0

YAHFA

Yet Another Hook Framework for ART

Github repo
Main metrics
  • Owner: PAGalaxyLab/YAHFA
  • Platform:
  • License:: GNU General Public License v3.0
  • Category::
  • Topic:
  • Like:
    0
      Compare:

Github stars Tracking Chart

YAHFA

Introduction

YAHFA is a hook framework for Android ART. It provides an efficient way for Java method hooking or replacement. Currently it supports:

  • Android 5.0(API 21)
  • Android 5.1(API 22)
  • Android 6.0(API 23)
  • Android 7.0(API 24)
  • Android 7.1(API 25)
  • Android 8.0(API 26)
  • Android 8.1(API 27)
  • Android 9.0(API 28)

with ABI:

  • x86
  • x86_64
  • armeabi-v7a
  • arm64-v8a

YAHFA is utilized by VirtualHook so that applications can be hooked without root permission.

Please take a look at this article and this one for a detailed introduction.

更新说明

Build

Import and build the project in Android Studio(with Instant Run disabled). There are three modules:

  • library. This is the YAHFA library module, which compiles to .aar for use.
  • demoApp. This is a demo app which would load and apply the plugin.
  • demoPlugin. This is a demo plugin which contains the hooks and would be loaded by demoApp.

Please refer to demoApp and demoPlugin for more details on the demo.

Usage

First please take a look at demoPlugin on how to create a hook plugin.

To apply hooks, first create a new DexClassLoader which loads the plugin file:

DexClassLoader dexClassLoader = new DexClassLoader("/sdcard/demoPlugin-debug.apk",
            getCodeCacheDir().getAbsolutePath(), null, classLoader);

Then initalize HookMain and call doHookDefault():

HookMain hookMain = new HookMain();
hookMain.doHookDefault(dexClassLoader, classLoader);

You can also omit the default helper and call the following function instead:

public void findAndBackupAndHook(Class targetClass, String methodName, String methodSig,
                                 Method hook, Method backup);

Workaround for Method Inlining

Hooking would fail for methods that are compiled to be inlined. For example:

0x00004d5a: f24a7e81  movw    lr, #42881
0x00004d5e: f2c73e11  movt    lr, #29457
0x00004d62: f6495040  movw    r0, #40256
0x00004d66: f2c70033  movt    r0, #28723
0x00004d6a: 4641      mov     r1, r8
0x00004d6c: 1c32      mov     r2, r6
0x00004d6e: 47f0      blx     lr

Here the value of register lr is hardcoded instead of reading from entry point field of ArtMethod.

A simple workaround is to build the APP with debuggable option on, in which case the inlining optimization will not apply. However the option --debuggable of dex2oat is not available until API 23. So please take a look at machine instructions of the target when the hook doesn't work.

License

YAHFA is distributed under GNU GPL V3.

Main metrics

Overview
Name With OwnerPAGalaxyLab/YAHFA
Primary LanguageJava
Program languageJava (Language Count: 4)
Platform
License:GNU General Public License v3.0
所有者活动
Created At2017-03-30 06:45:05
Pushed At2024-07-22 23:50:28
Last Commit At2022-08-29 09:21:23
Release Count2
Last Release Namev0.11.0 (Posted on 2020-11-23 09:51:14)
First Release Namev0.10.0 (Posted on 2020-04-04 17:51:41)
用户参与
Stargazers Count1.6k
Watchers Count73
Fork Count352
Commits Count176
Has Issues Enabled
Issues Count140
Issue Open Count50
Pull Requests Count33
Pull Requests Open Count2
Pull Requests Close Count2
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private