droid-injectso
A shared libraries injection tool and ELF hook engine of Android.
Please compile them with android-ndk-r8e
, or you may need to rewrite Android.mk
.
Has been tested on Android 2.2, 2.3 and 4.1, and root privilege is REQUIRED.
Special thanks to the author of libinject
http://bbs.pediy.com/showthread.php?t=141355
Compilation
Enter each source directory and run ndk-build
provided by android-ndk-r8e
.
$ cd injector
$ $NDK/ndk-build
$ cd ../samples/test
$ $NDK/ndk-build
$NDK
is the root directory of android-ndk-r8e
.
Also, you can find pre-compiled binaries in bin
.
Usage
We can use injector
to inject a shared library into arbitrary processes. Let's take libtest.so
as an example.
First, push both injector
and libtest.so
into a writeable location (e.g. /data/local/
) of your device (or emulator).
$ adb push injector /data/local/
$ adb push libtest.so /data/local/
Then, set the permission of injector
as executable.
$ adb shell chmod 755 /data/local/injector
Next, you can refer to injector
's usage information to inject libtest.so
into target processes.
$ adb shell /data/local/injector -h
Usage: injector -p pid -l libpath
-h --help Display this usage information.
-p --pid PID of target process.
-l --libpath Absolute path of the shared library that will be injected.
What should be noticed is that injection may be failed if you specify a relative path after -l
(or --libpath
) option.
Hook engine
Please take a look at the sample project samples/hook_ioctl
.