├── README.md ├── utils ├── TKHooklib.h └── libTKHooklib.so └── utils64 ├── TKHooklib64.h └── libTKInlineHook64.so /README.md: -------------------------------------------------------------------------------- 1 | ELF-ARM-HOOK-Library 2 | ==================== 3 | 4 | It's very similar to Substrate. But I give you three methods to do HOOK. 5 | 6 | In the utils directory, it includes a TKHooklib.h header file and libTKHooklib.so library. 7 | 8 | TK_HookImportFunction: This function is used to hook Import symbol. 9 | 10 | TK_HookExportFunction: This function is used to hook Export symbol. It's based on the process of Android linker. So it 11 | just supports Android platform. 12 | 13 | TK_InlineHookFunction: This function is used to Inline hook any function. 14 | 15 | 16 | If you find any bugs, please send an email to me(ThomaskingNew@hotmail.com). You'd better give the assembly and opcode of 17 | the function which you wanna hook. I'll appreciate it. 18 | 19 | --- 20 | Firstly, I appreciate that some users send bugs to me. Based on the bugs and some special cases, I provide a new InlineHook Bridge. 21 | 22 | Also, I provide the beta version of AARCH64(armv8) Inline hook library. It only supports AARCH_64 instruction. By the way, you should flush the cache by yourself. Except the instructions, the syscall is the same with arm. 23 | 24 | Thanks for your bug reports again. 25 | 26 | -- Thomas King -------------------------------------------------------------------------------- /utils/TKHooklib.h: -------------------------------------------------------------------------------- 1 | #ifndef _TKHOOKLIB_H 2 | #define _TKHOOKLIB_H 3 | 4 | #define SOINFO_NAME_LEN 128 5 | 6 | #define HOOK_SUCCESS 0 7 | #define HOOK_FAILED -1 8 | 9 | typedef struct _HookStruct{ 10 | char SOName[SOINFO_NAME_LEN]; 11 | char FunctionName[SOINFO_NAME_LEN]; 12 | void *NewFunc; 13 | void *OldFunc; 14 | void *occPlace; 15 | }HookStruct; 16 | 17 | #ifdef __cplusplus 18 | extern "C" { 19 | #endif 20 | 21 | void TK_UnHookExportFunction(HookStruct *pHookStruct); 22 | 23 | void TK_UnHookImportFunction(HookStruct *pHookStruct); 24 | 25 | /* 26 | ** Return: HOOK_SUCCESS or HOOK_FAILED 27 | ** Example: Hook libfoo.so Import Function: puts 28 | ** HookStruct HookPara; 29 | ** strncpy(HookPara.SOName, "libfoo.so", strlen("libfoo.so")); 30 | ** strncpy(HookPara.FunctionName, "puts", strlen("puts")); 31 | ** HookPara.NewFunc = myputs; 32 | ** TK_HookImportFunction(&HookPara); 33 | */ 34 | int TK_HookImportFunction(HookStruct *pHookStruct); 35 | 36 | /* 37 | ** Return: HOOK_SUCCESS or HOOK_FAILED 38 | ** Example: Hook libc.so Export Function: puts 39 | ** HookStruct HookPara; 40 | ** strncpy(HookPara.SOName, "libc.so", strlen("libc.so")); 41 | ** strncpy(HookPara.FunctionName, "puts", strlen("puts")); 42 | ** HookPara.NewFunc = myputs; 43 | ** TK_HookExportFunction(&HookPara); 44 | */ 45 | int TK_HookExportFunction(HookStruct *pHookStruct); 46 | 47 | /* 48 | ** Return: HOOK_SUCCESS or HOOK_FAILED 49 | ** Example: Inline Hook libc.so Function: puts 50 | ** void* OldFunc = NULL; 51 | ** TK_InlineHookFunction(puts, myputs, &OldFunc); 52 | ** ---------------------------------------------- 53 | ** For the new implementation of HOOK Bridge, I suggest you add some lock to enhance the stability. 54 | ** 55 | ** 56 | int myputs(const char *string){ 57 | // Do sth before calling ori-function 58 | 59 | pthread_mutex_lock(&hook_mutex); 60 | puts(string); 61 | pthread_mutex_unlock(&hook_mutex); 62 | 63 | // Do sth after calling ori-function 64 | } 65 | ** 66 | */ 67 | int TK_InlineHookFunction(void *TargetFunc, void *NewFunc, void** OldFunc); 68 | 69 | #ifdef __cplusplus 70 | }; 71 | #endif 72 | 73 | #endif 74 | -------------------------------------------------------------------------------- /utils/libTKHooklib.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasKing2014/ELF-ARM-HOOK-Library/17b5907e8c7a6271121c29cdc2ad19112484aa18/utils/libTKHooklib.so -------------------------------------------------------------------------------- /utils64/TKHooklib64.h: -------------------------------------------------------------------------------- 1 | #ifndef _TKHOOKLIB_H 2 | #define _TKHOOKLIB_H 3 | 4 | #define HOOK_SUCCESS 0 5 | #define HOOK_FAILED -1 6 | 7 | /* 8 | ** Return: HOOK_SUCCESS or HOOK_FAILED 9 | ** Example: Inline Hook libc.so Function: puts 10 | ** void* OldFunc = NULL; 11 | ** TK_InlineHookFunction(puts, myputs, &OldFunc); 12 | ** 13 | ** Notice: You should flush the cache by yourself. 14 | */ 15 | int TK_InlineHookFunction(void *TargetFunc, void *NewFunc, void** OldFunc); 16 | 17 | #ifdef __cplusplus 18 | }; 19 | #endif 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /utils64/libTKInlineHook64.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasKing2014/ELF-ARM-HOOK-Library/17b5907e8c7a6271121c29cdc2ad19112484aa18/utils64/libTKInlineHook64.so --------------------------------------------------------------------------------