246 |
247 | return value
248 |
249 |
250 | def main():
251 | pdb.set_trace()
252 | if len(sys.argv) < 2:
253 | print "Usages: %s dex file" % sys.argv[0]
254 | quit()
255 | file_path = sys.argv[1]
256 | dex = dex_parser(file_path)
257 | dex.create_all_headers()
258 |
259 |
260 | if __name__ == '__main__':
261 | main()
262 |
--------------------------------------------------------------------------------
/android_inlinehook/inlineHook.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | #include "list.h"
8 | #include "utils.h"
9 | #include "backtrace.h"
10 | #include "inlineHook.h"
11 |
12 | #define ENABLE_DEBUG
13 | #include "log.h"
14 |
15 | #ifndef PAGE_SIZE
16 | #define PAGE_SIZE 4096
17 | #endif
18 |
19 | #define PAGE_START(addr) (~(PAGE_SIZE - 1) & (addr))
20 | #define ALIGN_PC(pc) (pc & 0xFFFFFFFC)
21 |
22 | #define HOOKING_STATUS 0
23 | #define HOOKED_STATUS 1
24 | #define UNHOOKING_STATUS 2
25 |
26 | // THUMB16
27 | #define B1_THUMB16 0 // B