bytedance / bhook
- воскресенье, 15 августа 2021 г. в 00:27:12
https://github.com/bytedance/bhook
🔥 bhook is a PLT hook framework for Android app.
bhook
bhook is a PLT hook framework for Android app.
Features
- Multiple hooks and unhooks for the same function do not conflict with each other.
- Hook a single, partial or all of the dynamic libraries in the process.
- Hook the newly loaded dynamic libraries automatically.
- Avoid recursive-calls and circular-calls between proxy functions automatically.
- Support unwinding backtrace in proxy function.
- Support Android 4.1 - 12 (API level 16 - 31).
- Support armeabi-v7a, arm64-v8a, x86 and x86_64.
- MIT licensed.
Usage
1. Add dependency in build.gradle
bhook is published on Maven Central, and uses Prefab package format for native dependencies, which is supported by Android Gradle Plugin 4.0+.
allprojects {
repositories {
mavenCentral()
}
}android {
buildFeatures {
prefab true
}
}
dependencies {
implementation 'com.bytedance:bytehook:1.0.0'
}2. Add dependency in CMakeLists.txt or Android.mk
CMakeLists.txt
find_package(bytehook REQUIRED CONFIG)
add_library(mylib SHARED mylib.c)
target_link_libraries(mylib bytehook::bytehook)Android.mk
include $(CLEAR_VARS)
LOCAL_MODULE := mylib
LOCAL_SRC_FILES := mylib.c
LOCAL_SHARED_LIBRARIES += bytehook
include $(BUILD_SHARED_LIBRARY)
$(call import-module,prefab/bytehook)
3. Specify one or more ABI(s) you need
android {
defaultConfig {
ndk {
abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64'
}
}
}4. Add packaging options
If you are using bhook in an SDK project, you may need to avoid packaging libbytehook.so into your AAR, so as not to encounter duplicate libbytehook.so file when packaging the app project.
android {
packagingOptions {
exclude '**/libbytehook.so'
}
}On the other hand, if you are using bhook in an APP project, you may need to add some options to deal with conflicts caused by duplicate libbytehook.so file.
android {
packagingOptions {
pickFirst '**/libbytehook.so'
}
}5. Initialize
import com.bytedance.android.bytehook.ByteHook;
public class MySdk {
public static synchronized void init() {
ByteHook.init();
}
}6. Hook and Unhook
#include "bytehook.h"bytehook_stub_t bytehook_hook_single(
const char *caller_path_name,
const char *callee_path_name,
const char *sym_name,
void *new_func,
bytehook_hooked_t hooked,
void *hooked_arg);
bytehook_stub_t bytehook_hook_partial(
bytehook_caller_allow_filter_t caller_allow_filter,
void *caller_allow_filter_arg,
const char *callee_path_name,
const char *sym_name,
void *new_func,
bytehook_hooked_t hooked,
void *hooked_arg);
bytehook_stub_t bytehook_hook_all(
const char *callee_path_name,
const char *sym_name,
void *new_func,
bytehook_hooked_t hooked,
void *hooked_arg);
int bytehook_unhook(bytehook_stub_t stub);These three hook functions are used to hook single, partial, and all caller dynamic libraries in the process.
Notice:
- If you need to call the original function in the proxy function, please always use the
BYTEHOOK_CALL_PREV()macro. - Make sure to call
BYTEHOOK_POP_STACK()macro before proxy function returning. In the CPP source file, you can also callBYTEHOOK_STACK_SCOPE()macro at the beginning of the proxy function instead. - bhook proxies
dlopen()andandroid_dlopen_ext()internally, so please do not try to hook these two functions. If you want to monitor the loading of ELF, please usebytehook_add_dlopen_callback()andbytehook_del_dlopen_callback().
There is a sample app in the bytehook-sample folder you can refer to.