对于 Native Hook 技术,我们比较熟悉的有 GOT/PLT Hook、Trap Hook 以及 Inline Hook,下面我来逐个讲解这些 Hook 技术的实现原理和优劣比较。
https://github.com/iqiyi/xHook
https://github.com/iqiyi/xHook/blob/master/docs/overview/android_plt_hook_overview.zh-CN.md
hook libc.so android_getaddrinfofornet ,貌似没hook成功 https://github.com/iqiyi/xHook/issues/16
如何获取到被hook的方法的地址 https://github.com/iqiyi/xHook/issues/15
xhook只支持PLT/GOT方式的hook,就是hook“调用方so中的对外调用点”。android_getaddrinfofornet函数的实现在libc.so中,需要hook android_getaddrinfofornet的调用方,可以:
xhook_register(".*/libwebviewchromium\\.so$", "android_getaddrinfofornet", new_android_getaddrinfofornet, NULL);
不能做 ELF 内部函数之间调用的 hook。
inline hook 可以做到
1:下载Android NDK r16b,配置环境变量(每次重启PC都要配置一次)
2:./build_libs.sh通过cmd中单个执行编译完成
3:./install_libs.sh通过在cmd中执行:
C:\Users\zhenghuan\git\demo\xHook>install_libs.sh
完成
https://developer.android.com/ndk/guides/stable_apis.html?hl=zh-CN
Inline hooking is a method of intercepting calls to target functions. The general idea is to redirect a function to our own, so that we can perform processing before and/or after the function does its; this could include: checking parameters, shimming, logging, spoofing returned data, and filtering calls.
The hooks are placed by directly modifying code within the target function (inline modification), usually by overwriting the first few bytes with a jump; this allows execution to be redirected before the function does any processing
inline hook 由3部分组成:
https://github.com/frida/frida