├── README.md ├── jni ├── .getJNIEnv.c.swp ├── Android.mk └── getJNIEnv.c ├── libs └── armeabi │ └── libgetJNIEnv.so └── obj └── local └── armeabi ├── libgetJNIEnv.so └── objs └── getJNIEnv ├── getJNIEnv.o └── getJNIEnv.o.d /README.md: -------------------------------------------------------------------------------- 1 | # android_dex_injection 2 | This project will help you load dex file to target program,but U must use it with a so file injector. 3 | -------------------------------------------------------------------------------- /jni/.getJNIEnv.c.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/longlong2013/android_dex_injection/a8468563ab75721af524c9c244a3580810482c61/jni/.getJNIEnv.c.swp -------------------------------------------------------------------------------- /jni/Android.mk: -------------------------------------------------------------------------------- 1 | LOCAL_PATH:= $(call my-dir) 2 | 3 | include $(CLEAR_VARS) 4 | LOCAL_SRC_FILES:= getJNIEnv.c 5 | LOCAL_MODULE := getJNIEnv 6 | LOCAL_LDLIBS := -llog 7 | include $(BUILD_SHARED_LIBRARY) 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /jni/getJNIEnv.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | /* 6 | JNI_VERSION_1_1 0x00010001 7 | JNI_VERSION_1_2 0x00010002 8 | JNI_VERSION_1_4 0x00010004 9 | JNI_VERSION_1_6 0x00010006*/ 10 | 11 | #define ENABLE_LOG 1 12 | #if ENABLE_LOG 13 | #define LOGE(...) ((void) __android_log_print(ANDROID_LOG_ERROR, "Dex_Injection", __VA_ARGS__)) 14 | #define LOGD(...) ((void) __android_log_print(ANDROID_LOG_DEBUG, "Dex_Injection", __VA_ARGS__)) 15 | #define LOGI(...) ((void) __android_log_print(ANDROID_LOG_INFO, "Dex_Injection", __VA_ARGS__)) 16 | #else 17 | #define LOGE(format, args...) 18 | #define LOGD(format, args...) 19 | #define LOGI(format, args...) 20 | #endif 21 | 22 | void _init(char *args) { 23 | LOGD("-------------libgetJNIEnv.so is loaded!--------------\n"); 24 | } 25 | 26 | int so_entry() { 27 | LOGD("so_entry is now running!\n"); 28 | const char* dexPath; 29 | const char* dexOptDir; 30 | const char* className; 31 | const char* methodName; 32 | 33 | JNIEnv *(*getJNIEnv)(); 34 | void *handle = dlopen( "system/lib/libandroid_runtime.so", RTLD_NOW ); 35 | getJNIEnv = dlsym( handle, "_ZN7android14AndroidRuntime9getJNIEnvEv" ); 36 | if ( !getJNIEnv ) { 37 | LOGE("can not find getJNIEnv!"); 38 | return -1; 39 | } 40 | 41 | JNIEnv *env = getJNIEnv(); 42 | 43 | jint ver; 44 | ver = (*env)->GetVersion( env ); 45 | switch ( ver ) { 46 | 47 | case 0x00010001: 48 | LOGD("JNI version is JNI_VERSION_1_1");break; 49 | 50 | case 0x00010002: 51 | LOGD("JNI version is JNI_VERSION_1_2");break; 52 | 53 | case 0x00010004: 54 | LOGD("JNI version is JNI_VERSION_1_4");break; 55 | 56 | case 0x00010006: 57 | LOGD("JNI version is JNI_VERSION_1_6");break; 58 | 59 | default: 60 | LOGD("Unknown JNI_VERSION:0x%x",ver);break; 61 | } 62 | 63 | jclass stringClass, classLoaderClass, dexClassLoaderClass, targetClass; 64 | jmethodID getSystemClassLoaderMethod, dexClassLoaderContructor, loadClassMethod, targetMethod; 65 | jobject systemClassLoaderObject, dexClassLoaderObject; 66 | jstring dexPathString, dexOptDirString, classNameString, tmpString; 67 | jobjectArray stringArray; 68 | 69 | LOGD("-------------- now begin dex injection --------------"); 70 | 71 | /* set dex dir */ 72 | LOGD("step1: setting dex dir and opt dir..."); 73 | dexPath = "/data/inj/classes.dex"; 74 | dexOptDir = "/data/data/com.wuchao.helloworld/cache"; 75 | className = "com.wuchao.dextobeinjected.wuchao"; 76 | methodName = "methodToBeInvoked"; 77 | LOGD("step1 finished!\n"); 78 | 79 | 80 | /* Get SystemClasLoader */ 81 | LOGD("step2: getting systemClassLoader method and invoke it to get systemClassLoader obeject..."); 82 | stringClass = (*env)->FindClass(env, "java/lang/String");//获取String类 83 | classLoaderClass = (*env)->FindClass(env, "java/lang/ClassLoader");//获取classLoader类 84 | getSystemClassLoaderMethod = (*env)->GetStaticMethodID(env, classLoaderClass, "getSystemClassLoader", "()Ljava/lang/ClassLoader;");//获取classLoader中的getSystemClassLoader静态方法 85 | systemClassLoaderObject = (*env)->CallStaticObjectMethod(env, classLoaderClass, getSystemClassLoaderMethod);//调用getSystemClassLoader静态方法来获取所属对象systemClassLoaderObject 86 | if (! systemClassLoaderObject) { 87 | LOGE("Failed to call systemClassLoaderObject"); 88 | return -1; 89 | } 90 | LOGD("step2 finished!\n"); 91 | 92 | /* Create DexClassLoader */ 93 | LOGD("step3: using dexClassLoader class to create dexClassLoader object..."); 94 | dexClassLoaderClass = (*env)->FindClass(env, "dalvik/system/DexClassLoader");//获取dexClassLoader类 95 | dexClassLoaderContructor = (*env)->GetMethodID(env, dexClassLoaderClass, "", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/ClassLoader;)V");//获取dexClassLoader的Contructor 96 | dexPathString = (*env)->NewStringUTF(env, dexPath);//将char*转换成jString 97 | dexOptDirString = (*env)->NewStringUTF(env, dexOptDir);//将char*转换成jString 98 | dexClassLoaderObject = (*env)->NewObject(env, dexClassLoaderClass, dexClassLoaderContructor, dexPathString, dexOptDirString, NULL, systemClassLoaderObject);//生成自定义的dexClassLoader对象 99 | LOGD("step3 finished!\n"); 100 | 101 | /* Use DexClassLoader to load target class */ 102 | LOGD("step4: using dexClassLoader class to find [loadClass] method and using dexClassLoader object created above to load target class:[%s]...", className); 103 | loadClassMethod = (*env)->GetMethodID(env, dexClassLoaderClass, "loadClass", "(Ljava/lang/String;)Ljava/lang/Class;");//获取dexClassLoader类中的“loadClass”方法 104 | classNameString = (*env)->NewStringUTF(env, className);////将char*转换成jString 105 | targetClass = (jclass)(*env)->CallObjectMethod(env, dexClassLoaderObject, loadClassMethod, classNameString); //调用“loadClass”方法来获取目标类:com.wuchao.dextobeinjectd.wuchao 106 | if (!targetClass) { 107 | LOGE("Failed to load target class [%s]", className); 108 | return -1; 109 | } 110 | LOGD("step4 finished!\n"); 111 | 112 | /* Invoke target method */ 113 | LOGD("step5: using [%s] class loaded above to find [%s] method and invoke it...", className, methodName); 114 | targetMethod = (*env)->GetStaticMethodID(env, targetClass, methodName, "()V");//获取目标类中的静态方法:methodToBeInvoked 115 | if (!targetMethod) { 116 | LOGE("Failed to load target method [%s]", methodName); 117 | return -1; 118 | } 119 | (*env)->CallStaticVoidMethod(env, targetClass, targetMethod);//调用目标静态方法 120 | LOGD("step5 finished, invoking [%s] method succeeded!", methodName); 121 | 122 | return 0; 123 | } 124 | 125 | -------------------------------------------------------------------------------- /libs/armeabi/libgetJNIEnv.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/longlong2013/android_dex_injection/a8468563ab75721af524c9c244a3580810482c61/libs/armeabi/libgetJNIEnv.so -------------------------------------------------------------------------------- /obj/local/armeabi/libgetJNIEnv.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/longlong2013/android_dex_injection/a8468563ab75721af524c9c244a3580810482c61/obj/local/armeabi/libgetJNIEnv.so -------------------------------------------------------------------------------- /obj/local/armeabi/objs/getJNIEnv/getJNIEnv.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/longlong2013/android_dex_injection/a8468563ab75721af524c9c244a3580810482c61/obj/local/armeabi/objs/getJNIEnv/getJNIEnv.o -------------------------------------------------------------------------------- /obj/local/armeabi/objs/getJNIEnv/getJNIEnv.o.d: -------------------------------------------------------------------------------- 1 | /home/wuchao/git/getJNIEnv/obj/local/armeabi/objs/getJNIEnv/getJNIEnv.o: \ 2 | /home/wuchao/git/getJNIEnv/jni/getJNIEnv.c \ 3 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/jni.h \ 4 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/stdio.h \ 5 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h \ 6 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h \ 7 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/android/api-level.h \ 8 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/types.h \ 9 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/stdint.h \ 10 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/_types.h \ 11 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/machine/_types.h \ 12 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h \ 13 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/stddef.h \ 14 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/compiler.h \ 15 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h \ 16 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/asm/types.h \ 17 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/types.h \ 18 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/machine/kernel.h \ 19 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h \ 20 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/dlfcn.h \ 21 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/android/log.h 22 | 23 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/jni.h: 24 | 25 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/stdio.h: 26 | 27 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/cdefs.h: 28 | 29 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/cdefs_elf.h: 30 | 31 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/android/api-level.h: 32 | 33 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/types.h: 34 | 35 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/stdint.h: 36 | 37 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/_types.h: 38 | 39 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/machine/_types.h: 40 | 41 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/posix_types.h: 42 | 43 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/stddef.h: 44 | 45 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/compiler.h: 46 | 47 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/asm/posix_types.h: 48 | 49 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/asm/types.h: 50 | 51 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/linux/types.h: 52 | 53 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/machine/kernel.h: 54 | 55 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/sys/sysmacros.h: 56 | 57 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/dlfcn.h: 58 | 59 | /home/wuchao/ndk/ndkr8e/platforms/android-3/arch-arm/usr/include/android/log.h: 60 | --------------------------------------------------------------------------------