0

YAHFA

Yet Another Hook Framework for ART

Github 資源庫
主要指標
  • 所有者: PAGalaxyLab/YAHFA
  • 平台:
  • 許可證: GNU General Public License v3.0
  • 分類:
  • 主題:
  • 喜歡:
    0
      比較:

Github星跟蹤圖

YAHFA

Introduction

YAHFA is a hook framework for Android ART. It provides an efficient way for Java method hooking or replacement. Currently it supports:

  • Android 5.0(API 21)
  • Android 5.1(API 22)
  • Android 6.0(API 23)
  • Android 7.0(API 24)
  • Android 7.1(API 25)
  • Android 8.0(API 26)
  • Android 8.1(API 27)
  • Android 9.0(API 28)

with ABI:

  • x86
  • x86_64
  • armeabi-v7a
  • arm64-v8a

YAHFA is utilized by VirtualHook so that applications can be hooked without root permission.

Please take a look at this article and this one for a detailed introduction.

更新说明

Build

Import and build the project in Android Studio(with Instant Run disabled). There are three modules:

  • library. This is the YAHFA library module, which compiles to .aar for use.
  • demoApp. This is a demo app which would load and apply the plugin.
  • demoPlugin. This is a demo plugin which contains the hooks and would be loaded by demoApp.

Please refer to demoApp and demoPlugin for more details on the demo.

Usage

First please take a look at demoPlugin on how to create a hook plugin.

To apply hooks, first create a new DexClassLoader which loads the plugin file:

DexClassLoader dexClassLoader = new DexClassLoader("/sdcard/demoPlugin-debug.apk",
            getCodeCacheDir().getAbsolutePath(), null, classLoader);

Then initalize HookMain and call doHookDefault():

HookMain hookMain = new HookMain();
hookMain.doHookDefault(dexClassLoader, classLoader);

You can also omit the default helper and call the following function instead:

public void findAndBackupAndHook(Class targetClass, String methodName, String methodSig,
                                 Method hook, Method backup);

Workaround for Method Inlining

Hooking would fail for methods that are compiled to be inlined. For example:

0x00004d5a: f24a7e81  movw    lr, #42881
0x00004d5e: f2c73e11  movt    lr, #29457
0x00004d62: f6495040  movw    r0, #40256
0x00004d66: f2c70033  movt    r0, #28723
0x00004d6a: 4641      mov     r1, r8
0x00004d6c: 1c32      mov     r2, r6
0x00004d6e: 47f0      blx     lr

Here the value of register lr is hardcoded instead of reading from entry point field of ArtMethod.

A simple workaround is to build the APP with debuggable option on, in which case the inlining optimization will not apply. However the option --debuggable of dex2oat is not available until API 23. So please take a look at machine instructions of the target when the hook doesn't work.

License

YAHFA is distributed under GNU GPL V3.

主要指標

概覽
名稱與所有者PAGalaxyLab/YAHFA
主編程語言Java
編程語言Java (語言數: 4)
平台
許可證GNU General Public License v3.0
所有者活动
創建於2017-03-30 06:45:05
推送於2024-07-22 23:50:28
最后一次提交2022-08-29 09:21:23
發布數2
最新版本名稱v0.11.0 (發布於 2020-11-23 09:51:14)
第一版名稱v0.10.0 (發布於 2020-04-04 17:51:41)
用户参与
星數1.6k
關注者數73
派生數356
提交數176
已啟用問題?
問題數140
打開的問題數50
拉請求數33
打開的拉請求數2
關閉的拉請求數2
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?