├── app
    ├── .gitignore
    ├── src
    │   ├── main
    │   │   ├── res
    │   │   │   ├── values
    │   │   │   │   ├── strings.xml
    │   │   │   │   ├── colors.xml
    │   │   │   │   └── themes.xml
    │   │   │   ├── mipmap-hdpi
    │   │   │   │   ├── ic_launcher.webp
    │   │   │   │   └── ic_launcher_round.webp
    │   │   │   ├── mipmap-mdpi
    │   │   │   │   ├── ic_launcher.webp
    │   │   │   │   └── ic_launcher_round.webp
    │   │   │   ├── mipmap-xhdpi
    │   │   │   │   ├── ic_launcher.webp
    │   │   │   │   └── ic_launcher_round.webp
    │   │   │   ├── mipmap-xxhdpi
    │   │   │   │   ├── ic_launcher.webp
    │   │   │   │   └── ic_launcher_round.webp
    │   │   │   ├── mipmap-xxxhdpi
    │   │   │   │   ├── ic_launcher.webp
    │   │   │   │   └── ic_launcher_round.webp
    │   │   │   ├── mipmap-anydpi-v26
    │   │   │   │   ├── ic_launcher.xml
    │   │   │   │   └── ic_launcher_round.xml
    │   │   │   ├── xml
    │   │   │   │   ├── backup_rules.xml
    │   │   │   │   └── data_extraction_rules.xml
    │   │   │   ├── values-night
    │   │   │   │   └── themes.xml
    │   │   │   ├── layout
    │   │   │   │   └── activity_main.xml
    │   │   │   └── drawable
    │   │   │   │   ├── ic_launcher_foreground.xml
    │   │   │   │   └── ic_launcher_background.xml
    │   │   ├── AndroidManifest.xml
    │   │   ├── java
    │   │   │   └── com
    │   │   │   │   └── example
    │   │   │   │       └── inlinehookstudy
    │   │   │   │           └── MainActivity.java
    │   │   └── cpp
    │   │   │   ├── CMakeLists.txt
    │   │   │   └── native-lib.cpp
    │   ├── test
    │   │   └── java
    │   │   │   └── com
    │   │   │       └── example
    │   │   │           └── inlinehookstudy
    │   │   │               └── ExampleUnitTest.java
    │   └── androidTest
    │   │   └── java
    │   │       └── com
    │   │           └── example
    │   │               └── inlinehookstudy
    │   │                   └── ExampleInstrumentedTest.java
    ├── proguard-rules.pro
    └── build.gradle
├── .idea
    ├── .gitignore
    ├── compiler.xml
    ├── migrations.xml
    ├── deploymentTargetSelector.xml
    ├── misc.xml
    ├── gradle.xml
    └── runConfigurations.xml
├── gradle
    ├── wrapper
    │   ├── gradle-wrapper.jar
    │   └── gradle-wrapper.properties
    └── libs.versions.toml
├── .gitignore
├── README.md
├── settings.gradle
├── gradle.properties
├── gradlew.bat
└── gradlew


/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build


--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | 


--------------------------------------------------------------------------------
/app/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 |     <string name="app_name">inlinehookstudy</string>
3 | </resources>


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/gradle/wrapper/gradle-wrapper.jar


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-hdpi/ic_launcher.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-mdpi/ic_launcher.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xhdpi/ic_launcher.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jiqiu2022/ReZeroHook/HEAD/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp


--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="CompilerConfiguration">
4 |     <bytecodeTargetLevel target="21" />
5 |   </component>
6 | </project>


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Mon Nov 25 16:43:45 CST 2024
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
5 | zipStoreBase=GRADLE_USER_HOME
6 | zipStorePath=wrapper/dists
7 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | *.iml
 2 | .gradle
 3 | /local.properties
 4 | /.idea/caches
 5 | /.idea/libraries
 6 | /.idea/modules.xml
 7 | /.idea/workspace.xml
 8 | /.idea/navEditor.xml
 9 | /.idea/assetWizardSettings.xml
10 | .DS_Store
11 | /build
12 | /captures
13 | .externalNativeBuild
14 | .cxx
15 | local.properties
16 | 


--------------------------------------------------------------------------------
/.idea/migrations.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="ProjectMigrations">
 4 |     <option name="MigrateToGradleLocalJavaHome">
 5 |       <set>
 6 |         <option value="$PROJECT_DIR$" />
 7 |       </set>
 8 |     </option>
 9 |   </component>
10 | </project>


--------------------------------------------------------------------------------
/.idea/deploymentTargetSelector.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="deploymentTargetSelector">
 4 |     <selectionStates>
 5 |       <SelectionState runConfigName="app">
 6 |         <option name="selectionMode" value="DROPDOWN" />
 7 |       </SelectionState>
 8 |     </selectionStates>
 9 |   </component>
10 | </project>


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
3 |     <background android:drawable="@drawable/ic_launcher_background" />
4 |     <foreground android:drawable="@drawable/ic_launcher_foreground" />
5 |     <monochrome android:drawable="@drawable/ic_launcher_foreground" />
6 | </adaptive-icon>


--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
3 |     <background android:drawable="@drawable/ic_launcher_background" />
4 |     <foreground android:drawable="@drawable/ic_launcher_foreground" />
5 |     <monochrome android:drawable="@drawable/ic_launcher_foreground" />
6 | </adaptive-icon>


--------------------------------------------------------------------------------
/app/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <resources>
 3 |     <color name="purple_200">#FFBB86FC</color>
 4 |     <color name="purple_500">#FF6200EE</color>
 5 |     <color name="purple_700">#FF3700B3</color>
 6 |     <color name="teal_200">#FF03DAC5</color>
 7 |     <color name="teal_700">#FF018786</color>
 8 |     <color name="black">#FF000000</color>
 9 |     <color name="white">#FFFFFFFF</color>
10 | </resources>


--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="ExternalStorageConfigurationManager" enabled="true" />
 4 |   <component name="ProjectRootManager" version="2" languageLevel="JDK_21" default="true" project-jdk-name="jbr-21" project-jdk-type="JavaSDK">
 5 |     <output url="file://$PROJECT_DIR$/build/classes" />
 6 |   </component>
 7 |   <component name="ProjectType">
 8 |     <option name="id" value="Android" />
 9 |   </component>
10 | </project>


--------------------------------------------------------------------------------
/app/src/test/java/com/example/inlinehookstudy/ExampleUnitTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.inlinehookstudy;
 2 | 
 3 | import org.junit.Test;
 4 | 
 5 | import static org.junit.Assert.*;
 6 | 
 7 | /**
 8 |  * Example local unit test, which will execute on the development machine (host).
 9 |  *
10 |  * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
11 |  */
12 | public class ExampleUnitTest {
13 |     @Test
14 |     public void addition_isCorrect() {
15 |         assertEquals(4, 2 + 2);
16 |     }
17 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 正在开发过程中，感兴趣可以看提交记录。
 2 | 已经初步可以hook任意函数，但是比较臃肿。
 3 | 我正在优化框架，以及支持inlinehook。
 4 | 最终的教程文档将在看雪、以及这里的readme进行展示。
 5 | 
 6 | 本项目是自己学习开发而开展，但是不会烂尾，目标是维护成一个大家都喜欢用的Inlinehook框架
 7 | 其中有两个目的
 8 | 第一个目的：让入门的新手可以完整的学习
 9 | 第二个目的：听取大家的建议，增加JIT功能，通过server通讯，实时的hook，支持java&objc的hook(这不就是frida? 但是没有检测特征)
10 | 
11 | 
12 | 项目讲解pdf:
13 | https://qiude1tuchuang.oss-cn-beijing.aliyuncs.com/%E4%BB%8E0%E5%BC%80%E5%A7%8B%E5%BC%80%E5%8F%91%E4%B8%80%E4%B8%AAInlineHook%E7%AC%AC%E4%B8%80%E7%AF%87.pdf
14 | 注意，讲解使用的是newhook分支，不是main分支
15 | main分支是最早的实现，非常简单，欢迎大家学习
16 | 


--------------------------------------------------------------------------------
/app/src/main/res/xml/backup_rules.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?><!--
 2 |    Sample backup rules file; uncomment and customize as necessary.
 3 |    See https://developer.android.com/guide/topics/data/autobackup
 4 |    for details.
 5 |    Note: This file is ignored for devices older that API 31
 6 |    See https://developer.android.com/about/versions/12/backup-restore
 7 | -->
 8 | <full-backup-content>
 9 |     <!--
10 |    <include domain="sharedpref" path="."/>
11 |    <exclude domain="sharedpref" path="device.xml"/>
12 | -->
13 | </full-backup-content>


--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
 1 | pluginManagement {
 2 |     repositories {
 3 |         google {
 4 |             content {
 5 |                 includeGroupByRegex("com\\.android.*")
 6 |                 includeGroupByRegex("com\\.google.*")
 7 |                 includeGroupByRegex("androidx.*")
 8 |             }
 9 |         }
10 |         mavenCentral()
11 |         gradlePluginPortal()
12 |     }
13 | }
14 | dependencyResolutionManagement {
15 |     repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
16 |     repositories {
17 |         google()
18 |         mavenCentral()
19 |     }
20 | }
21 | 
22 | rootProject.name = "inlinehookstudy"
23 | include ':app'
24 | 


--------------------------------------------------------------------------------
/app/src/main/res/xml/data_extraction_rules.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?><!--
 2 |    Sample data extraction rules file; uncomment and customize as necessary.
 3 |    See https://developer.android.com/about/versions/12/backup-restore#xml-changes
 4 |    for details.
 5 | -->
 6 | <data-extraction-rules>
 7 |     <cloud-backup>
 8 |         <!-- TODO: Use <include> and <exclude> to control what is backed up.
 9 |         <include .../>
10 |         <exclude .../>
11 |         -->
12 |     </cloud-backup>
13 |     <!--
14 |     <device-transfer>
15 |         <include .../>
16 |         <exclude .../>
17 |     </device-transfer>
18 |     -->
19 | </data-extraction-rules>


--------------------------------------------------------------------------------
/.idea/gradle.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="GradleMigrationSettings" migrationVersion="1" />
 4 |   <component name="GradleSettings">
 5 |     <option name="linkedExternalProjectsSettings">
 6 |       <GradleProjectSettings>
 7 |         <option name="testRunner" value="CHOOSE_PER_TEST" />
 8 |         <option name="externalProjectPath" value="$PROJECT_DIR$" />
 9 |         <option name="gradleJvm" value="#GRADLE_LOCAL_JAVA_HOME" />
10 |         <option name="modules">
11 |           <set>
12 |             <option value="$PROJECT_DIR$" />
13 |             <option value="$PROJECT_DIR$/app" />
14 |           </set>
15 |         </option>
16 |         <option name="resolveExternalAnnotations" value="false" />
17 |       </GradleProjectSettings>
18 |     </option>
19 |   </component>
20 | </project>


--------------------------------------------------------------------------------
/app/proguard-rules.pro:
--------------------------------------------------------------------------------
 1 | # Add project specific ProGuard rules here.
 2 | # You can control the set of applied configuration files using the
 3 | # proguardFiles setting in build.gradle.
 4 | #
 5 | # For more details, see
 6 | #   http://developer.android.com/guide/developing/tools/proguard.html
 7 | 
 8 | # If your project uses WebView with JS, uncomment the following
 9 | # and specify the fully qualified class name to the JavaScript interface
10 | # class:
11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
12 | #   public *;
13 | #}
14 | 
15 | # Uncomment this to preserve the line number information for
16 | # debugging stack traces.
17 | #-keepattributes SourceFile,LineNumberTable
18 | 
19 | # If you keep the line number information, uncomment this to
20 | # hide the original source file name.
21 | #-renamesourcefileattribute SourceFile


--------------------------------------------------------------------------------
/app/src/main/res/values/themes.xml:
--------------------------------------------------------------------------------
 1 | <resources xmlns:tools="http://schemas.android.com/tools">
 2 |     <!-- Base application theme. -->
 3 |     <style name="Theme.Inlinehookstudy" parent="Theme.MaterialComponents.DayNight.DarkActionBar">
 4 |         <!-- Primary brand color. -->
 5 |         <item name="colorPrimary">@color/purple_500</item>
 6 |         <item name="colorPrimaryVariant">@color/purple_700</item>
 7 |         <item name="colorOnPrimary">@color/white</item>
 8 |         <!-- Secondary brand color. -->
 9 |         <item name="colorSecondary">@color/teal_200</item>
10 |         <item name="colorSecondaryVariant">@color/teal_700</item>
11 |         <item name="colorOnSecondary">@color/black</item>
12 |         <!-- Status bar color. -->
13 |         <item name="android:statusBarColor">?attr/colorPrimaryVariant</item>
14 |         <!-- Customize your theme here. -->
15 |     </style>
16 | </resources>


--------------------------------------------------------------------------------
/app/src/main/res/values-night/themes.xml:
--------------------------------------------------------------------------------
 1 | <resources xmlns:tools="http://schemas.android.com/tools">
 2 |     <!-- Base application theme. -->
 3 |     <style name="Theme.Inlinehookstudy" parent="Theme.MaterialComponents.DayNight.DarkActionBar">
 4 |         <!-- Primary brand color. -->
 5 |         <item name="colorPrimary">@color/purple_200</item>
 6 |         <item name="colorPrimaryVariant">@color/purple_700</item>
 7 |         <item name="colorOnPrimary">@color/black</item>
 8 |         <!-- Secondary brand color. -->
 9 |         <item name="colorSecondary">@color/teal_200</item>
10 |         <item name="colorSecondaryVariant">@color/teal_200</item>
11 |         <item name="colorOnSecondary">@color/black</item>
12 |         <!-- Status bar color. -->
13 |         <item name="android:statusBarColor">?attr/colorPrimaryVariant</item>
14 |         <!-- Customize your theme here. -->
15 |     </style>
16 | </resources>


--------------------------------------------------------------------------------
/app/src/main/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     xmlns:app="http://schemas.android.com/apk/res-auto"
 4 |     xmlns:tools="http://schemas.android.com/tools"
 5 |     android:layout_width="match_parent"
 6 |     android:layout_height="match_parent"
 7 |     tools:context=".MainActivity">
 8 | 
 9 |     <TextView
10 |         android:id="@+id/sample_text"
11 |         android:layout_width="wrap_content"
12 |         android:layout_height="wrap_content"
13 |         android:text="Hello World!"
14 |         app:layout_constraintBottom_toBottomOf="parent"
15 |         app:layout_constraintEnd_toEndOf="parent"
16 |         app:layout_constraintStart_toStartOf="parent"
17 |         app:layout_constraintTop_toTopOf="parent" />
18 | 
19 | </androidx.constraintlayout.widget.ConstraintLayout>


--------------------------------------------------------------------------------
/gradle/libs.versions.toml:
--------------------------------------------------------------------------------
 1 | [versions]
 2 | agp = "8.7.1"
 3 | junit = "4.13.2"
 4 | junitVersion = "1.2.1"
 5 | espressoCore = "3.6.1"
 6 | appcompat = "1.7.0"
 7 | material = "1.12.0"
 8 | constraintlayout = "2.2.0"
 9 | 
10 | [libraries]
11 | junit = { group = "junit", name = "junit", version.ref = "junit" }
12 | ext-junit = { group = "androidx.test.ext", name = "junit", version.ref = "junitVersion" }
13 | espresso-core = { group = "androidx.test.espresso", name = "espresso-core", version.ref = "espressoCore" }
14 | appcompat = { group = "androidx.appcompat", name = "appcompat", version.ref = "appcompat" }
15 | material = { group = "com.google.android.material", name = "material", version.ref = "material" }
16 | constraintlayout = { group = "androidx.constraintlayout", name = "constraintlayout", version.ref = "constraintlayout" }
17 | 
18 | [plugins]
19 | android-application = { id = "com.android.application", version.ref = "agp" }
20 | 
21 | 


--------------------------------------------------------------------------------
/app/src/androidTest/java/com/example/inlinehookstudy/ExampleInstrumentedTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.inlinehookstudy;
 2 | 
 3 | import android.content.Context;
 4 | 
 5 | import androidx.test.platform.app.InstrumentationRegistry;
 6 | import androidx.test.ext.junit.runners.AndroidJUnit4;
 7 | 
 8 | import org.junit.Test;
 9 | import org.junit.runner.RunWith;
10 | 
11 | import static org.junit.Assert.*;
12 | 
13 | /**
14 |  * Instrumented test, which will execute on an Android device.
15 |  *
16 |  * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
17 |  */
18 | @RunWith(AndroidJUnit4.class)
19 | public class ExampleInstrumentedTest {
20 |     @Test
21 |     public void useAppContext() {
22 |         // Context of the app under test.
23 |         Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
24 |         assertEquals("com.example.inlinehookstudy", appContext.getPackageName());
25 |     }
26 | }


--------------------------------------------------------------------------------
/.idea/runConfigurations.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="RunConfigurationProducerService">
 4 |     <option name="ignoredProducers">
 5 |       <set>
 6 |         <option value="com.intellij.execution.junit.AbstractAllInDirectoryConfigurationProducer" />
 7 |         <option value="com.intellij.execution.junit.AllInPackageConfigurationProducer" />
 8 |         <option value="com.intellij.execution.junit.PatternConfigurationProducer" />
 9 |         <option value="com.intellij.execution.junit.TestInClassConfigurationProducer" />
10 |         <option value="com.intellij.execution.junit.UniqueIdConfigurationProducer" />
11 |         <option value="com.intellij.execution.junit.testDiscovery.JUnitTestDiscoveryConfigurationProducer" />
12 |         <option value="org.jetbrains.kotlin.idea.junit.KotlinJUnitRunConfigurationProducer" />
13 |         <option value="org.jetbrains.kotlin.idea.junit.KotlinPatternConfigurationProducer" />
14 |       </set>
15 |     </option>
16 |   </component>
17 | </project>


--------------------------------------------------------------------------------
/app/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     xmlns:tools="http://schemas.android.com/tools">
 4 | 
 5 |     <application
 6 |         android:allowBackup="true"
 7 |         android:dataExtractionRules="@xml/data_extraction_rules"
 8 |         android:fullBackupContent="@xml/backup_rules"
 9 |         android:icon="@mipmap/ic_launcher"
10 |         android:label="@string/app_name"
11 |         android:roundIcon="@mipmap/ic_launcher_round"
12 |         android:supportsRtl="true"
13 |         android:theme="@style/Theme.Inlinehookstudy"
14 |         tools:targetApi="31">
15 |         <activity
16 |             android:name=".MainActivity"
17 |             android:exported="true">
18 |             <intent-filter>
19 |                 <action android:name="android.intent.action.MAIN" />
20 | 
21 |                 <category android:name="android.intent.category.LAUNCHER" />
22 |             </intent-filter>
23 |         </activity>
24 |     </application>
25 | 
26 | </manifest>


--------------------------------------------------------------------------------
/app/src/main/java/com/example/inlinehookstudy/MainActivity.java:
--------------------------------------------------------------------------------
 1 | package com.example.inlinehookstudy;
 2 | 
 3 | import androidx.appcompat.app.AppCompatActivity;
 4 | 
 5 | import android.os.Bundle;
 6 | import android.widget.TextView;
 7 | 
 8 | import com.example.inlinehookstudy.databinding.ActivityMainBinding;
 9 | 
10 | public class MainActivity extends AppCompatActivity {
11 | 
12 |     // Used to load the 'inlinehookstudy' library on application startup.
13 |     static {
14 |         System.loadLibrary("inlinehookstudy");
15 |     }
16 | 
17 |     private ActivityMainBinding binding;
18 | 
19 |     @Override
20 |     protected void onCreate(Bundle savedInstanceState) {
21 |         super.onCreate(savedInstanceState);
22 | 
23 |         binding = ActivityMainBinding.inflate(getLayoutInflater());
24 |         setContentView(binding.getRoot());
25 | 
26 |         // Example of a call to a native method
27 |         TextView tv = binding.sampleText;
28 |         tv.setText(stringFromJNI());
29 |     }
30 | 
31 |     /**
32 |      * A native method that is implemented by the 'inlinehookstudy' native library,
33 |      * which is packaged with this application.
34 |      */
35 |     public native String stringFromJNI();
36 | }


--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
 1 | # Project-wide Gradle settings.
 2 | # IDE (e.g. Android Studio) users:
 3 | # Gradle settings configured through the IDE *will override*
 4 | # any settings specified in this file.
 5 | # For more details on how to configure your build environment visit
 6 | # http://www.gradle.org/docs/current/userguide/build_environment.html
 7 | # Specifies the JVM arguments used for the daemon process.
 8 | # The setting is particularly useful for tweaking memory settings.
 9 | org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
10 | # When configured, Gradle will run in incubating parallel mode.
11 | # This option should only be used with decoupled projects. For more details, visit
12 | # https://developer.android.com/r/tools/gradle-multi-project-decoupled-projects
13 | # org.gradle.parallel=true
14 | # AndroidX package structure to make it clearer which packages are bundled with the
15 | # Android operating system, and which are packaged with your app's APK
16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn
17 | android.useAndroidX=true
18 | # Enables namespacing of each library's R class so that its R class includes only the
19 | # resources declared in the library itself and none from the library's dependencies,
20 | # thereby reducing the size of the R class for that library
21 | android.nonTransitiveRClass=true


--------------------------------------------------------------------------------
/app/build.gradle:
--------------------------------------------------------------------------------
 1 | plugins {
 2 |     alias(libs.plugins.android.application)
 3 | }
 4 | 
 5 | android {
 6 |     namespace 'com.example.inlinehookstudy'
 7 |     compileSdk 34
 8 |     ndkVersion '23.1.7779620'
 9 |     defaultConfig {
10 |         applicationId "com.example.inlinehookstudy"
11 |         minSdk 24
12 |         targetSdk 34
13 |         versionCode 1
14 |         versionName "1.0"
15 |         ndk {
16 |             abiFilters "arm64-v8a" // 只编译 ARM64 架构
17 |         }
18 |         packagingOptions {
19 |             jniLibs {
20 |                 useLegacyPackaging true
21 |             }
22 |         }
23 |         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
24 |     }
25 | 
26 |     buildTypes {
27 |         release {
28 |             minifyEnabled false
29 |             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
30 |         }
31 |     }
32 |     compileOptions {
33 |         sourceCompatibility JavaVersion.VERSION_11
34 |         targetCompatibility JavaVersion.VERSION_11
35 |     }
36 |     externalNativeBuild {
37 |         cmake {
38 |             path file('src/main/cpp/CMakeLists.txt')
39 |             version '3.22.1'
40 |         }
41 |     }
42 |     buildFeatures {
43 |         viewBinding true
44 |     }
45 | }
46 | 
47 | dependencies {
48 | 
49 |     implementation libs.appcompat
50 |     implementation libs.material
51 |     implementation libs.constraintlayout
52 |     testImplementation libs.junit
53 |     androidTestImplementation libs.ext.junit
54 |     androidTestImplementation libs.espresso.core
55 | }


--------------------------------------------------------------------------------
/app/src/main/res/drawable/ic_launcher_foreground.xml:
--------------------------------------------------------------------------------
 1 | <vector xmlns:android="http://schemas.android.com/apk/res/android"
 2 |     xmlns:aapt="http://schemas.android.com/aapt"
 3 |     android:width="108dp"
 4 |     android:height="108dp"
 5 |     android:viewportWidth="108"
 6 |     android:viewportHeight="108">
 7 |     <path android:pathData="M31,63.928c0,0 6.4,-11 12.1,-13.1c7.2,-2.6 26,-1.4 26,-1.4l38.1,38.1L107,108.928l-32,-1L31,63.928z">
 8 |         <aapt:attr name="android:fillColor">
 9 |             <gradient
10 |                 android:endX="85.84757"
11 |                 android:endY="92.4963"
12 |                 android:startX="42.9492"
13 |                 android:startY="49.59793"
14 |                 android:type="linear">
15 |                 <item
16 |                     android:color="#44000000"
17 |                     android:offset="0.0" />
18 |                 <item
19 |                     android:color="#00000000"
20 |                     android:offset="1.0" />
21 |             </gradient>
22 |         </aapt:attr>
23 |     </path>
24 |     <path
25 |         android:fillColor="#FFFFFF"
26 |         android:fillType="nonZero"
27 |         android:pathData="M65.3,45.828l3.8,-6.6c0.2,-0.4 0.1,-0.9 -0.3,-1.1c-0.4,-0.2 -0.9,-0.1 -1.1,0.3l-3.9,6.7c-6.3,-2.8 -13.4,-2.8 -19.7,0l-3.9,-6.7c-0.2,-0.4 -0.7,-0.5 -1.1,-0.3C38.8,38.328 38.7,38.828 38.9,39.228l3.8,6.6C36.2,49.428 31.7,56.028 31,63.928h46C76.3,56.028 71.8,49.428 65.3,45.828zM43.4,57.328c-0.8,0 -1.5,-0.5 -1.8,-1.2c-0.3,-0.7 -0.1,-1.5 0.4,-2.1c0.5,-0.5 1.4,-0.7 2.1,-0.4c0.7,0.3 1.2,1 1.2,1.8C45.3,56.528 44.5,57.328 43.4,57.328L43.4,57.328zM64.6,57.328c-0.8,0 -1.5,-0.5 -1.8,-1.2s-0.1,-1.5 0.4,-2.1c0.5,-0.5 1.4,-0.7 2.1,-0.4c0.7,0.3 1.2,1 1.2,1.8C66.5,56.528 65.6,57.328 64.6,57.328L64.6,57.328z"
28 |         android:strokeWidth="1"
29 |         android:strokeColor="#00000000" />
30 | </vector>


--------------------------------------------------------------------------------
/app/src/main/cpp/CMakeLists.txt:
--------------------------------------------------------------------------------
 1 | # For more information about using CMake with Android Studio, read the
 2 | # documentation: https://d.android.com/studio/projects/add-native-code.html.
 3 | # For more examples on how to use CMake, see https://github.com/android/ndk-samples.
 4 | 
 5 | # Sets the minimum CMake version required for this project.
 6 | cmake_minimum_required(VERSION 3.22.1)
 7 | 
 8 | # Declares the project name. The project name can be accessed via ${ PROJECT_NAME},
 9 | # Since this is the top level CMakeLists.txt, the project name is also accessible
10 | # with ${CMAKE_PROJECT_NAME} (both CMake variables are in-sync within the top level
11 | # build script scope).
12 | project("inlinehookstudy")
13 | 
14 | # Creates and names a library, sets it as either STATIC
15 | # or SHARED, and provides the relative paths to its source code.
16 | # You can define multiple libraries, and CMake builds them for you.
17 | # Gradle automatically packages shared libraries with your APK.
18 | #
19 | # In this top level CMakeLists.txt, ${CMAKE_PROJECT_NAME} is used to define
20 | # the target library name; in the sub-module's CMakeLists.txt, ${PROJECT_NAME}
21 | # is preferred for the same purpose.
22 | #
23 | # In order to load a library into your app from Java/Kotlin, you must call
24 | # System.loadLibrary() and pass the name of the library defined here;
25 | # for GameActivity/NativeActivity derived applications, the same library name must be
26 | # used in the AndroidManifest.xml file.
27 | add_library(${CMAKE_PROJECT_NAME} SHARED
28 |         # List C/C++ source files with relative paths to this CMakeLists.txt.
29 |         native-lib.cpp)
30 | 
31 | # Specifies libraries CMake should link to your target library. You
32 | # can link libraries from various origins, such as libraries defined in this
33 | # build script, prebuilt third-party libraries, or Android system libraries.
34 | target_link_libraries(${CMAKE_PROJECT_NAME}
35 |         # List libraries link to the target library
36 |         android
37 |         log)


--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
 1 | @rem
 2 | @rem Copyright 2015 the original author or authors.
 3 | @rem
 4 | @rem Licensed under the Apache License, Version 2.0 (the "License");
 5 | @rem you may not use this file except in compliance with the License.
 6 | @rem You may obtain a copy of the License at
 7 | @rem
 8 | @rem      https://www.apache.org/licenses/LICENSE-2.0
 9 | @rem
10 | @rem Unless required by applicable law or agreed to in writing, software
11 | @rem distributed under the License is distributed on an "AS IS" BASIS,
12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | @rem See the License for the specific language governing permissions and
14 | @rem limitations under the License.
15 | @rem
16 | 
17 | @if "%DEBUG%" == "" @echo off
18 | @rem ##########################################################################
19 | @rem
20 | @rem  Gradle startup script for Windows
21 | @rem
22 | @rem ##########################################################################
23 | 
24 | @rem Set local scope for the variables with windows NT shell
25 | if "%OS%"=="Windows_NT" setlocal
26 | 
27 | set DIRNAME=%~dp0
28 | if "%DIRNAME%" == "" set DIRNAME=.
29 | set APP_BASE_NAME=%~n0
30 | set APP_HOME=%DIRNAME%
31 | 
32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter.
33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
34 | 
35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
37 | 
38 | @rem Find java.exe
39 | if defined JAVA_HOME goto findJavaFromJavaHome
40 | 
41 | set JAVA_EXE=java.exe
42 | %JAVA_EXE% -version >NUL 2>&1
43 | if "%ERRORLEVEL%" == "0" goto execute
44 | 
45 | echo.
46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
47 | echo.
48 | echo Please set the JAVA_HOME variable in your environment to match the
49 | echo location of your Java installation.
50 | 
51 | goto fail
52 | 
53 | :findJavaFromJavaHome
54 | set JAVA_HOME=%JAVA_HOME:"=%
55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
56 | 
57 | if exist "%JAVA_EXE%" goto execute
58 | 
59 | echo.
60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
61 | echo.
62 | echo Please set the JAVA_HOME variable in your environment to match the
63 | echo location of your Java installation.
64 | 
65 | goto fail
66 | 
67 | :execute
68 | @rem Setup the command line
69 | 
70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
71 | 
72 | 
73 | @rem Execute Gradle
74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
75 | 
76 | :end
77 | @rem End local scope for the variables with windows NT shell
78 | if "%ERRORLEVEL%"=="0" goto mainEnd
79 | 
80 | :fail
81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
82 | rem the _cmd.exe /c_ return code!
83 | if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
84 | exit /b 1
85 | 
86 | :mainEnd
87 | if "%OS%"=="Windows_NT" endlocal
88 | 
89 | :omega
90 | 


--------------------------------------------------------------------------------
/app/src/main/res/drawable/ic_launcher_background.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <vector xmlns:android="http://schemas.android.com/apk/res/android"
  3 |     android:width="108dp"
  4 |     android:height="108dp"
  5 |     android:viewportWidth="108"
  6 |     android:viewportHeight="108">
  7 |     <path
  8 |         android:fillColor="#3DDC84"
  9 |         android:pathData="M0,0h108v108h-108z" />
 10 |     <path
 11 |         android:fillColor="#00000000"
 12 |         android:pathData="M9,0L9,108"
 13 |         android:strokeWidth="0.8"
 14 |         android:strokeColor="#33FFFFFF" />
 15 |     <path
 16 |         android:fillColor="#00000000"
 17 |         android:pathData="M19,0L19,108"
 18 |         android:strokeWidth="0.8"
 19 |         android:strokeColor="#33FFFFFF" />
 20 |     <path
 21 |         android:fillColor="#00000000"
 22 |         android:pathData="M29,0L29,108"
 23 |         android:strokeWidth="0.8"
 24 |         android:strokeColor="#33FFFFFF" />
 25 |     <path
 26 |         android:fillColor="#00000000"
 27 |         android:pathData="M39,0L39,108"
 28 |         android:strokeWidth="0.8"
 29 |         android:strokeColor="#33FFFFFF" />
 30 |     <path
 31 |         android:fillColor="#00000000"
 32 |         android:pathData="M49,0L49,108"
 33 |         android:strokeWidth="0.8"
 34 |         android:strokeColor="#33FFFFFF" />
 35 |     <path
 36 |         android:fillColor="#00000000"
 37 |         android:pathData="M59,0L59,108"
 38 |         android:strokeWidth="0.8"
 39 |         android:strokeColor="#33FFFFFF" />
 40 |     <path
 41 |         android:fillColor="#00000000"
 42 |         android:pathData="M69,0L69,108"
 43 |         android:strokeWidth="0.8"
 44 |         android:strokeColor="#33FFFFFF" />
 45 |     <path
 46 |         android:fillColor="#00000000"
 47 |         android:pathData="M79,0L79,108"
 48 |         android:strokeWidth="0.8"
 49 |         android:strokeColor="#33FFFFFF" />
 50 |     <path
 51 |         android:fillColor="#00000000"
 52 |         android:pathData="M89,0L89,108"
 53 |         android:strokeWidth="0.8"
 54 |         android:strokeColor="#33FFFFFF" />
 55 |     <path
 56 |         android:fillColor="#00000000"
 57 |         android:pathData="M99,0L99,108"
 58 |         android:strokeWidth="0.8"
 59 |         android:strokeColor="#33FFFFFF" />
 60 |     <path
 61 |         android:fillColor="#00000000"
 62 |         android:pathData="M0,9L108,9"
 63 |         android:strokeWidth="0.8"
 64 |         android:strokeColor="#33FFFFFF" />
 65 |     <path
 66 |         android:fillColor="#00000000"
 67 |         android:pathData="M0,19L108,19"
 68 |         android:strokeWidth="0.8"
 69 |         android:strokeColor="#33FFFFFF" />
 70 |     <path
 71 |         android:fillColor="#00000000"
 72 |         android:pathData="M0,29L108,29"
 73 |         android:strokeWidth="0.8"
 74 |         android:strokeColor="#33FFFFFF" />
 75 |     <path
 76 |         android:fillColor="#00000000"
 77 |         android:pathData="M0,39L108,39"
 78 |         android:strokeWidth="0.8"
 79 |         android:strokeColor="#33FFFFFF" />
 80 |     <path
 81 |         android:fillColor="#00000000"
 82 |         android:pathData="M0,49L108,49"
 83 |         android:strokeWidth="0.8"
 84 |         android:strokeColor="#33FFFFFF" />
 85 |     <path
 86 |         android:fillColor="#00000000"
 87 |         android:pathData="M0,59L108,59"
 88 |         android:strokeWidth="0.8"
 89 |         android:strokeColor="#33FFFFFF" />
 90 |     <path
 91 |         android:fillColor="#00000000"
 92 |         android:pathData="M0,69L108,69"
 93 |         android:strokeWidth="0.8"
 94 |         android:strokeColor="#33FFFFFF" />
 95 |     <path
 96 |         android:fillColor="#00000000"
 97 |         android:pathData="M0,79L108,79"
 98 |         android:strokeWidth="0.8"
 99 |         android:strokeColor="#33FFFFFF" />
100 |     <path
101 |         android:fillColor="#00000000"
102 |         android:pathData="M0,89L108,89"
103 |         android:strokeWidth="0.8"
104 |         android:strokeColor="#33FFFFFF" />
105 |     <path
106 |         android:fillColor="#00000000"
107 |         android:pathData="M0,99L108,99"
108 |         android:strokeWidth="0.8"
109 |         android:strokeColor="#33FFFFFF" />
110 |     <path
111 |         android:fillColor="#00000000"
112 |         android:pathData="M19,29L89,29"
113 |         android:strokeWidth="0.8"
114 |         android:strokeColor="#33FFFFFF" />
115 |     <path
116 |         android:fillColor="#00000000"
117 |         android:pathData="M19,39L89,39"
118 |         android:strokeWidth="0.8"
119 |         android:strokeColor="#33FFFFFF" />
120 |     <path
121 |         android:fillColor="#00000000"
122 |         android:pathData="M19,49L89,49"
123 |         android:strokeWidth="0.8"
124 |         android:strokeColor="#33FFFFFF" />
125 |     <path
126 |         android:fillColor="#00000000"
127 |         android:pathData="M19,59L89,59"
128 |         android:strokeWidth="0.8"
129 |         android:strokeColor="#33FFFFFF" />
130 |     <path
131 |         android:fillColor="#00000000"
132 |         android:pathData="M19,69L89,69"
133 |         android:strokeWidth="0.8"
134 |         android:strokeColor="#33FFFFFF" />
135 |     <path
136 |         android:fillColor="#00000000"
137 |         android:pathData="M19,79L89,79"
138 |         android:strokeWidth="0.8"
139 |         android:strokeColor="#33FFFFFF" />
140 |     <path
141 |         android:fillColor="#00000000"
142 |         android:pathData="M29,19L29,89"
143 |         android:strokeWidth="0.8"
144 |         android:strokeColor="#33FFFFFF" />
145 |     <path
146 |         android:fillColor="#00000000"
147 |         android:pathData="M39,19L39,89"
148 |         android:strokeWidth="0.8"
149 |         android:strokeColor="#33FFFFFF" />
150 |     <path
151 |         android:fillColor="#00000000"
152 |         android:pathData="M49,19L49,89"
153 |         android:strokeWidth="0.8"
154 |         android:strokeColor="#33FFFFFF" />
155 |     <path
156 |         android:fillColor="#00000000"
157 |         android:pathData="M59,19L59,89"
158 |         android:strokeWidth="0.8"
159 |         android:strokeColor="#33FFFFFF" />
160 |     <path
161 |         android:fillColor="#00000000"
162 |         android:pathData="M69,19L69,89"
163 |         android:strokeWidth="0.8"
164 |         android:strokeColor="#33FFFFFF" />
165 |     <path
166 |         android:fillColor="#00000000"
167 |         android:pathData="M79,19L79,89"
168 |         android:strokeWidth="0.8"
169 |         android:strokeColor="#33FFFFFF" />
170 | </vector>
171 | 


--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env sh
  2 | 
  3 | #
  4 | # Copyright 2015 the original author or authors.
  5 | #
  6 | # Licensed under the Apache License, Version 2.0 (the "License");
  7 | # you may not use this file except in compliance with the License.
  8 | # You may obtain a copy of the License at
  9 | #
 10 | #      https://www.apache.org/licenses/LICENSE-2.0
 11 | #
 12 | # Unless required by applicable law or agreed to in writing, software
 13 | # distributed under the License is distributed on an "AS IS" BASIS,
 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 | # See the License for the specific language governing permissions and
 16 | # limitations under the License.
 17 | #
 18 | 
 19 | ##############################################################################
 20 | ##
 21 | ##  Gradle start up script for UN*X
 22 | ##
 23 | ##############################################################################
 24 | 
 25 | # Attempt to set APP_HOME
 26 | # Resolve links: $0 may be a link
 27 | PRG="$0"
 28 | # Need this for relative symlinks.
 29 | while [ -h "$PRG" ] ; do
 30 |     ls=`ls -ld "$PRG"`
 31 |     link=`expr "$ls" : '.*-> \(.*\)$'`
 32 |     if expr "$link" : '/.*' > /dev/null; then
 33 |         PRG="$link"
 34 |     else
 35 |         PRG=`dirname "$PRG"`"/$link"
 36 |     fi
 37 | done
 38 | SAVED="`pwd`"
 39 | cd "`dirname \"$PRG\"`/" >/dev/null
 40 | APP_HOME="`pwd -P`"
 41 | cd "$SAVED" >/dev/null
 42 | 
 43 | APP_NAME="Gradle"
 44 | APP_BASE_NAME=`basename "$0"`
 45 | 
 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 48 | 
 49 | # Use the maximum available, or set MAX_FD != -1 to use that value.
 50 | MAX_FD="maximum"
 51 | 
 52 | warn () {
 53 |     echo "$*"
 54 | }
 55 | 
 56 | die () {
 57 |     echo
 58 |     echo "$*"
 59 |     echo
 60 |     exit 1
 61 | }
 62 | 
 63 | # OS specific support (must be 'true' or 'false').
 64 | cygwin=false
 65 | msys=false
 66 | darwin=false
 67 | nonstop=false
 68 | case "`uname`" in
 69 |   CYGWIN* )
 70 |     cygwin=true
 71 |     ;;
 72 |   Darwin* )
 73 |     darwin=true
 74 |     ;;
 75 |   MINGW* )
 76 |     msys=true
 77 |     ;;
 78 |   NONSTOP* )
 79 |     nonstop=true
 80 |     ;;
 81 | esac
 82 | 
 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 84 | 
 85 | 
 86 | # Determine the Java command to use to start the JVM.
 87 | if [ -n "$JAVA_HOME" ] ; then
 88 |     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
 89 |         # IBM's JDK on AIX uses strange locations for the executables
 90 |         JAVACMD="$JAVA_HOME/jre/sh/java"
 91 |     else
 92 |         JAVACMD="$JAVA_HOME/bin/java"
 93 |     fi
 94 |     if [ ! -x "$JAVACMD" ] ; then
 95 |         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
 96 | 
 97 | Please set the JAVA_HOME variable in your environment to match the
 98 | location of your Java installation."
 99 |     fi
100 | else
101 |     JAVACMD="java"
102 |     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
103 | 
104 | Please set the JAVA_HOME variable in your environment to match the
105 | location of your Java installation."
106 | fi
107 | 
108 | # Increase the maximum file descriptors if we can.
109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
110 |     MAX_FD_LIMIT=`ulimit -H -n`
111 |     if [ $? -eq 0 ] ; then
112 |         if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
113 |             MAX_FD="$MAX_FD_LIMIT"
114 |         fi
115 |         ulimit -n $MAX_FD
116 |         if [ $? -ne 0 ] ; then
117 |             warn "Could not set maximum file descriptor limit: $MAX_FD"
118 |         fi
119 |     else
120 |         warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
121 |     fi
122 | fi
123 | 
124 | # For Darwin, add options to specify how the application appears in the dock
125 | if $darwin; then
126 |     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
127 | fi
128 | 
129 | # For Cygwin or MSYS, switch paths to Windows format before running java
130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
131 |     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
132 |     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
133 | 
134 |     JAVACMD=`cygpath --unix "$JAVACMD"`
135 | 
136 |     # We build the pattern for arguments to be converted via cygpath
137 |     ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
138 |     SEP=""
139 |     for dir in $ROOTDIRSRAW ; do
140 |         ROOTDIRS="$ROOTDIRS$SEP$dir"
141 |         SEP="|"
142 |     done
143 |     OURCYGPATTERN="(^($ROOTDIRS))"
144 |     # Add a user-defined pattern to the cygpath arguments
145 |     if [ "$GRADLE_CYGPATTERN" != "" ] ; then
146 |         OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
147 |     fi
148 |     # Now convert the arguments - kludge to limit ourselves to /bin/sh
149 |     i=0
150 |     for arg in "$@" ; do
151 |         CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
152 |         CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
153 | 
154 |         if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
155 |             eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
156 |         else
157 |             eval `echo args$i`="\"$arg\""
158 |         fi
159 |         i=`expr $i + 1`
160 |     done
161 |     case $i in
162 |         0) set -- ;;
163 |         1) set -- "$args0" ;;
164 |         2) set -- "$args0" "$args1" ;;
165 |         3) set -- "$args0" "$args1" "$args2" ;;
166 |         4) set -- "$args0" "$args1" "$args2" "$args3" ;;
167 |         5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
168 |         6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
169 |         7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
170 |         8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
171 |         9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
172 |     esac
173 | fi
174 | 
175 | # Escape application args
176 | save () {
177 |     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
178 |     echo " "
179 | }
180 | APP_ARGS=`save "$@"`
181 | 
182 | # Collect all arguments for the java command, following the shell quoting and substitution rules
183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
184 | 
185 | exec "$JAVACMD" "$@"
186 | 


--------------------------------------------------------------------------------
/app/src/main/cpp/native-lib.cpp:
--------------------------------------------------------------------------------
  1 | #include <jni.h>
  2 | #include <string>
  3 | #include <cstring>
  4 | #include <sys/mman.h>
  5 | #include <unistd.h>
  6 | #include <cstdint>
  7 | #include <vector>
  8 | #include <android/log.h>
  9 | 
 10 | #define LOG_TAG "jiqiu2021"
 11 | #define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
 12 | #define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
 13 | 
 14 | #include <map>
 15 | #include <mutex>
 16 | #include <fcntl.h>
 17 | #include <dlfcn.h>
 18 | 
 19 | #define SH_UTIL_GET_BITS_32(x, start, end) \
 20 |   (((x) >> (end)) & ((1u << ((start) - (end) + 1u)) - 1u))
 21 | 
 22 | #define SH_UTIL_SIGN_EXTEND_64(x, len) \
 23 |   (((int64_t)((x) << (64u - (len)))) >> (64u - (len)))
 24 | 
 25 | 
 26 | // 增加寄存器结构体定义
 27 | struct RegisterContext {
 28 |     uint64_t x[31];    // X0-X30
 29 |     uint64_t sp;       // Stack Pointer
 30 |     uint64_t pc;       // Program Counter
 31 |     uint64_t pstate;   // Processor State
 32 | };
 33 | enum class ARM64_INS_TYPE {
 34 |     UNKNOW,
 35 |     ADR,        // 形如 ADR Xd, label
 36 |     ADRP,       // 形如 ADRP Xd, label
 37 |     B,          // 形如 B label
 38 |     BL,         // 形如 BL label
 39 |     B_COND,     // 形如 B.cond label
 40 |     CBZ_CBNZ,   // 形如 CBZ/CBNZ Rt, label
 41 |     TBZ_TBNZ,   // 形如 TBZ/TBNZ Rt, #imm, label
 42 |     LDR_LIT,    // 形如 LDR Rt, label
 43 | };
 44 | 
 45 | // 指令修复器
 46 | class ARM64Fixer {
 47 | public:
 48 |     static size_t
 49 |     fix_instructions(uint32_t *orig_code, size_t length, void *orig_addr, void *backup_addr) {
 50 |         size_t current_offset = 0;
 51 | 
 52 |         // 遍历原始指令
 53 |         for (size_t i = 0; i < length / 4; i++) {
 54 |             uint32_t ins = orig_code[i];
 55 |             void *cur_old_addr = (void *) ((uintptr_t) orig_addr + i * 4);
 56 |             void *cur_new_addr = (void *) ((uintptr_t) backup_addr + current_offset);
 57 | 
 58 |             // 记录当前指令信息
 59 |             LOGI("Processing instruction[%zu]: 0x%08x at old_addr: %p, new_addr: %p",
 60 |                  i, ins, cur_old_addr, cur_new_addr);
 61 | 
 62 |             // 直接写入到backup_addr对应位置
 63 |             current_offset += fix_instruction(
 64 |                     (uint32_t *) ((uintptr_t) backup_addr + current_offset),
 65 |                     ins, cur_old_addr, cur_new_addr);
 66 |         }
 67 | 
 68 |         return current_offset; // 返回实际写入的总大小
 69 |     }
 70 | 
 71 |     static ARM64_INS_TYPE get_ins_type(uint32_t ins) {
 72 |         if ((ins & 0x9F000000) == 0x10000000) return ARM64_INS_TYPE::ADR;
 73 |         if ((ins & 0x9F000000) == 0x90000000) return ARM64_INS_TYPE::ADRP;
 74 |         if ((ins & 0xFC000000) == 0x14000000) return ARM64_INS_TYPE::B;
 75 |         if ((ins & 0xFC000000) == 0x94000000) return ARM64_INS_TYPE::BL;
 76 |         if ((ins & 0xFF000010) == 0x54000000) return ARM64_INS_TYPE::B_COND;
 77 |         if ((ins & 0x7E000000) == 0x34000000) return ARM64_INS_TYPE::CBZ_CBNZ;  // 包括CBZ/CBNZ
 78 |         if ((ins & 0x7E000000) == 0x36000000) return ARM64_INS_TYPE::TBZ_TBNZ;  // 包括TBZ/TBNZ
 79 |         if ((ins & 0xFF000000) == 0x18000000) return ARM64_INS_TYPE::LDR_LIT;   // LDR (literal) 32位
 80 |         if ((ins & 0xFF000000) == 0x58000000) return ARM64_INS_TYPE::LDR_LIT;   // LDR (literal) 64位
 81 |         if ((ins & 0xFF000000) == 0x98000000) return ARM64_INS_TYPE::LDR_LIT;   // LDRSW (literal)
 82 |         if ((ins & 0xFF000000) == 0x1C000000)
 83 |             return ARM64_INS_TYPE::LDR_LIT;   // LDR SIMD (literal) 32位
 84 |         if ((ins & 0xFF000000) == 0x5C000000)
 85 |             return ARM64_INS_TYPE::LDR_LIT;   // LDR SIMD (literal) 64位
 86 |         if ((ins & 0xFF000000) == 0x9C000000)
 87 |             return ARM64_INS_TYPE::LDR_LIT;   // LDR SIMD (literal) 128位
 88 |         return ARM64_INS_TYPE::UNKNOW;
 89 |     }
 90 | 
 91 | private:
 92 |     // 修改为返回处理后指令占用的字节数
 93 |     static size_t fix_instruction(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
 94 |         ARM64_INS_TYPE type = get_ins_type(ins);
 95 |         switch (type) {
 96 |             case ARM64_INS_TYPE::ADR:
 97 |                 return fix_adr(out_ptr, ins, old_addr, new_addr);
 98 |             case ARM64_INS_TYPE::ADRP:
 99 |                 return fix_adrp(out_ptr, ins, old_addr, new_addr);
100 |             case ARM64_INS_TYPE::B:
101 |                 return fix_b(out_ptr, ins, old_addr, new_addr);
102 |             case ARM64_INS_TYPE::BL:
103 |                 return fix_bl(out_ptr, ins, old_addr, new_addr);
104 |             case ARM64_INS_TYPE::B_COND:
105 |                 return fix_b_cond(out_ptr, ins, old_addr, new_addr);
106 |             case ARM64_INS_TYPE::CBZ_CBNZ:
107 |                 return fix_cbz_cbnz(out_ptr, ins, old_addr, new_addr);
108 |             case ARM64_INS_TYPE::TBZ_TBNZ:
109 |                 return fix_tbz_tbnz(out_ptr, ins, old_addr, new_addr);
110 |             case ARM64_INS_TYPE::LDR_LIT:
111 |                 return fix_ldr(out_ptr, ins, old_addr, new_addr);
112 |             default:
113 |                 *out_ptr = ins;
114 |                 return 4;
115 |         }
116 |     }
117 | 
118 |     // 修复CBZ/CBNZ指令
119 |     static size_t fix_cbz_cbnz(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
120 |         uint64_t pc = (uint64_t) old_addr;
121 | 
122 |         // 获取跳转偏移和目标寄存器
123 |         uint64_t imm19 = SH_UTIL_GET_BITS_32(ins, 23, 5);
124 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64((imm19 << 2u), 21u);
125 |         uint64_t addr = pc + offset;
126 | 
127 |         // 生成指令序列
128 |         out_ptr[0] = (ins & 0xFF00001F) | 0x40u;  // CB(N)Z Rt, #8  - 保持原有条件但改变偏移
129 |         out_ptr[1] = 0x14000005;                   // B #20          - 跳过加载地址部分
130 |         out_ptr[2] = 0x58000051;                   // LDR X17, #8    - 加载目标地址
131 |         out_ptr[3] = 0xd61f0220;                   // BR X17         - 跳转到目标地址
132 |         out_ptr[4] = addr & 0xFFFFFFFF;            // 目标地址低32位
133 |         out_ptr[5] = addr >> 32u;                  // 目标地址高32位
134 | 
135 |         return 24;  // 6条指令
136 |     }
137 | 
138 | // 修复TBZ/TBNZ指令
139 |     static size_t fix_tbz_tbnz(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
140 |         uint64_t pc = (uint64_t) old_addr;
141 | 
142 |         // 获取位测试位置和偏移
143 |         uint64_t imm14 = SH_UTIL_GET_BITS_32(ins, 18, 5);
144 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64((imm14 << 2u), 16u);
145 |         uint64_t addr = pc + offset;
146 | 
147 |         // 生成指令序列
148 |         out_ptr[0] = (ins & 0xFFF8001F) | 0x40u;  // TB(N)Z Rt, #<imm>, #8 - 保持原有条件和测试位
149 |         out_ptr[1] = 0x14000005;                   // B #20
150 |         out_ptr[2] = 0x58000051;                   // LDR X17, #8
151 |         out_ptr[3] = 0xd61f0220;                   // BR X17
152 |         out_ptr[4] = addr & 0xFFFFFFFF;
153 |         out_ptr[5] = addr >> 32u;
154 | 
155 |         return 24;  // 6条指令
156 |     }
157 | 
158 |     static size_t fix_adrp(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
159 |         uint64_t pc = (uint64_t) old_addr;
160 | 
161 |         // 获取目标寄存器和立即数
162 |         uint32_t rd = SH_UTIL_GET_BITS_32(ins, 4, 0);  // 目标寄存器
163 |         uint64_t immlo = SH_UTIL_GET_BITS_32(ins, 30, 29);  // 低2位
164 |         uint64_t immhi = SH_UTIL_GET_BITS_32(ins, 23, 5);   // 高19位
165 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64((immhi << 14u) | (immlo << 12u), 33u);
166 | 
167 |         // 计算目标页地址
168 |         uint64_t addr = (pc & 0xFFFFFFFFFFFFF000) + offset;
169 | 
170 |         // 生成新的LDR序列
171 |         out_ptr[0] = 0x58000040u | rd;  // LDR Xd, #8
172 |         out_ptr[1] = 0x14000003;        // B #12
173 |         out_ptr[2] = addr & 0xFFFFFFFF;  // 低32位
174 |         out_ptr[3] = addr >> 32u;        // 高32位
175 | 
176 |         return 16;  // 4条指令
177 |     }
178 | 
179 |     static size_t fix_b_cond(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
180 |         LOGE("B_COND_ARM64");
181 |         uint64_t pc = (uint64_t) old_addr;
182 |         // 获取imm19，5~23位
183 |         uint64_t imm19 = SH_UTIL_GET_BITS_32(ins, 23, 5);
184 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64((imm19 << 2u), 21u);
185 |         uint64_t addr = pc + offset;
186 | 
187 |         // 生成新的指令序列
188 |         out_ptr[0] = (ins & 0xFF00001F) | 0x40u;  // B.<cond> #8
189 |         out_ptr[1] = 0x14000006;                  // B #24
190 |         out_ptr[2] = 0x58000051;                  // LDR X17, #8
191 |         out_ptr[3] = 0xd61f0220;                  // BR X17
192 |         out_ptr[4] = addr & 0xFFFFFFFF;
193 |         out_ptr[5] = addr >> 32u;
194 | 
195 |         return 24;  // 6条指令
196 |     }
197 | 
198 |     static size_t fix_b(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
199 |         uint64_t pc = (uint64_t) old_addr;
200 |         uint64_t imm26 = SH_UTIL_GET_BITS_32(ins, 25, 0);
201 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64(imm26 << 2u, 28u);
202 |         uint64_t addr = pc + offset;
203 | 
204 |         // 生成指令序列
205 |         out_ptr[0] = 0x58000051;  // LDR X17, #8
206 |         out_ptr[1] = 0x14000003;  // B #12
207 |         out_ptr[2] = addr & 0xFFFFFFFF;
208 |         out_ptr[3] = addr >> 32u;
209 |         out_ptr[4] = 0xD61F0220;  // BR X17
210 | 
211 |         return 20;  // 5条指令
212 |     }
213 | 
214 |     static size_t fix_bl(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
215 |         uint64_t pc = (uint64_t) old_addr;
216 |         uint64_t imm26 = SH_UTIL_GET_BITS_32(ins, 25, 0);
217 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64(imm26 << 2u, 28u);
218 |         uint64_t addr = pc + offset;
219 | 
220 |         out_ptr[0] = 0x58000051;  // LDR X17, #8
221 |         out_ptr[1] = 0x14000003;  // B #12
222 |         out_ptr[2] = addr & 0xFFFFFFFF;
223 |         out_ptr[3] = addr >> 32u;
224 |         out_ptr[4] = 0xD63F0220;  // BLR X17
225 | 
226 |         return 20;
227 |     }
228 | 
229 |     static size_t fix_adr(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
230 |         uint64_t pc = (uint64_t) old_addr;
231 |         uint32_t rd = SH_UTIL_GET_BITS_32(ins, 4, 0);
232 |         uint64_t immlo = SH_UTIL_GET_BITS_32(ins, 30, 29);
233 |         uint64_t immhi = SH_UTIL_GET_BITS_32(ins, 23, 5);
234 |         uint64_t addr = pc + SH_UTIL_SIGN_EXTEND_64((immhi << 2u) | immlo, 21u);
235 | 
236 |         out_ptr[0] = 0x58000040u | rd;  // LDR Xd, #8
237 |         out_ptr[1] = 0x14000003;        // B #12
238 |         out_ptr[2] = addr & 0xFFFFFFFF;
239 |         out_ptr[3] = addr >> 32u;
240 | 
241 |         return 16;
242 |     }
243 | 
244 |     static size_t fix_ldr(uint32_t *out_ptr, uint32_t ins, void *old_addr, void *new_addr) {
245 |         uint64_t pc = (uint64_t) old_addr;
246 |         uint32_t rt = SH_UTIL_GET_BITS_32(ins, 4, 0);
247 |         uint32_t rn = 0;
248 |         // 找一个未使用的寄存器
249 |         for (int i = 0; i < 31; i++) {
250 |             if (i != rt) {
251 |                 rn = i;
252 |                 break;
253 |             }
254 |         }
255 | 
256 |         uint64_t imm19 = SH_UTIL_GET_BITS_32(ins, 23, 5);
257 |         uint64_t offset = SH_UTIL_SIGN_EXTEND_64((imm19 << 2u), 21u);
258 |         uint64_t addr = pc + offset;
259 | 
260 |         if ((ins & 0xFF000000) == 0x58000000) {
261 |             // LDR X类指令
262 |             out_ptr[0] = 0x58000060u | rt;  // LDR Xt, #12
263 |             out_ptr[1] = 0xF9400000 | rt | (rt << 5u);  // LDR Xt, [Xt]
264 |             out_ptr[2] = 0x14000003;      // B #12
265 |             out_ptr[3] = addr & 0xFFFFFFFF;
266 |             out_ptr[4] = addr >> 32u;
267 |             return 20;
268 |         } else {
269 |             // LDR S/D/Q类指令
270 |             out_ptr[0] = 0xA93F47F0;  // STP X16, X17, [SP, #-0x10]
271 |             out_ptr[1] = 0x58000091;  // LDR X17, #16
272 |             if ((ins & 0xFF000000) == 0x1C000000)
273 |                 out_ptr[2] = 0xBD400220 | rt;  // LDR St, [X17]
274 |             else if ((ins & 0xFF000000) == 0x5C000000)
275 |                 out_ptr[2] = 0xFD400220 | rt;  // LDR Dt, [X17]
276 |             else
277 |                 out_ptr[2] = 0x3DC00220u | rt;  // LDR Qt, [X17]
278 |             out_ptr[3] = 0xF85F83F1;  // LDR X17, [SP, #-0x8]
279 |             out_ptr[4] = 0x14000003;  // B #12
280 |             out_ptr[5] = addr & 0xFFFFFFFF;
281 |             out_ptr[6] = addr >> 32u;
282 |             return 28;
283 |         }
284 |     }
285 | 
286 | 
287 | };
288 | 
289 | // 函数指针类型定义
290 | typedef void (*func_t)();
291 | 
292 | 
293 | struct HookInfo {
294 |     void *target_func;
295 |     void *hook_func;
296 |     void *backup_func;
297 |     uint8_t original_code[1024];
298 |     size_t original_code_size;
299 |     size_t total_size;
300 | 
301 |     // 增加寄存器回调函数指针
302 |     void (*pre_callback)(RegisterContext *ctx, void *user_data);
303 | 
304 |     // 执行后回调，增加返回值参数
305 |     void (*post_callback)(RegisterContext *ctx, uint64_t return_value, void *user_data);
306 | 
307 |     void *user_data;  // 用户自定义数据
308 | };
309 | 
310 | static thread_local HookInfo *current_executing_hook = nullptr;
311 | 
312 | // 全局存储所有hook信息
313 | class HookManager {
314 | private:
315 |     static std::map<void *, HookInfo *> hook_map; // key是目标函数地址
316 |     static std::mutex hook_mutex;
317 | 
318 | public:
319 |     static void registerHook(HookInfo *info) {
320 |         if (!info) return;
321 |         setCurrentHook(info);
322 |         std::lock_guard<std::mutex> lock(hook_mutex);
323 |         hook_map[info->target_func] = info;
324 |     }
325 | 
326 |     static void setCurrentHook(HookInfo *info) {
327 |         current_executing_hook = info;
328 |     }
329 | 
330 |     static HookInfo *getCurrentHook() {
331 |         return current_executing_hook;
332 |     }
333 | 
334 |     static HookInfo *getHook(void *target_func) {
335 |         std::lock_guard<std::mutex> lock(hook_mutex);
336 |         auto it = hook_map.find(target_func);
337 |         return (it != hook_map.end()) ? it->second : nullptr;
338 |     }
339 | 
340 |     static void removeHook(void *target_func) {
341 |         std::lock_guard<std::mutex> lock(hook_mutex);
342 |         hook_map.erase(target_func);
343 |     }
344 | };
345 | 
346 | // 初始化静态成员
347 | std::map<void *, HookInfo *> HookManager::hook_map;
348 | std::mutex HookManager::hook_mutex;
349 | 
350 | inline bool is_addr_valid(void *addr) {
351 |     return addr && ((uintptr_t) addr % 4 == 0);  // ARM64指令必须4字节对齐
352 | }
353 | 
354 | inline void clear_cache(void *addr, size_t size) {
355 |     __builtin___clear_cache((char *) addr, (char *) addr + size);
356 | }
357 | 
358 | 
359 | uint64_t test(int a, int b, int c) {
360 |     LOGI("Test function called");
361 |     LOGI("%d,%d,%d", a, b, c);
362 |     return 0x12345;
363 | }
364 | 
365 | void hook() {
366 |     RegisterContext ctx;
367 |     asm volatile(
368 |             "stp x0, x1, [%0, #0]\n"
369 |             "stp x2, x3, [%0, #16]\n"
370 |             "stp x4, x5, [%0, #32]\n"
371 |             "stp x6, x7, [%0, #48]\n"
372 |             "stp x8, x9, [%0, #64]\n"
373 |             "stp x10, x11, [%0, #80]\n"
374 |             "stp x12, x13, [%0, #96]\n"
375 |             "stp x14, x15, [%0, #112]\n"
376 |             "stp x16, x17, [%0, #128]\n"
377 |             "stp x18, x19, [%0, #144]\n"
378 |             "stp x20, x21, [%0, #160]\n"
379 |             "stp x22, x23, [%0, #176]\n"
380 |             "stp x24, x25, [%0, #192]\n"
381 |             "stp x26, x27, [%0, #208]\n"
382 |             "stp x28, x29, [%0, #224]\n"
383 |             "str x30, [%0, #240]\n"
384 |             "mov x16, sp\n"
385 |             "str x16, [%0, #248]\n"
386 |             : : "r"(&ctx.x[0]) : "x16", "memory"
387 |             );
388 |     LOGI("Hook function called");
389 |     // 获取 hook 信息
390 |     HookInfo *info = HookManager::getCurrentHook();
391 |     if (info) {
392 |         // 调用寄存器回调函数
393 |         // 获取当前上下文
394 |         // 通过内联汇编获取寄存器值
395 |         if (info->pre_callback) {
396 |             info->pre_callback(&ctx, info->user_data);
397 |         }
398 |         // 调用原始函数并保存返回值
399 |         uint64_t return_value = 0;
400 |         // 调用原始函数
401 |         if (info->backup_func) {
402 |             asm volatile(
403 |                     "ldp x0, x1, [%0, #0]\n"
404 |                     "ldp x2, x3, [%0, #16]\n"
405 |                     "ldp x4, x5, [%0, #32]\n"
406 |                     "ldp x6, x7, [%0, #48]\n"
407 |                     "ldp x8, x9, [%0, #64]\n"
408 |                     "ldp x10, x11, [%0, #80]\n"
409 |                     "ldp x12, x13, [%0, #96]\n"
410 |                     "ldp x14, x15, [%0, #112]\n"
411 |                     "ldp x16, x17, [%0, #128]\n"
412 |                     "ldp x18, x19, [%0, #144]\n"
413 |                     "ldp x20, x21, [%0, #160]\n"
414 |                     "ldp x22, x23, [%0, #176]\n"
415 |                     "ldp x24, x25, [%0, #192]\n"
416 |                     "ldp x26, x27, [%0, #208]\n"
417 |                     "ldp x28, x29, [%0, #224]\n"
418 |                     "ldr x30, [%0, #240]\n"
419 |                     "ldr x16, [%0, #248]\n"
420 |                     "mov sp, x16\n"  // 恢复栈指针
421 |                     ::"r"(&ctx.x[0]) : "memory"
422 |                     );
423 |             ((void (*)()) info->backup_func)();
424 |             // 通过内联汇编获取寄存器值
425 |             asm volatile(
426 |                     "stp x0, x1, [%0, #0]\n"
427 |                     "stp x2, x3, [%0, #16]\n"
428 |                     "stp x4, x5, [%0, #32]\n"
429 |                     "stp x6, x7, [%0, #48]\n"
430 |                     "stp x8, x9, [%0, #64]\n"
431 |                     "stp x10, x11, [%0, #80]\n"
432 |                     "stp x12, x13, [%0, #96]\n"
433 |                     "stp x14, x15, [%0, #112]\n"
434 |                     "stp x16, x17, [%0, #128]\n"
435 |                     "stp x18, x19, [%0, #144]\n"
436 |                     "stp x20, x21, [%0, #160]\n"
437 |                     "stp x22, x23, [%0, #176]\n"
438 |                     "stp x24, x25, [%0, #192]\n"
439 |                     "stp x26, x27, [%0, #208]\n"
440 |                     "stp x28, x29, [%0, #224]\n"
441 |                     "str x30, [%0, #240]\n"
442 |                     "mov x16, sp\n"
443 |                     "str x16, [%0, #248]\n"
444 |                     : : "r"(&ctx.x[0]) : "x16", "memory"
445 |                     );
446 |             return_value = ctx.x[0];
447 |             // 执行后回调
448 |             if (info->post_callback) {
449 |                 info->post_callback(&ctx, return_value, info->user_data);
450 |             }
451 |             asm volatile(
452 |                     "ldp x0, x1, [%0, #0]\n"
453 |                     "ldp x2, x3, [%0, #16]\n"
454 |                     "ldp x4, x5, [%0, #32]\n"
455 |                     "ldp x6, x7, [%0, #48]\n"
456 |                     "ldp x8, x9, [%0, #64]\n"
457 |                     "ldp x10, x11, [%0, #80]\n"
458 |                     "ldp x12, x13, [%0, #96]\n"
459 |                     "ldp x14, x15, [%0, #112]\n"
460 |                     "ldp x16, x17, [%0, #128]\n"
461 |                     "ldp x18, x19, [%0, #144]\n"
462 |                     "ldp x20, x21, [%0, #160]\n"
463 |                     "ldp x22, x23, [%0, #176]\n"
464 |                     "ldp x24, x25, [%0, #192]\n"
465 |                     "ldp x26, x27, [%0, #208]\n"
466 |                     "ldp x28, x29, [%0, #224]\n"
467 |                     "ldr x30, [%0, #240]\n"
468 |                     "ldr x16, [%0, #248]\n"
469 |                     "mov sp, x16\n"  // 恢复栈指针
470 |                     ::"r"(&ctx.x[0]) : "memory"
471 |                     );
472 |         }
473 |     }
474 | }
475 | 
476 | bool backup_orig_instructions(HookInfo *info) {
477 |     if (!info || !info->target_func) return false;
478 | 
479 |     info->original_code_size = 16;
480 |     memcpy(info->original_code, info->target_func, info->original_code_size);
481 | 
482 |     return true;
483 | }
484 | 
485 | bool create_jump(void *from, void *to, bool thumb) {
486 |     static const size_t JUMP_SIZE = 16;
487 | 
488 |     uint32_t jump_code[] = {
489 |             0x58000051,  // ldr x17, #8
490 |             0xD61F0220,  // br x17
491 |             (uint32_t) ((uint64_t) to & 0xFFFFFFFF),
492 |             (uint32_t) ((uint64_t) to >> 32)
493 |     };
494 | 
495 |     // 修改内存权限
496 |     size_t page_size = sysconf(_SC_PAGESIZE);
497 |     void *page_start = (void *) ((uintptr_t) from & ~(page_size - 1));
498 |     if (mprotect(page_start, page_size, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) {
499 |         return false;
500 |     }
501 | 
502 |     // 写入跳转代码
503 |     memcpy(from, jump_code, sizeof(jump_code));
504 | 
505 |     // 清理指令缓存
506 |     __builtin___clear_cache((char *) from, (char *) from + sizeof(jump_code));
507 | 
508 |     return true;
509 | }
510 | 
511 | // 默认的寄存器打印回调函数
512 | void default_register_callback(RegisterContext *ctx, void *user_data) {
513 |     LOGI("Register dump:");
514 |     for (int i = 0; i < 31; i++) {
515 |         LOGI("X%d: 0x%llx", i, ctx->x[i]);
516 |     }
517 |     LOGI("SP: 0x%llx", ctx->sp);
518 |     LOGI("PC: 0x%llx", ctx->pc);
519 |     LOGI("PSTATE: 0x%llx", ctx->pstate);
520 | }
521 | 
522 | 
523 | HookInfo *createHook(void *target_func, void *hook_func,
524 |                      void (*pre_callback)(RegisterContext *, void *) = nullptr,
525 |                      void (*post_callback)(RegisterContext *, uint64_t, void *) = nullptr,
526 |                      void *user_data = nullptr) {
527 |     LOGI("Creating hook - target: %p, hook: %p", target_func, hook_func);
528 |     if (!target_func || !hook_func) return nullptr;
529 |     // 检查是否已经被hook
530 |     HookInfo *existing = HookManager::getHook(target_func);
531 |     if (existing) {
532 |         LOGE("Function already hooked!");
533 |         return nullptr;
534 |     }
535 | 
536 |     // 创建HookInfo结构
537 |     auto *hookInfo = new HookInfo();
538 |     if (!hookInfo) return nullptr;
539 | 
540 |     // 初始化结构
541 |     memset(hookInfo, 0, sizeof(HookInfo));
542 |     hookInfo->target_func = target_func;
543 |     hookInfo->hook_func = hook_func;
544 |     hookInfo->pre_callback = pre_callback ? pre_callback : default_register_callback;
545 |     hookInfo->post_callback = post_callback;
546 |     hookInfo->user_data = user_data;
547 |     // 备份原始指令
548 |     if (!backup_orig_instructions(hookInfo)) {
549 |         delete hookInfo;
550 |         return nullptr;
551 |     }
552 | 
553 |     // 分配跳板内存
554 |     size_t trampoline_size = 256;
555 |     void *trampoline = mmap(nullptr, trampoline_size,
556 |                             PROT_READ | PROT_WRITE | PROT_EXEC,
557 |                             MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
558 | 
559 |     if (trampoline == MAP_FAILED) {
560 |         delete hookInfo;
561 |         return nullptr;
562 |     }
563 |     LOGI("Trampoline allocated at %p", trampoline);
564 | 
565 |     hookInfo->backup_func = trampoline;
566 | 
567 |     // 修复指令时记录指令信息
568 |     uint32_t *orig = (uint32_t *) hookInfo->original_code;
569 |     for (size_t i = 0; i < hookInfo->original_code_size / 4; i++) {
570 |         LOGI("Original instruction[%zu]: 0x%08x", i, orig[i]);
571 |     }
572 | 
573 |     size_t fixed_size = ARM64Fixer::fix_instructions(
574 |             (uint32_t *) hookInfo->original_code,
575 |             hookInfo->original_code_size,
576 |             hookInfo->target_func,
577 |             hookInfo->backup_func
578 |     );
579 |     void *return_addr = (uint8_t *) target_func + hookInfo->original_code_size;
580 |     // 添加跳回原函数的跳转
581 |     if (!create_jump((uint8_t *) hookInfo->backup_func + fixed_size,
582 |                      return_addr, false)) {
583 |         munmap(trampoline, trampoline_size);
584 |         delete hookInfo;
585 |         return nullptr;
586 |     }
587 |     // 在目标函数处写入跳转到hook函数的代码
588 |     if (!create_jump(target_func, hook_func, false)) {
589 |         munmap(trampoline, trampoline_size);
590 |         delete hookInfo;
591 |         return nullptr;
592 |     }
593 |     HookManager::registerHook(hookInfo);
594 |     return hookInfo;
595 | }
596 | 
597 | 
598 | bool inline_unhook(HookInfo *info) {
599 |     if (!info) return false;
600 |     HookManager::removeHook(info->target_func);
601 | 
602 |     // 修改目标函数内存权限
603 |     size_t page_size = sysconf(_SC_PAGESIZE);
604 |     void *page_start = (void *) ((uintptr_t) info->target_func & ~(page_size - 1));
605 |     if (mprotect(page_start, page_size, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) {
606 |         return false;
607 |     }
608 | 
609 |     // 直接恢复原始指令,而不是创建跳转
610 |     memcpy(info->target_func, info->original_code, info->original_code_size);
611 | 
612 |     // 清理指令缓存
613 |     __builtin___clear_cache((char *) info->target_func,
614 |                             (char *) info->target_func + info->original_code_size);
615 | 
616 |     // 释放跳板内存
617 |     if (info->backup_func) {
618 |         munmap(info->backup_func, 256);
619 |     }
620 | 
621 |     delete info;
622 |     return true;
623 | }
624 | 
625 | // 自定义寄存器回调函数
626 | void my_register_callback(RegisterContext *ctx, void *user_data) {
627 |     LOGI("Custom register dump for function: %s", (const char *) user_data);
628 |     LOGI("X0 (First argument): 0x%llx", ctx->x[0]);
629 |     LOGI("X0 (First argument): %s", ctx->x[0]);
630 | 
631 |     LOGI("X1 (Second argument): 0x%llx", ctx->x[1]);
632 |     LOGI("LR (X30): 0x%llx", ctx->x[30]);
633 | }
634 | 
635 | void post_hook_callback(RegisterContext *ctx, uint64_t return_value, void *user_data) {
636 |     LOGI("After function execution:");
637 |     LOGI("Return value: 0x%llx", return_value);
638 |     LOGI("Modified registers: x0=0x%llx, x1=0x%llx", ctx->x[0], ctx->x[1]);
639 | }
640 | 
641 | extern "C" JNIEXPORT jstring JNICALL
642 | Java_com_example_inlinehookstudy_MainActivity_stringFromJNI(
643 |         JNIEnv *env,
644 |         jobject /* this */) {
645 |     std::string hello = "Hello from C++";
646 | //    __asm__ __volatile__(
647 | //            "b .\n" // 死循环
648 | //            );
649 | //    void * openaddr =dlsym(RTLD_DEFAULT, "open");
650 |     HookInfo *hookInfo = createHook((void *) test, (void *) hook,
651 |                                     nullptr,
652 |                                     post_hook_callback,
653 |                                     (void *) hello.c_str());
654 |     uint64_t ret = test(1, 2, 3);
655 |     LOGI("ret = %llx", ret);
656 | //    int fd =open("/data/data/com.example.inlinehookstudy/files/123.txt", O_CREAT | O_RDWR, 0666);
657 | //    LOGI("fd = %d", fd);
658 |     inline_unhook(hookInfo);
659 |     uint64_t ret1 = test(1, 2, 3);
660 |     LOGI("ret1 = %llx", ret1);
661 | //    test();
662 |     return env->NewStringUTF(hello.c_str());
663 | }


--------------------------------------------------------------------------------