├── README.md ├── demo1.c ├── inso.c ├── inso.h ├── log.h ├── myso.cpp └── myso.h /README.md: -------------------------------------------------------------------------------- 1 | Injection By Ptrace 2 | =================== 3 | 4 | The demo source of injection_by_ptrace. 5 | 6 | 7 | ##Install 8 | There are two part, one is excutable file called **demo1**, anthor is dynamic library call **libmyso.so**. 9 | 10 | - the source of demo1 11 | - firstly, build the dynamic library **libinso.so** 12 | - inso.c 13 | - inso.h 14 | - secondly, the build **demo1** using **libinso.so** 15 | - demo1.c 16 | - log.h 17 | - the source of libmyso.so 18 | - myso.cpp 19 | - myso.h 20 | 21 | In the end, we get three files: demo1, libinso.so, libmyso.so. 22 | 23 | ##Usage 24 | First of all, you should build the [poison](https://github.com/boyliang/Poison). According to the following steps: 25 | 26 | - push poison, demo1, libinso.so, libmyso.so to /data/local/tmp/ via adb; 27 | - the connect to the device or emulator via adb, then cd to /data/local/tmp; 28 | - chmod 755 *; 29 | - LD_LIBRARY_PATH=. ./demo1&; 30 | - so you get the demo1' pid, we call it DEMO1_PID; 31 | - ./poison /data/local/tmp/libmyso.so DEMO1_PID; 32 | 33 | That is all. 34 | -------------------------------------------------------------------------------- /demo1.c: -------------------------------------------------------------------------------- 1 | /* 2 | * demo1.c 3 | * 4 | * Created on: 2014年6月24日 5 | * Author: boyliang 6 | */ 7 | 8 | #include 9 | #include 10 | 11 | #include "inso.h" 12 | #include "log.h" 13 | 14 | int main(){ 15 | 16 | LOGI("DEMO1 start."); 17 | 18 | while(1){ 19 | LOGI("%d", getA()); 20 | setA(getA() + 1); 21 | sleep(2); 22 | } 23 | 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /inso.c: -------------------------------------------------------------------------------- 1 | /* 2 | * inso.c 3 | * 4 | * Created on: 2014年6月24日 5 | * Author: boyliang 6 | */ 7 | 8 | #include 9 | #include "inso.h" 10 | 11 | static int gA = 1; 12 | 13 | void setA(int i){ 14 | gA = i; 15 | } 16 | 17 | int getA(){ 18 | return gA; 19 | } 20 | -------------------------------------------------------------------------------- /inso.h: -------------------------------------------------------------------------------- 1 | /* 2 | * inso.h 3 | * 4 | * Created on: 2014年6月24日 5 | * Author: boyliang 6 | */ 7 | 8 | 9 | __attribute__ ((visibility ("default"))) void setA(int i); 10 | 11 | __attribute__ ((visibility ("default"))) int getA(); 12 | -------------------------------------------------------------------------------- /log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * log.h 3 | * 4 | * Created on: 2013-6-25 5 | * Author: boyliang 6 | */ 7 | 8 | #ifndef LOG_H_ 9 | #define LOG_H_ 10 | 11 | #include 12 | 13 | #define LOG_TAG "TTT" 14 | 15 | #define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__) 16 | #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__) 17 | 18 | 19 | #endif /* LOG_H_ */ 20 | -------------------------------------------------------------------------------- /myso.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * myso.c 3 | * 4 | * Created on: 2014年6月24日 5 | * Author: boyliang 6 | */ 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #include "log.h" 15 | 16 | __attribute__ ((__constructor__)) 17 | void Main() { 18 | LOGI(">>>>>>>>>>>>>I am in, I am a bad boy 1!!!!<<<<<<<<<<<<<<"); 19 | 20 | void* handle = dlopen("libinso.so", RTLD_NOW); 21 | void (*setA_func)(int) = (void (*)(int))dlsym(handle, "setA"); 22 | 23 | if (setA_func) { 24 | setA_func(999); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /myso.h: -------------------------------------------------------------------------------- 1 | /* 2 | * so.c 3 | * 4 | * Created on: 2014年6月24日 5 | * Author: boyliang 6 | */ 7 | 8 | 9 | 10 | #ifndef _SO_H_ 11 | #define _SO_H_ 12 | 13 | #include 14 | #include 15 | 16 | /* 17 | void Main(); 18 | 19 | static void* _main(void*){ 20 | Main(); 21 | return NULL; 22 | } 23 | 24 | class EntryClass { 25 | public: 26 | 27 | EntryClass() { 28 | pthread_t tid; 29 | pthread_create(&tid, NULL, _main, NULL); 30 | pthread_detach(tid); 31 | } 32 | 33 | } boy; 34 | */ 35 | #endif 36 | --------------------------------------------------------------------------------