/droid_injectso

A shared libraries injection tool.

Primary LanguageCApache License 2.0Apache-2.0

droid-injectso

A shared libraries injection tool and ELF hook engine of Android.

Please compile them with android-ndk-r8e, or you may need to rewrite Android.mk.

Has been tested on Android 2.2, 2.3 and 4.1, and root privilege is REQUIRED.

Special thanks to the author of libinject http://bbs.pediy.com/showthread.php?t=141355

Compilation

Enter each source directory and run ndk-build provided by android-ndk-r8e.

$ cd injector
$ $NDK/ndk-build
$ cd ../samples/test
$ $NDK/ndk-build

$NDK is the root directory of android-ndk-r8e.

Also, you can find pre-compiled binaries in bin.

Usage

We can use injector to inject a shared library into arbitrary processes. Let's take libtest.so as an example.

First, push both injector and libtest.so into a writeable location (e.g. /data/local/) of your device (or emulator).

$ adb push injector /data/local/
$ adb push libtest.so /data/local/

Then, set the permission of injector as executable.

$ adb shell chmod 755 /data/local/injector

Next, you can refer to injector's usage information to inject libtest.so into target processes.

$ adb shell /data/local/injector -h
Usage: injector -p pid -l libpath
-h  --help      Display this usage information.
-p  --pid       PID of target process.
-l  --libpath   Absolute path of the shared library that will be injected.

What should be noticed is that injection may be failed if you specify a relative path after -l (or --libpath) option.

Hook engine

Please take a look at the sample project samples/hook_ioctl.

Reference

  1. http://bbs.pediy.com/showthread.php?t=141355
  2. http://www.codeproject.com/Articles/70302/Redirecting-functions-in-shared-ELF-libraries