EHook
A hooking framework for commercial Android emulators (雷电模拟器, NOX, BlueStacks).
As you may know, these commercail emulators use x86 (kernel) and arm (user land) mixed-mode method to accelerate the emulation and this makes it difficult to hook the native arm libraries. This emulator hooking framework is intented to solve this problem.
Usage
Modify the jni/realinject.c file. You can hook functions both by address or by the function's symbol name:
static struct hook_t eph1;
static struct hook_t eph_sendto;
...
...
/*On BlueStacks*/
//hook_by_addr(&eph1, "arm/libc.so", target_addr, hook_func1);
/*Other emulators*/
hook_by_name(&eph_sendto, "nb/libc.so", "sendto", hook_sendto);
Notice: If you are hooking system libraries like "libc.so", please make sure you are giving the right path of the arm version binary.
Run ndk-build
Push the following 3 binary to android /data/local/tmp directory:
libs/x86/stalker
libs/x86/libinject.so
libs/armeabi/librealinject.so
Or just run push.cmd.
On android, type ./stalker [pid].
Notice
For NOX emulator, you should use the Android 5.1.1 instead of the default 4.4.2.
Also see this repo: XEHook.
acknowledgement
2200
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
