aslody / andhook Goto Github PK

View Code? Open in Web Editor NEW

751.0 751.0 213.0 7.39 MB

Android dynamic instrumentation framework

License: MIT License

Java 91.43% C++ 8.11% Makefile 0.46%

andhook's People

Contributors

Stargazers

Watchers

Forkers

shuixi2013 andbuild jimmyjones97 heartbee yiuchoi 35099644 praiseqin sanshao27 zhiwei-wu dstmath lfyg ualwayswithme iforked tobysegar zhanglang001 hl46000 chago sudami loveezu idone jinyouli ericky1992 deelmind msmtmsmt123 gg-coder889 wpvsyou angrykub m00zh33 peterg75 butterflyhack mayl8822 rockystevejobs jasi2169 heruix 03050903 onexuan exfuture hudawei996 dothezz terdimire lsmouse qva0rg afleshel nbg0x1 crackercat focuspadding omasko zhkl0228 saliey ccvg007 igit-cn gitqqqhs trendingtechnology bylkuse gyyfifafans muyi126 wxuefei rover12421 cheason haoyaogang xhyin1208 p0prxx lerist mzpbvsig zhaoruixbj duongtung4691 caihuapcl2013 leixun317 zhangyulong882 st-rnd jiejiao6 guolei1130 liminhu cuijw dcjniwota m8599399 creativelabsofficial andsource yyuuiii panhongwei fhooker piowind daliands yuanhcn 247321453 hoachen ghostrong1983 karmamaster patrickkh7788 stefan00lpf lancechung8888 gitcore tao2java zoutaov rendongge lykseek cugtao rokith eggfly yyxwj

andhook's Issues

Hook后为什么会出现一个Trace进程？

使用这个库hook成功后会出现一个Trace进程，而且这个进程还和zygote进程有关系，难道库中使用了ptrace以及相关的函数？不然为什么需要使用到调试函数？而且还和zygote进程有关。会有一个TracePid：xxx，这个进程居然是zygote进程

3.5.8版本hook微信内部触发非常频繁的log.i函数必崩（附日志）

一加3T
安卓7.1.1
微信6.6.6
AndHook 3.5.8

hook的是微信内部 "com.tencent.mm.sdk.platformtools.w.java" 中的打印消息的函数：
public static void i(String arg11, String arg12, Object[] arg13)

Hook相关代码示例：

错误日志截图（完整日志见附件）：

@Rprop
log_2018-5-14.txt

rwx size is too small to hold 56 bytes backup instructions

When trying to hook some system functions (e.g. fork, execve), I see an error in logcat that reads rwx size is too small to hold 56 bytes backup instructions, and hooking fails. Looking at https://github.com/rrrfff/And64InlineHook/blob/master/And64InlineHook.cpp the hook trampoline size seems to be limited to 50 bytes, hence the error.

Call site looks like so:

#include <jni.h>
#include <unistd.h>
#include <sys/types.h>
#include "AndHook.h"

#define AKLog(...) __android_log_print(ANDROID_LOG_INFO, "AndHook", __VA_ARGS__)

static decltype(fork) *sys_fork;

pid_t __unused hook_fork() {
    AKLog("fork called");
    pid_t child_pid = sys_fork();
    if (child_pid != 0) {
        AKLog("fork child pid: %d, parent pid: %d", static_cast<int>(child_pid), static_cast<int>(getpid()));
    }
    return child_pid;
}

extern "C" JNIEXPORT jint JNICALL __unused JNI_OnLoad(JavaVM *vm, void __unused *reserved) {
    JNIEnv *env;
    if (vm->GetEnv(reinterpret_cast<void **>(&env), JNI_VERSION_1_6) != JNI_OK) {
        return JNI_EVERSION;
    }

    AKHookFunction(fork, hook_fork, &sys_fork);
    return JNI_VERSION_1_6;
}

My system is a OnePlus 3 running OxygenOS - Android 8.0.0, arm64-v8a.

I seem to have gotten it working by copying the A64HookFunction as a wrapper around theAKHookFunctionV exported from the .so files here, and increasing the trampoline size to 70 from 50.

Attached is libc.so pulled from my device:
libc.so.zip

Help me.

bool checkRooted () { ifstream f; f.open("/system/xbin/su"); return f.good(); }
AKHook cannot hook ifstream, pls help me.

能不能放一个andhook.zip下载包

谢谢

请问这个库能Hook其他进程的方法吗

请问这个库能Hook其他进程的方法吗？
目前是可以Hook java和native层的函数？

底层代码开源？

请问如何方便联系您

请问如何方便联系您。出现很多版本兼容性问题。。可否留个常用邮箱或者微信, 微博？

DEMO在Pixel 8.1.0很大概率会崩溃

04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] "ReferenceQueueDaemon" prio=5 tid=5 Waiting
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344ba8 self=0x7cd8757e00
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18870 nice=4 cgrp=default sched=0/0 handle=0x7cd9c9f4f0
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 520104 142656 2 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9b9d000-0x7cd9b9f000 stackSize=1037KB
04-27 10:15:00.074 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 000000000000070c /system/framework/arm64/boot.oat (Java_java_lang_Object_wait+124)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x05ee3340> (a java.lang.Class<java.lang.ref.ReferenceQueue>)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$ReferenceQueueDaemon.runInternal(Daemons.java:178)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x05ee3340> (a java.lang.Class<java.lang.ref.ReferenceQueue>)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "FinalizerDaemon" prio=5 tid=6 Waiting
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344c48 self=0x7cd8758800
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18871 nice=4 cgrp=default sched=0/0 handle=0x7cd9b9a4f0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 406094 436458 1 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9a98000-0x7cd9a9a000 stackSize=1037KB
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 0000000000000aec /system/framework/arm64/boot.oat (Java_java_lang_Object_wait__JI+140)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x0d898279> (a java.lang.Object)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Object.java:422)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:188)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x0d898279> (a java.lang.Object)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:209)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerDaemon.runInternal(Daemons.java:232)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "FinalizerWatchdogDaemon" prio=5 tid=7 Waiting
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | group="" sCount=1 dsCount=0 flags=1 obj=0x13344ce8 self=0x7cd8759200
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | sysTid=18872 nice=4 cgrp=default sched=0/0 handle=0x7cd9a954f0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | state=S schedstat=( 342395 580677 3 ) utm=0 stm=0 core=2 HZ=100
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | stack=0x7cd9993000-0x7cd9995000 stackSize=1037KB
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] | held mutexes=
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: __switch_to+0x88/0xbc
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait_queue_me+0xdc/0x168
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: futex_wait+0xf4/0x21c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: do_futex+0x16c/0xb3c
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: SyS_futex+0x98/0x1b0
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] kernel: sys_trace_return+0x0/0x4
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #00 pc 000000000000082c /system/lib64/libc.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #1 pc 000000000000785c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #2 pc 000000000000c4d4 /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #3 pc 000000000000df3c /system/lib64/libart.so (???)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] native: #4 pc 000000000000070c /system/framework/arm64/boot.oat (Java_java_lang_Object_wait+124)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Object.wait(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting on <0x0be39bbe> (a java.lang.Daemons$FinalizerWatchdogDaemon)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerWatchdogDaemon.sleepUntilNeeded(Daemons.java:297)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - locked <0x0be39bbe> (a java.lang.Daemons$FinalizerWatchdogDaemon)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$FinalizerWatchdogDaemon.runInternal(Daemons.java:277)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Daemons$Daemon.run(Daemons.java:103)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.AndHook.invoke(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:301)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at andhook.lib.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:237)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run!(Native method)
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523]
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] "HeapTaskDaemon" prio=5 tid=8 Blocked
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] - waiting to lock an unknown object
04-27 10:15:00.075 18671-18686/? A/zygote64: runtime.cc:523] at java.lang.Thread.run(Thread.java:764)

请问支持非root吗？

This a great project! Very good! Thanks very much!

Native hook

Good afternoon. I started using your library and am very pleased with the results and convenience. Almost immediately I ran into a problem.

I intercept AudioRecord in another application when there is an AudioRecord call from java - everything is fine, when the call comes from the native library, nothing works. Interception simply does not happen, although this function is api in Java, after all? It simply can not be carried out natively. How can you deal with this? I can not decompile the native library, but there are clearly calls to , startRecording and read of the AudioRecord class.

怎么用呢，没有例子吗

Hooking into system apps (.apk and/or .jar) - Is that possible?

Is AndHook able do that (like xposed framework does)?

啥时候能支持安卓8.1

啥时候能支持安卓8.1，我看EPIC支持了

Error, please help

Jan 30, 2018 1:08:16 AM UTC
Loading Xposed v54 (for Zygote)...
Running ROM 'KOT49H.N900AUCUCMLG' with fingerprint 'samsung/hlteuc/hlteatt:4.4.2/KOT49H/N900AUCUCMLG:user/release-keys'
Loading modules from /data/app/andhook.ui-2.apk
Loading class andhook.ui.MainHook
java.lang.UnsatisfiedLinkError: incompatible platform, Couldn't load AndHook from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/andhook.ui-2.apk"],nativeLibraryDirectories=[/system/lib, /system/lib/arm, /data/downloads]]]: findLibrary returned null
at andhook.lib.AndHook.(AndHook.java:32)
at andhook.lib.AndHook$HookHelper.applyHooks(AndHook.java:529)
at andhook.lib.AndHook$HookHelper.applyHooks(AndHook.java:494)
at andhook.ui.MainHook.handleLoadPackage(MainHook.java:32)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$2.beforeHookedMethod(XposedBridge.java:228)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)
at com.android.server.ServerThread.initAndLoop(Native Method)
at com.android.server.SystemServer.main(SystemServer.java:1204)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:827)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:643)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
java.lang.NoClassDefFoundError: andhook/lib/AndHook
at andhook.lib.AndHook$HookHelper.applyHooks(AndHook.java:529)
at andhook.lib.AndHook$HookHelper.applyHooks(AndHook.java:494)
at andhook.ui.MainHook.handleLoadPackage(MainHook.java:32)
at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)
at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)
at de.robv.android.xposed.XposedBridge$3.afterHookedMethod(XposedBridge.java:252)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at android.app.LoadedApk.(Native Method)
at android.app.ActivityThread.getPackageInfo(ActivityThread.java:1647)
at android.app.ActivityThread.getPackageInfo(ActivityThread.java:1610)
at android.app.ActivityThread.getPackageInfo(ActivityThread.java:1583)
at android.app.ContextImpl.createPackageContextAsUser(ContextImpl.java:1894)
at android.app.ContextImpl.createPackageContext(ContextImpl.java:1880)
at android.content.ContextWrapper.createPackageContext(ContextWrapper.java:637)
at android.app.ActivityThread.installProvider(ActivityThread.java:4767)
at android.app.ActivityThread.installContentProviders(ActivityThread.java:4389)
at android.app.ActivityThread.installSystemProviders(ActivityThread.java:4949)
at com.android.server.am.ActivityManagerService.installSystemProviders(ActivityManagerService.java:8211)
at com.android.server.ServerThread.initAndLoop(SystemServer.java:278)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at com.android.server.ServerThread.initAndLoop(Native Method)
at com.android.server.SystemServer.main(SystemServer.java:1204)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:827)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:643)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)

请问支持hook native方法吗？ test里面没看到有hook native方法的例子

Got error in andhook 3.5

Hello all
I use andhook on IXposedHookLoadPackage call to method on htc M7
public static void XposedLoadLib()
{
try {
AndHook.ensureNativeLibraryLoaded();
//System.loadLibrary("myjnihook");
System.load("/data/data/andhook.ui/lib/libmyjnihook.so");
XposedBridge.log("Load thành công myjnihook");
} catch (Exception e) {
XposedBridge.log("Lỗi: "+ e.getMessage());
}
}
And got error from xposed:
04-11 23:28:47.900 ?/SENTINEL_TAG( 3094): SENTINEL_MSG_LIBCUTILS
04-11 23:28:47.900 ?/SENTINEL_TAG( 3094): SENTINEL_MSG_LIBLOG
04-11 23:28:55.433 I/Xposed ( 3596): ngon
04-11 23:28:55.525 E/Xposed ( 3596): java.lang.ExceptionInInitializerError
04-11 23:28:55.525 E/Xposed ( 3596): at andhook.test.Launcher.XposedLoadLib(Launcher.java:13)
04-11 23:28:55.525 E/Xposed ( 3596): at andhook.test.Launcher.handleLoadPackage(Launcher.java:31)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:34)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:61)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:106)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.XposedInit$2.beforeHookedMethod(XposedInit.java:134)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
04-11 23:28:55.525 E/Xposed ( 3596): at android.app.ActivityThread.handleBindApplication()
04-11 23:28:55.525 E/Xposed ( 3596): at android.app.ActivityThread.-wrap1(ActivityThread.java)
04-11 23:28:55.525 E/Xposed ( 3596): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1424)
04-11 23:28:55.525 E/Xposed ( 3596): at android.os.Handler.dispatchMessage(Handler.java:102)
04-11 23:28:55.525 E/Xposed ( 3596): at android.os.Looper.loop(Looper.java:148)
04-11 23:28:55.525 E/Xposed ( 3596): at android.app.ActivityThread.main(ActivityThread.java:5461)
04-11 23:28:55.525 E/Xposed ( 3596): at java.lang.reflect.Method.invoke(Native Method)
04-11 23:28:55.525 E/Xposed ( 3596): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
04-11 23:28:55.525 E/Xposed ( 3596): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
04-11 23:28:55.525 E/Xposed ( 3596): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
04-11 23:28:55.525 E/Xposed ( 3596): Caused by: java.lang.RuntimeException: incompatible platform
04-11 23:28:55.525 E/Xposed ( 3596): at andhook.lib.AndHook.(AndHook.java:27)
04-11 23:28:55.525 E/Xposed ( 3596): ... 17 more
04-11 23:28:55.525 E/Xposed ( 3596): Caused by: java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/data/andhook.ui/lib/libAndHook.so"
04-11 23:28:55.525 E/Xposed ( 3596): at java.lang.Runtime.load(Runtime.java:332)
04-11 23:28:55.525 E/Xposed ( 3596): at java.lang.System.load(System.java:1069)
04-11 23:28:55.525 E/Xposed ( 3596): at andhook.lib.AndHook.(AndHook.java:20)
04-11 23:28:55.525 E/Xposed ( 3596): ... 17 more

hook失败，提示incompatible method type

@rrrfff
大神，我在hook android.hardware.SystemSensorManager$SensorEventQueue::dispatchSensorEvent时，提示如下错误，求解

该函数原型：http://androidxref.com/7.1.1_r6/xref/frameworks/base/core/java/android/hardware/SystemSensorManager.java#669

测试环境是armeabi、安卓7.1.1

I/AndHook: SDK_INT = 25, IS_ART = true
I/AndHook: /system/bin/dex2oat disabled due to flag fast_dex = 1
E/AndHook: hook 0x70758e50 -> 0xf1ee2a64 failed, incompatible method type!
E/AndHook: failed to hook android.hardware.SystemSensorManager$SensorEventQueue::dispatchSensorEvent

这个支付7.0以上吗

请问怎么集成在rom中呢

5.x兼容性问题

这个库在6.x和7.x上面兼容性还是很好的，但5.x崩溃率超高，基本不能用，不知道什么原因

i didn't find native library source code

I searched a lot, but could not find libAK.so and libAKCompat.so source code, can you share or pm me?

编译ndk出现这个

Error:(41) undefined reference to 'AKHookFunction'

so加载报错

系统是安卓原生7.1.2 SDK:25
由于我的系统有点特殊所以需要把so文件放在system/lib /lib64下加载
出现以下错误求解顺便能否提供一下QQ号呢？非常感谢

incompatible platform, JNI_ERR returned from JNI_OnLoad in "/system/lib64/libAndHook.so"
at andhook.lib.AndHook.(AndHook.java:28)
at andhook.lib.AndHook.ensureClassInitialized(AndHook.java:86)
at andhook.lib.xposed.XposedBridge.hookMethod(XposedBridge.java:82)
at com.my.app.HTool.HookMethods(HTool.java:414)
at com.my.app.Main.start_hook_SettingsSecure(Main.java:101)
at com.my.app.Main.main(Main.java:41)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.Zygote.InitCKSystem(Zygote.java:204)
at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:255)
at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:225)
at com.android.internal.os.ZygoteInit.runSelectLoop(ZygoteInit.java:869)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:791)

unexpected houdini environment

Hello, I've seen this error, instead of notifying you of the successful use of hooks. I'm testing the program on the Nox emulator (Android x86) on Windows 10 x64. I can not understand if the emulator or x64 platform is to blame

Hook Native问题

在VirtualApp上面进行Hook Native操作，无法Hook被启动软件内的Native函数。
AKHookFunction无报错正常执行，只是绑定Hook的方法不执行
尝试着Hook系统的open,fopen等函数，都可以可正常Hook。
最后把AndHook加自己编写的so植入进软件，不依赖双开框架。发现可以正常Hook。

陷入死循环

举例：Hook 了 Log.e 后，在HOOK的方法中在输出 Log.e 会陷入死循环

How to hook this method

_import java.lang.reflect.Method;
String serialnum = null;

try {
Class<?> c = Class.forName("android.os.SystemProperties");
Method get = c.getMethod("get", String.class, String.class );
serialnum = (String)( get.invoke(c, "ro.serialno", "unknown" ) );
}
catch (Exception ignored)
{
}

@AndHook.HookHelper.Hook(value = "android.os.SystemProperties")
private static String get(final Class<?> clss, final String name, String def) {
if (name.equals("ro.serialno") || name.equals("ro.boot.serialno"))
return "FakeSerial";
return AndHook.HookHelper.invokeObjectOrigin(null, name, def);
}

[Help] cannot hook stat

JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *)
{
struct stat buf;
char *res="/system/xbin/su";
int resultNow = stat(res, &buf) == 0 ? 1 : 0;
if (resultNow == 1) {
AKLog("IS ROOTED");
} else
{
AKLog("NOT ROTED");
}
return JNI_VERSION_1_6;
}

i cannot hook "stat" . Please help me. i try AKHook(stat) but not working

Source code for libAndHook.so and libAndHookCompat.so

Are the sources for libAndHook.so and libAndHookCompat.so available anywhere?

大神能把native 层代码也开源了吗?

怎么Hook构造方法？

为啥3.5.8的版本不兼容2.7.2老版本的调用申明

不应该是向下兼容的吗？

我看到有3.5.8版本了，放到自己的工程中发现都没有原来的函数申明，比如原来的调用接口如下：
public static void hook(final Method origin, final Method replace);

3.5.8的版本都不提供这个接口了，那我怎么hook啊？不可能把工程里面引用到原接口的代码都改一遍吧？
新版接口的hook只有如下接口：
public static void hook(final Class<?> clazz, final String name, final String signature, final Method replace)

都不知道怎么用

@Rprop

How to hook Constructor function?

I need an example code to hook constructor function? Pls help me!!!

加载so报错

测试机器红米note3
看不到so里面的逻辑

JNI_OnLoad: SDK_INT = 23, IS_ART = true
CheckArtMethodSize: ArtMethod size check failed[2] and cannot be fixed, SDK = 23

Where are up-to-date sources?

There are only old sources in "deprecated" folder. However there are no source codes used to build .so files. Can you add native/c++ code to repository?

How to hook this native code

First for all, thank you for great framework, I love your work.
Now I'm in struggle while hooking native code, I have no idea to how to hook this code:
ifstream myfile ("example.txt", ios::binary);
Can you give me an example if any, thank a lot

How does AndHook work?

I created mini rootchecker app use "access" function in c++ to test AndHook. I installed AndHook app and my rootchecker app and then launch AndHook app first. But when i open my app, it still detected device is root.
Can you tell me how do AndHook work?

How to hook device id

How to hook imei ? Please have example

在x86模拟器houdini arm环境的arm so的app上

closed

如何Hook android.os.Build.MODEL ？

Using AndHook and VirtualApp together.

Hello, I want to use AndHook on an app that is located in the virtual space of a host app that use VirtualApp by asLody. The main library I want to hook is located in /data/data/{Package Name}/virtual/data/app/{Package Name in Virtual Space}/lib/lib.so and not in /data/data/{Package Name}/lib/lib.so.
How would I hook and possibly use AKHookFunction when the lib I want to hook is located in a different directory? Does AndHook have an option to declare the lib location to hook?

Example of custom declaration of lib -> AKHookLib(const char * filename, const char * mode FILE * stream );

Example of usage -> AKHookLib("/data/data/com.example.example/lib/libgame.so", "w", stdout);
Example of usage with VirtualApp ->
AKHookLib("/data/data/com.example.example/virtual/data/app/com.installed.example/lib/libgame.so", "w", stdout);

Or maybe you can use AKHookFunction and add a parameter for the lib?

AKHookFunction("/data/data/com.example.example/virtual/data/app/com.installed.example/lib/libgame.so", (void *) stuff_addr, (void *) fake_stuff, (void **) &orig_suff);

This is mostly just ideas I am hoping you can maybe implement.

Hook系统函数咋没效果?

我的手机小米4.4，hook自己写的类没问题，要hook系统的方法就不行了，比如hook activit的oncreate方法，

在x86模拟器houdini arm 加载arm 的so 的时候

closed

请问支持android6.0 arm64的机子吗？

jni Hook 支持android6.0 arm64的机子吗？如果可以的话，方便提供一下这方面的例子吗？谢谢

[help wanted] Hooking ClassLoader

Hello. Thanks for your work!
I'm trying to instrument currently running ClassLoader to profile class loading time, but seeing very small number of loaded classes in logs. Looks like my code gets called only for reflectively loaded classes. What am I doing wrong?

final class ClassLoaderHooks {

    private static final String TAG = "ClassLoaderHooks";

    static void install() {
        try {
            AndHook.ensureNativeLibraryLoaded(null);
            XposedHelpers.findAndHookMethod(
                    ClassLoader.class, "loadClass", String.class, boolean.class,
              // or BaseDexClassLoader.class, "findClass", String.class,
                    new Hooks()
            );
        } catch (Throwable t) {
            throw new RuntimeException(t);
        }
    }

    private static final class Hooks extends XC_MethodHook {

        private final Map<String, Boolean> loadedClasses = new ConcurrentHashMap<>();
        private final ThreadLocal<Stack<Long>> time = new ThreadLocal<>();

        @Override
        protected void beforeHookedMethod(MethodHookParam param) {
            Stack<Long> stack = time.get();
            if (stack == null) {
                time.set(stack = new Stack<>());
            }
            stack.push(System.nanoTime());
        }

        @Override
        protected void afterHookedMethod(MethodHookParam param) {
            long start = time.get().pop();
            long diff = System.nanoTime() - start;
            String className = (String) param.args[0];
            if (loadedClasses.put(className, Boolean.TRUE) != null) {
                return; // already loaded
            }
            int diffUs = (int) (diff / 1000);
            Log.e(TAG, "spent " + (diffUs / 1000.0) + "ms loading type " + className);
        }

    }

}

Thank you.

虚拟机5.1崩溃

小白问一个很傻的问题是将 AndHook这个类和so文件导入项目中就可以使用了吗

大神 8.0上直接崩溃有办法解决吗

另外可以留一下您qq吗想就hook这块做一些交流与探讨谢谢