├── app
├── .gitignore
├── src
│ ├── main
│ │ ├── res
│ │ │ ├── values
│ │ │ │ ├── strings.xml
│ │ │ │ ├── colors.xml
│ │ │ │ └── styles.xml
│ │ │ ├── mipmap-hdpi
│ │ │ │ ├── ic_launcher.png
│ │ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-mdpi
│ │ │ │ ├── ic_launcher.png
│ │ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xhdpi
│ │ │ │ ├── ic_launcher.png
│ │ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xxhdpi
│ │ │ │ ├── ic_launcher.png
│ │ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-xxxhdpi
│ │ │ │ ├── ic_launcher.png
│ │ │ │ └── ic_launcher_round.png
│ │ │ ├── mipmap-anydpi-v26
│ │ │ │ ├── ic_launcher.xml
│ │ │ │ └── ic_launcher_round.xml
│ │ │ ├── layout
│ │ │ │ └── activity_main.xml
│ │ │ ├── drawable-v24
│ │ │ │ └── ic_launcher_foreground.xml
│ │ │ └── drawable
│ │ │ │ └── ic_launcher_background.xml
│ │ ├── cpp
│ │ │ ├── PtraceInject
│ │ │ │ ├── CMakeLists.txt
│ │ │ │ ├── main.cpp
│ │ │ │ ├── PrintLog.h
│ │ │ │ ├── PtraceInject.h
│ │ │ │ └── PtraceInject.cpp
│ │ │ ├── InjectModule
│ │ │ │ ├── InjectModule.cpp
│ │ │ │ ├── PrintLog.h
│ │ │ │ └── CMakeLists.txt
│ │ │ └── native-lib
│ │ │ │ ├── PrintLog.h
│ │ │ │ ├── native-lib.cpp
│ │ │ │ └── CMakeLists.txt
│ │ ├── AndroidManifest.xml
│ │ └── java
│ │ │ └── com
│ │ │ └── example
│ │ │ └── androidinject
│ │ │ └── MainActivity.java
│ ├── test
│ │ └── java
│ │ │ └── com
│ │ │ └── example
│ │ │ └── androidinject
│ │ │ └── ExampleUnitTest.java
│ └── androidTest
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── androidinject
│ │ └── ExampleInstrumentedTest.java
├── CMakeLists.txt
├── proguard-rules.pro
└── build.gradle
├── settings.gradle
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── .gitignore
├── .idea
├── runConfigurations.xml
├── gradle.xml
├── misc.xml
└── codeStyles
│ └── Project.xml
├── installcmd.bat
├── README.md
├── gradle.properties
├── gradlew.bat
└── gradlew
/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build
2 |
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name='androidinject'
2 | include ':app'
3 |
--------------------------------------------------------------------------------
/app/src/main/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 | androidinject
3 |
4 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-hdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-mdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xxhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-hdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-hdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-mdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-mdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mergerly/androidinject/HEAD/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png
--------------------------------------------------------------------------------
/app/src/main/res/values/colors.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | #6200EE
4 | #3700B3
5 | #03DAC5
6 |
7 |
--------------------------------------------------------------------------------
/app/src/main/cpp/PtraceInject/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.4.1)
2 |
3 | enable_language(ASM) #支持汇编
4 | add_executable(PtraceInject main.cpp PtraceInject.cpp)
5 |
6 | find_library(log-lib log)
7 |
8 | target_link_libraries(PtraceInject ${log-lib} )
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .gradle
3 | /local.properties
4 | /.idea/caches
5 | /.idea/libraries
6 | /.idea/modules.xml
7 | /.idea/workspace.xml
8 | /.idea/navEditor.xml
9 | /.idea/assetWizardSettings.xml
10 | .DS_Store
11 | /build
12 | /captures
13 | .externalNativeBuild
14 | .cxx
15 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Tue Mar 24 15:12:39 CST 2020
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-all.zip
7 |
--------------------------------------------------------------------------------
/app/src/main/cpp/PtraceInject/main.cpp:
--------------------------------------------------------------------------------
1 | //
2 | // Created by haoyuanli on 2020-3-24.
3 | //
4 | #include
5 | #include
6 | #include "PrintLog.h"
7 | #include "PtraceInject.h"
8 |
9 | int main(int argc, char *argv[]) {
10 | LOGI("[+] start main\n");
11 | test();
12 | return 0;
13 | }
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/app/src/main/res/values/styles.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/app/src/test/java/com/example/androidinject/ExampleUnitTest.java:
--------------------------------------------------------------------------------
1 | package com.example.androidinject;
2 |
3 | import org.junit.Test;
4 |
5 | import static org.junit.Assert.*;
6 |
7 | /**
8 | * Example local unit test, which will execute on the development machine (host).
9 | *
10 | * @see Testing documentation
11 | */
12 | public class ExampleUnitTest {
13 | @Test
14 | public void addition_isCorrect() {
15 | assertEquals(4, 2 + 2);
16 | }
17 | }
--------------------------------------------------------------------------------
/.idea/runConfigurations.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
11 |
12 |
--------------------------------------------------------------------------------
/app/src/main/cpp/InjectModule/InjectModule.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #include "PrintLog.h"
6 |
7 | extern "C" __attribute__ ((visibility ("default"))) int Inject_entry()
8 | {
9 | LOGE("[InjectModule] Inject_entry Func is called\n");
10 | return 0;
11 | }
12 |
13 | __attribute__((constructor)) void _init_array(void)
14 | {
15 | int pid=getpid();
16 | LOGE("[InjectModule]Load So _init_array function is called, __from pid:%d",pid);
17 | }
18 |
19 | extern "C" void _init(void) {
20 | int pid=getpid();
21 | LOGE("[InjectModule]Load So _init function is called, __from pid:%d",pid);
22 | }
--------------------------------------------------------------------------------
/app/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.4.1)
2 |
3 | # LIB目录和BIN目录
4 | set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_SOURCE_DIR}/libs/${ANDROID_ABI})
5 | set( CMAKE_RUNTIME_OUTPUT_DIRECTORY ${PROJECT_SOURCE_DIR}/libs/${ANDROID_ABI})
6 |
7 | #设置头文件搜索路径(和此txt同个路径的头文件无需设置),可选
8 | #INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/common)
9 |
10 | #指定用到的系统库或者NDK库或者第三方库的搜索路径,可选。
11 | #LINK_DIRECTORIES(/usr/local/lib)
12 |
13 | #添加子目录,将自动找到子目录中的CMakeLists.txt
14 | ADD_SUBDIRECTORY(${PROJECT_SOURCE_DIR}/src/main/cpp/native-lib)
15 | ADD_SUBDIRECTORY(${PROJECT_SOURCE_DIR}/src/main/cpp/PtraceInject)
16 | ADD_SUBDIRECTORY(${PROJECT_SOURCE_DIR}/src/main/cpp/InjectModule)
--------------------------------------------------------------------------------
/app/src/main/AndroidManifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/.idea/gradle.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
19 |
20 |
--------------------------------------------------------------------------------
/app/proguard-rules.pro:
--------------------------------------------------------------------------------
1 | # Add project specific ProGuard rules here.
2 | # You can control the set of applied configuration files using the
3 | # proguardFiles setting in build.gradle.
4 | #
5 | # For more details, see
6 | # http://developer.android.com/guide/developing/tools/proguard.html
7 |
8 | # If your project uses WebView with JS, uncomment the following
9 | # and specify the fully qualified class name to the JavaScript interface
10 | # class:
11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
12 | # public *;
13 | #}
14 |
15 | # Uncomment this to preserve the line number information for
16 | # debugging stack traces.
17 | #-keepattributes SourceFile,LineNumberTable
18 |
19 | # If you keep the line number information, uncomment this to
20 | # hide the original source file name.
21 | #-renamesourcefileattribute SourceFile
22 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 | 1.8
14 |
15 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/installcmd.bat:
--------------------------------------------------------------------------------
1 | SET ABI_PATH=x86
2 | rem SET ABI_PATH=arm64-v8a
3 | rem SET ABI_PATH=armeabi-v7a
4 | SET DEVICE_NAME=127.0.0.1:21513
5 | rem SET DEVICE_NAME=d42e0b6
6 | rem SET DEVICE_NAME=MYV0215A20003885
7 | SET APP_PATH=%~dp0app\libs\%ABI_PATH%
8 | echo %APP_PATH%
9 |
10 | cd /d %APP_PATH%
11 |
12 | for %%i in (*.*) do (
13 | echo %%i
14 | adb -s %DEVICE_NAME% shell rm -f /data/local/tmp/%%i
15 | adb -s %DEVICE_NAME% push %%i /data/local/tmp/
16 | adb -s %DEVICE_NAME% shell chmod 777 /data/local/tmp/%%i
17 | )
18 |
19 | rem adb -s %DEVICE_NAME% uninstall com.example.androidinject
20 | rem adb -s %DEVICE_NAME% install %~dp0app\build\outputs\apk\debug\app-debug.apk
21 | rem adb -s %DEVICE_NAME% shell am start -n com.example.androidinject/com.example.androidinject.MainActivity
22 | rem adb -s %DEVICE_NAME% shell su
23 | rem adb -s %DEVICE_NAME% shell /data/local/tmp/PtraceInject
24 |
25 | cmd
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Android 全平台注入
2 |
3 | ### 编译
4 | Android Studio 3.x编译
5 |
6 |
7 | ### 参考资料
8 | https://fadeevab.com/shared-library-injection-on-android-8/
9 |
10 | https://github.com/gaffe23/linux-inject
11 | https://github.com/xiongchaochao/ptraceInject
12 |
13 | https://ancat.github.io/python/2019/01/01/python-ptrace.html
14 |
15 | 动手打造Android7.0以上的注入工具
16 | https://zhuanlan.zhihu.com/p/43563759
17 |
18 | [Ptrace]Linux内存替换(五)x86_64平台代码注入
19 | http://www.itkeyword.com/doc/4584806216155049126/ptrace-linux-x86-64
20 |
21 | code_injection by hotice0 Linux 64bit shellcode
22 | https://github.com/HotIce0/code_injection
23 |
24 | 手游2048的破解实战
25 | https://xz.aliyun.com/t/5421
26 |
27 | Android arm64(aarch64)中的so注入(inject) - 兼容x86 and arm
28 | https://blog.csdn.net/liao0000/article/details/45482453
29 |
30 | 反调试及绕过
31 | https://jmpews.github.io/2017/08/09/darwin/%E5%8F%8D%E8%B0%83%E8%AF%95%E5%8F%8A%E7%BB%95%E8%BF%87/
32 |
33 |
34 |
--------------------------------------------------------------------------------
/app/src/androidTest/java/com/example/androidinject/ExampleInstrumentedTest.java:
--------------------------------------------------------------------------------
1 | package com.example.androidinject;
2 |
3 | import android.content.Context;
4 |
5 | import androidx.test.platform.app.InstrumentationRegistry;
6 | import androidx.test.ext.junit.runners.AndroidJUnit4;
7 |
8 | import org.junit.Test;
9 | import org.junit.runner.RunWith;
10 |
11 | import static org.junit.Assert.*;
12 |
13 | /**
14 | * Instrumented test, which will execute on an Android device.
15 | *
16 | * @see Testing documentation
17 | */
18 | @RunWith(AndroidJUnit4.class)
19 | public class ExampleInstrumentedTest {
20 | @Test
21 | public void useAppContext() {
22 | // Context of the app under test.
23 | Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
24 |
25 | assertEquals("com.example.androidinject", appContext.getPackageName());
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/app/src/main/cpp/InjectModule/PrintLog.h:
--------------------------------------------------------------------------------
1 | #ifndef _ANDROID_LOG_PRINT_H_
2 | #define _ANDROID_LOG_PRINT_H_
3 |
4 | #include
5 |
6 | #define IS_DEBUG
7 |
8 | #ifdef IS_DEBUG
9 |
10 | #define LOG_TAG ("INJECT")
11 |
12 | #define LOGV(...) ((void)__android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__))
13 |
14 | #define LOGD(...) ((void)__android_log_print(ANDROID_LOG_DEBUG , LOG_TAG, __VA_ARGS__))
15 |
16 | #define LOGI(...) ((void)__android_log_print(ANDROID_LOG_INFO , LOG_TAG, __VA_ARGS__))
17 |
18 | #define LOGW(...) ((void)__android_log_print(ANDROID_LOG_WARN , LOG_TAG, __VA_ARGS__))
19 |
20 | #define LOGE(...) ((void)__android_log_print(ANDROID_LOG_ERROR , LOG_TAG, __VA_ARGS__))
21 |
22 | #else
23 |
24 | #define LOGV(LOG_TAG, ...) NULL
25 |
26 | #define LOGD(LOG_TAG, ...) NULL
27 |
28 | #define LOGI(LOG_TAG, ...) NULL
29 |
30 | #define LOGW(LOG_TAG, ...) NULL
31 |
32 | #define LOGE(LOG_TAG, ...) NULL
33 |
34 | #endif
35 |
36 | #endif
--------------------------------------------------------------------------------
/app/src/main/cpp/native-lib/PrintLog.h:
--------------------------------------------------------------------------------
1 | #ifndef _ANDROID_LOG_PRINT_H_
2 | #define _ANDROID_LOG_PRINT_H_
3 |
4 | #include
5 |
6 | #define IS_DEBUG
7 |
8 | #ifdef IS_DEBUG
9 |
10 | #define LOG_TAG ("INJECT")
11 |
12 | #define LOGV(...) ((void)__android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__))
13 |
14 | #define LOGD(...) ((void)__android_log_print(ANDROID_LOG_DEBUG , LOG_TAG, __VA_ARGS__))
15 |
16 | #define LOGI(...) ((void)__android_log_print(ANDROID_LOG_INFO , LOG_TAG, __VA_ARGS__))
17 |
18 | #define LOGW(...) ((void)__android_log_print(ANDROID_LOG_WARN , LOG_TAG, __VA_ARGS__))
19 |
20 | #define LOGE(...) ((void)__android_log_print(ANDROID_LOG_ERROR , LOG_TAG, __VA_ARGS__))
21 |
22 | #else
23 |
24 | #define LOGV(LOG_TAG, ...) NULL
25 |
26 | #define LOGD(LOG_TAG, ...) NULL
27 |
28 | #define LOGI(LOG_TAG, ...) NULL
29 |
30 | #define LOGW(LOG_TAG, ...) NULL
31 |
32 | #define LOGE(LOG_TAG, ...) NULL
33 |
34 | #endif
35 |
36 | #endif
--------------------------------------------------------------------------------
/app/src/main/cpp/PtraceInject/PrintLog.h:
--------------------------------------------------------------------------------
1 | #ifndef _ANDROID_LOG_PRINT_H_
2 | #define _ANDROID_LOG_PRINT_H_
3 |
4 | #include
5 |
6 | //如果不想打印日志可以注释这行宏定义
7 | #define IS_DEBUG
8 | //如果宏定义了IS_DEBUG,那么下面就会宏定义下面这些日志打印函数
9 | #ifdef IS_DEBUG
10 |
11 | #define LOG_TAG ("INJECT")
12 |
13 | #define LOGV(...) ((void)__android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__))
14 |
15 | #define LOGD(...) ((void)__android_log_print(ANDROID_LOG_DEBUG , LOG_TAG, __VA_ARGS__))
16 |
17 | #define LOGI(...) ((void)__android_log_print(ANDROID_LOG_INFO , LOG_TAG, __VA_ARGS__))
18 |
19 | #define LOGW(...) ((void)__android_log_print(ANDROID_LOG_WARN , LOG_TAG, __VA_ARGS__))
20 |
21 | #define LOGE(...) ((void)__android_log_print(ANDROID_LOG_ERROR , LOG_TAG, __VA_ARGS__))
22 |
23 | #else
24 |
25 | #define LOGV(LOG_TAG, ...) NULL
26 |
27 | #define LOGD(LOG_TAG, ...) NULL
28 |
29 | #define LOGI(LOG_TAG, ...) NULL
30 |
31 | #define LOGW(LOG_TAG, ...) NULL
32 |
33 | #define LOGE(LOG_TAG, ...) NULL
34 |
35 | #endif
36 |
37 | #endif
--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
1 | # Project-wide Gradle settings.
2 | # IDE (e.g. Android Studio) users:
3 | # Gradle settings configured through the IDE *will override*
4 | # any settings specified in this file.
5 | # For more details on how to configure your build environment visit
6 | # http://www.gradle.org/docs/current/userguide/build_environment.html
7 | # Specifies the JVM arguments used for the daemon process.
8 | # The setting is particularly useful for tweaking memory settings.
9 | org.gradle.jvmargs=-Xmx1536m
10 | # When configured, Gradle will run in incubating parallel mode.
11 | # This option should only be used with decoupled projects. More details, visit
12 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
13 | # org.gradle.parallel=true
14 | # AndroidX package structure to make it clearer which packages are bundled with the
15 | # Android operating system, and which are packaged with your app's APK
16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn
17 | android.useAndroidX=true
18 | # Automatically convert third-party libraries to use AndroidX
19 | android.enableJetifier=true
20 |
21 |
--------------------------------------------------------------------------------
/app/src/main/cpp/PtraceInject/PtraceInject.h:
--------------------------------------------------------------------------------
1 | //
2 | // Created by Rose on 2020/2/18.
3 | //
4 |
5 | #ifndef INJECT_PTRACEINJECT_H
6 | #define INJECT_PTRACEINJECT_H
7 |
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 |
14 | #if defined(__aarch64__)
15 | #define pt_regs user_pt_regs
16 | #elif defined(__x86_64__)
17 | #define pt_regs user_regs_struct
18 | #endif
19 |
20 | void* get_module_base_addr(pid_t pid, const char *ModuleName);
21 | void* get_remote_func_addr(pid_t pid, const char *ModuleName, void *LocalFuncAddr);
22 | pid_t find_pid_by_name(const char *process_name);
23 | int ptrace_attach(pid_t pid);
24 | int ptrace_continue(pid_t pid);
25 | int ptrace_detach(pid_t pid);
26 | int ptrace_getregs(pid_t pid, struct pt_regs *regs);
27 | int ptrace_setregs(pid_t pid, struct pt_regs *regs);
28 | int ptrace_readdata(pid_t pid, uint8_t *pSrcBuf, uint8_t *pDestBuf, size_t size);
29 | int ptrace_writedata(pid_t pid, uint8_t *pWriteAddr, uint8_t *pWriteData, size_t size);
30 | int ptrace_call(pid_t pid, uintptr_t ExecuteAddr, long *parameters, long num_params, struct pt_regs* regs);
31 | int inject_remote_process(pid_t pid, char *LibPath, char *FunctionName, long *FuncParameter, long NumParameter);
32 | int test();
33 |
34 | #endif //INJECT_PTRACEINJECT_H
35 |
--------------------------------------------------------------------------------
/app/src/main/cpp/native-lib/native-lib.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include "PrintLog.h"
5 |
6 | typedef int (*FUNC_INJECT_ENTRY)();
7 |
8 | int test_load_library() {
9 | char InjectModuleName[] = "/data/local/tmp/libInjectModule.so"; // 注入模块全路径
10 | void *handle = dlopen(InjectModuleName, RTLD_LAZY);
11 | if (!handle) {
12 | LOGE("[%s](%d) dlopen %s error:%s", __FILE__, __LINE__, InjectModuleName, dlerror());
13 | return 0;
14 | }
15 |
16 | do {
17 | FUNC_INJECT_ENTRY entry_func = (FUNC_INJECT_ENTRY) dlsym(handle, "Inject_entry");
18 | if (NULL == entry_func) {
19 | LOGE("[%s](%d) dlsym %s error:%s", __FILE__, __LINE__, "Inject_entry", dlerror());
20 | break;
21 | }
22 | entry_func();
23 | } while (false);
24 |
25 | dlclose(handle);
26 | return 1;
27 | }
28 |
29 | extern "C" JNIEXPORT jstring JNICALL
30 | Java_com_example_androidinject_MainActivity_stringFromJNI(
31 | JNIEnv *env,
32 | jobject /* this */) {
33 | std::string hello = "Hello from C++";
34 | return env->NewStringUTF(hello.c_str());
35 | }
36 |
37 | extern "C" JNIEXPORT jint JNICALL
38 | Java_com_example_androidinject_MainActivity_testload(
39 | JNIEnv *env,
40 | jobject /* this */) {
41 | return test_load_library();
42 | }
--------------------------------------------------------------------------------
/app/src/main/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
18 |
19 |
30 |
31 |
--------------------------------------------------------------------------------
/app/build.gradle:
--------------------------------------------------------------------------------
1 | apply plugin: 'com.android.application'
2 |
3 | android {
4 | compileSdkVersion 29
5 | buildToolsVersion "29.0.3"
6 |
7 | defaultConfig {
8 | applicationId "com.example.androidinject"
9 | minSdkVersion 16
10 | targetSdkVersion 29
11 | versionCode 1
12 | versionName "1.0"
13 |
14 | testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
15 |
16 | externalNativeBuild {
17 | cmake {
18 | cppFlags ""
19 | // abiFilters "armeabi-v7a", "arm64-v8a", "x86", "x86_64"
20 | abiFilters "x86", "arm64-v8a", "armeabi-v7a"
21 | }
22 | }
23 | }
24 |
25 | buildTypes {
26 | release {
27 | minifyEnabled false
28 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
29 | }
30 | }
31 |
32 | externalNativeBuild {
33 | cmake {
34 | path "CMakeLists.txt"
35 | version "3.10.2"
36 | }
37 | }
38 | }
39 |
40 | dependencies {
41 | implementation fileTree(dir: 'libs', include: ['*.jar'])
42 |
43 | implementation 'androidx.appcompat:appcompat:1.1.0'
44 | implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
45 | testImplementation 'junit:junit:4.12'
46 | androidTestImplementation 'androidx.test.ext:junit:1.1.1'
47 | androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0'
48 | }
49 |
--------------------------------------------------------------------------------
/app/src/main/java/com/example/androidinject/MainActivity.java:
--------------------------------------------------------------------------------
1 | package com.example.androidinject;
2 |
3 | import androidx.appcompat.app.AppCompatActivity;
4 |
5 | import android.os.Bundle;
6 | import android.view.View;
7 | import android.widget.Button;
8 | import android.widget.TextView;
9 | import android.widget.Toast;
10 |
11 | public class MainActivity extends AppCompatActivity {
12 |
13 | // Used to load the 'native-lib' library on application startup.
14 | static {
15 | System.loadLibrary("native-lib");
16 | }
17 |
18 | @Override
19 | protected void onCreate(Bundle savedInstanceState) {
20 | super.onCreate(savedInstanceState);
21 | setContentView(R.layout.activity_main);
22 | // CPU Info
23 | String strCpuABI = android.os.Build.CPU_ABI;
24 |
25 | // Example of a call to a native method
26 | TextView tv = findViewById(R.id.sample_text);
27 | tv.setText(stringFromJNI()+" abi:"+strCpuABI);
28 |
29 | Button btn = findViewById(R.id.button);
30 | btn.setOnClickListener(new View.OnClickListener() {
31 | @Override
32 | public void onClick(View v) {
33 | int ret = testload();
34 | String strToast = String.format("test load library ret:%d", ret);
35 | Toast.makeText(MainActivity.this, strToast, Toast.LENGTH_LONG).show();
36 | }
37 | });
38 | }
39 |
40 | /**
41 | * A native method that is implemented by the 'native-lib' native library,
42 | * which is packaged with this application.
43 | */
44 | public native String stringFromJNI();
45 | public native int testload();
46 | }
47 |
--------------------------------------------------------------------------------
/app/src/main/cpp/InjectModule/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | # For more information about using CMake with Android Studio, read the
2 | # documentation: https://d.android.com/studio/projects/add-native-code.html
3 |
4 | # Sets the minimum version of CMake required to build the native library.
5 |
6 | cmake_minimum_required(VERSION 3.4.1)
7 |
8 | # Creates and names a library, sets it as either STATIC
9 | # or SHARED, and provides the relative paths to its source code.
10 | # You can define multiple libraries, and CMake builds them for you.
11 | # Gradle automatically packages shared libraries with your APK.
12 |
13 | add_library( # Sets the name of the library.
14 | InjectModule
15 |
16 | # Sets the library as a shared library.
17 | SHARED
18 |
19 | # Provides a relative path to your source file(s).
20 | InjectModule.cpp )
21 |
22 | # Searches for a specified prebuilt library and stores the path as a
23 | # variable. Because CMake includes system libraries in the search path by
24 | # default, you only need to specify the name of the public NDK library
25 | # you want to add. CMake verifies that the library exists before
26 | # completing its build.
27 |
28 | find_library( # Sets the name of the path variable.
29 | log-lib
30 |
31 | # Specifies the name of the NDK library that
32 | # you want CMake to locate.
33 | log)
34 |
35 | # Specifies libraries CMake should link to your target library. You
36 | # can link multiple libraries, such as libraries you define in this
37 | # build script, prebuilt third-party libraries, or system libraries.
38 |
39 | target_link_libraries( # Specifies the target library.
40 | InjectModule
41 |
42 | # Links the target library to the log library
43 | # included in the NDK.
44 | ${log-lib})
--------------------------------------------------------------------------------
/app/src/main/res/drawable-v24/ic_launcher_foreground.xml:
--------------------------------------------------------------------------------
1 |
7 |
8 |
9 |
15 |