It is an introduction to the Native Hook mechanism, which is a function hook mechanism in Android. It is implemented in Bionic linker, which is the dynamic linker in Android. With Native Hook mechanism enabled, you can hook any native function with another one, without any modification to the existing libraries.
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Microservice With Spring Boot and Spring CloudEberhard Wolff
Spring Boot and Spring Cloud are an ideal foundation for creating Microservices based on Java. This presentation explains basic concepts of these libraries.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeNSConclave
The speaker is going to conduct a hands-on instrumentation workshop on android using Frida. Frida is a popular instrumentation framework that is really helpful in the dynamic analysis of Android apps.
https://nsconclave.net-square.com/dynamic-instrumentation.html
Multithreading in java is a process of executing multiple threads simultaneously. The thread is basically a lightweight sub-process, the smallest unit of processing. Multiprocessing and multithreading, both are used to achieve multitasking.
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
Microservice With Spring Boot and Spring CloudEberhard Wolff
Spring Boot and Spring Cloud are an ideal foundation for creating Microservices based on Java. This presentation explains basic concepts of these libraries.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeNSConclave
The speaker is going to conduct a hands-on instrumentation workshop on android using Frida. Frida is a popular instrumentation framework that is really helpful in the dynamic analysis of Android apps.
https://nsconclave.net-square.com/dynamic-instrumentation.html
Multithreading in java is a process of executing multiple threads simultaneously. The thread is basically a lightweight sub-process, the smallest unit of processing. Multiprocessing and multithreading, both are used to achieve multitasking.
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)GangSeok Lee
2014 CodeEngn Conference 10
앱의 라이브러리를 내맘대로~
후킹은 이미 분석이나 개발등 다양한 목적으로 많이 사용되고 있다. 기존의 함수 후킹을 ARM 아키텍처 환경인 안드로이드에서 어떻게 구현했는지에 대해 알아보고 구현된 도구를 통해 안드로이드 환경에서 후킹을 어떻게 활용할 수 있는지에 대해 알아본다.
http://codeengn.com/conference/10
http://codeengn.com/conference/archive
Making Java more dynamic: runtime code generation for the JVMRafael Winterhalter
While Java’s strict type system is a great help for avoiding programming errors, it also takes away some of the flexibility that developers appreciate when using dynamic languages. By using runtime code generation, it is possible to bring some of this flexibility back to the Java virtual machine. For this reason, runtime code generation is widely used by many state-of-the-art Java frameworks for implementing POJO-centric APIs but it also opens the door to assembling more modular applications. This presentation offers an introduction to the complex of runtime code generation and its use on the Java platform. Furthermore, it discusses the up- and downsides of several code generation libraries such as ASM, Javassist, cglib and Byte Buddy.
Presentation Slides by Pipat Methavanitpong about the author for Seminar class Nov 19, 2012 at Kunieda-Isshiki Laboratory, Tokyo Institute of Technology.
JavaScript and popular programming paradigms (OOP, AOP, FP, DSL). Overview of the language to see what tools we can leverage to reduce complexity of our projects.
This part goes over language features and looks at OOP and AOP with JavaScript.
The presentation was delivered at ClubAJAX on 2/2/2010.
Blog post: http://lazutkin.com/blog/2010/feb/5/exciting-js-1/
Continued in Part II: http://www.slideshare.net/elazutkin/exciting-javascript-part-ii
Strategies to improve embedded Linux application performance beyond ordinary ...André Oriani
he common recipe for performance improvement is to profile an application, identify the most time-consuming routines, and finally select them for optimization. Sometimes that is not enough. Developers may have to look inside the OS searching for performance improvement opportunities. Or they might need to optimize code inside a third party library they do not have access to. For those cases, other strategies shall be used. This presentation reports the experiences of Motorola's Brazilian developers reducing the startup time of an application on Motorola's MOTOMAGX embedded Linux platform. Most of the optimization was performed in the binary loading stage, prior to the execution of the entry point function. This endeavor required use of Linux ABI and Linux Loader going beyond typical bottleneck searching. The presentation will cover prelink, dynamic library loading, tuning of shared objects, and enhancing user experience. A live demo will show the use of prelink and other tools to improve performance of general Linux platforms when libraries are used.
Mistakes to avoid when designing DLLs and thoughts about other platforms to deliever with your DLL.
Some compilers provide mechanisms to automatically export all functions and variables in a library that have external linkage. Avoid using any such mechanisms. Export exactly the interface that you need to export, and no more.
JavaScript and popular programming paradigms (OOP, AOP, FP, DSL). Overview of the language to see what tools we can leverage to reduce complexity of our projects.
This part goes over more language features and looks at FP, and DSLs with JavaScript.
The presentation was delivered at ClubAJAX on 3/2/2010.
Blog post: http://lazutkin.com/blog/2010/mar/4/exciting-js-2/
Beginning is Part I: http://www.slideshare.net/elazutkin/exciting-javascript-part-i
[Defcon24] Introduction to the Witchcraft Compiler CollectionMoabi.com
With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code ‘reuse’ by relinking those relocatable objects as arbitrary shared libraries, we'll create a form of binary reflection, add scripting capabilities and in memory debugging using a JIT compiler, to attain automated API prototyping and annotation, which, we will argue, constitutes a primary form of binary code self awareness. Finally, we'll see how abusing the dynamic linker internals shall elegantly solve a number of complex tasks for us, such as calling a given function within a binary without having to craft a valid input to reach it.
The applications in terms of vulnerability exploitation, functional testing, static analysis validation and more generally computer wizardry being tremendous, we'll have fun demoing some new exploits in real life applications, and commit public program profanity, such as turning PEs into ELFs, functional scripting of sshd in memory, stealing crypto routines without even disassembling them, among other things that were never supposed to work. All the above techniques have been implemented into the Wichcraft Compiler Collection, to be released as proper open source software (MIT/BSD-2 licenses) exclusively at DEF CON 24.
Jonathan Brossard is a computer whisperer from France, although he's been living in Brazil, India, Australia and now lives in San Francisco. For his first conference at DEF CON 16, he hacked Microsoft Bitlocker, McAffee Endpoint and a fair number of BIOS Firmwares. During his second presentation at DEF CON 20, he presented Rakshasa, a BIOS malware based on open source software, the MIT Technology review labeled "incurable and undetectable".
This year will be his third DEF CON ... Endrazine is also known in the community for having run the Hackito Ergo Sum and NoSuchCon conferences in France, participating to the Shakacon Program Committee in Hawaii, and authoring a number of exploits over the past decade. Including the first remote Windows 10 exploit and several hardcore reverse engineering tools and whitepapers. Jonathan is part of the team behind MOABI.COM, and acts as the Principal Engineer of Product Security at Salesforce.
Twitter: @endrazine
Facebook: toucansystem
https://moabi.com
Basic student guide for learning CLIPS Expert System Language an Artificial Intelligent field,
This document used to teach Bachelor Student in the LAB of Computer Sciences in UQU.
This PPT File helps IT freshers with the Basic Interview Questions, which will boost there confidence before going to the Interview. For more details and Interview Questions please log in www.rekruitin.com and click on Job Seeker tools. Also register on the and get employed.
By ReKruiTIn.com
Similar to Native hook mechanism in Android Bionic linker (20)
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
HEAP SORT ILLUSTRATED WITH HEAPIFY, BUILD HEAP FOR DYNAMIC ARRAYS.
Heap sort is a comparison-based sorting technique based on Binary Heap data structure. It is similar to the selection sort where we first find the minimum element and place the minimum element at the beginning. Repeat the same process for the remaining elements.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...ssuser7dcef0
Power plants release a large amount of water vapor into the
atmosphere through the stack. The flue gas can be a potential
source for obtaining much needed cooling water for a power
plant. If a power plant could recover and reuse a portion of this
moisture, it could reduce its total cooling water intake
requirement. One of the most practical way to recover water
from flue gas is to use a condensing heat exchanger. The power
plant could also recover latent heat due to condensation as well
as sensible heat due to lowering the flue gas exit temperature.
Additionally, harmful acids released from the stack can be
reduced in a condensing heat exchanger by acid condensation. reduced in a condensing heat exchanger by acid condensation.
Condensation of vapors in flue gas is a complicated
phenomenon since heat and mass transfer of water vapor and
various acids simultaneously occur in the presence of noncondensable
gases such as nitrogen and oxygen. Design of a
condenser depends on the knowledge and understanding of the
heat and mass transfer processes. A computer program for
numerical simulations of water (H2O) and sulfuric acid (H2SO4)
condensation in a flue gas condensing heat exchanger was
developed using MATLAB. Governing equations based on
mass and energy balances for the system were derived to
predict variables such as flue gas exit temperature, cooling
water outlet temperature, mole fraction and condensation rates
of water and sulfuric acid vapors. The equations were solved
using an iterative solution technique with calculations of heat
and mass transfer coefficients and physical properties.
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
Native hook mechanism in Android Bionic linker
1. Android Dynamic Framework :
Native Hook Mechanism in Bionic Linker
Mai-Hsuan Chia
Shih-Wei Liao
Department of Computer Science and Information Engineering
National Taiwan University
10. Android Dynamic Framework
Class A Class B
HookTable
...
class
linker
Method A1
Method A2
Method B1
Method B2
1. Query HookTable
11. Android Dynamic Framework
Class A Class B
HookTable
...
class
linker
Method A1
Method A2
Method B1
Method B2
Replace
ClassA::A1 with
ClassB::B1
1. Query HookTable
12. Android Dynamic Framework
Class A Class B
HookTable
...
class
linker
Method A2
Method B1
Method B2
Method B1
2. Do method hooking
13. ● C library in Android
● Forked from BSDs rather than from GNU/Linux
○ To avoid license problems
● Smaller
● Faster
Bionic
21. Motivation
● (1) method hook can be done in the existing Android Dynamic
Framework
● However, (2) dlopen native hook and (3) native to native hook
cannot not be done.
22. Motivation
● Native hook mechanism can do both (2) dlopen native hook and
(3) native to native hook
23. Motivation
With Native hook mechanism integrated,
Android Dynamic Framework can be more complete and powerful
38. Load needed libraries
liba1.soexe liba2.so libb1.so libb2.so ...
● find_libaries(exe, needed_libraries_names)
○ step 2 : turn dependencies tree into libraries_list in
Breadth First Search(BFS) order
libraries_list
dependencies tree
39. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
foreach lib in libraries_list {
foreach rel in lib.dynamic_relocation_table {
symbol = rel.sym;
soinfo_do_lookup(symbol, lib, libraries_list);
}
}
40. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
41. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
NOT FOUND
42. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
NOT FOUND
43. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
FOUND
ok
44. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
if sym_k is defined in lib:
sym_k = lib.find(sym)
else:
lib = lib->next;
ok
45. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
exe
sym_1
sym_n
...
ok
ok
46. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
liba1.so
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
47. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
...
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
48. Link the application and all libraries
● find_libaries(exe, needed_libraries_names)
○ step 3 : relocate all to-be-relocated symbols in the
application and libraries
liba1.soexe liba2.so libb1.so libb2.so ...
libraries_list
...
sym_1
sym_n
...
if sym_1 is defined in lib:
sym_1 = lib.find(sym)
else:
lib = lib->next;
It is DONE until all libraries are linked
49. Jump to the application’s entry
/system/bin/linker
high
low
Memory space
executable
liba1.so
liba2.so
libb1.so
...
● jump to executable’s _start.
50. The executable is loaded successfully
● And start to execute
/system/bin/linker
high
low
Memory space
liba1.so
liba2.so
libb1.so
...
.text section
_start:
….
….
executable
53. Native hook mechanism
Modified codes are mainly in two parts
● Load hooking libraries in find_libraries()
○ Init native_hook_table
○ Look up native_hook_table
○ Load hooking_library
● Replace hooked_symbol with hooking_symbol in soinfo_do_lookup()
○ Look up native_hook_table
○ Replace every hooked_symbol in hooked_library with hooking_symbol in
hooking_library
54. Native hook file format
in /system/nh_file.txt
< hooked_lib_name:hooked_symbol:hooking_lib_name:hooking_symbol >
60. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi
hi ha
linker
0. relocate symbol
61. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
NOT FOUND
hi
62. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
FOUND
hi
63. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
FOUND
hi
1. look up native
hook table
liba1.so:hi is to be hooked
64. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
hi
1. look up native
hook table
2. find libhooking.so:ha
65. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
ha
3. relocate hooked_symbol “hi”
with the hooking_symbol “ha”
66. // in libnativehook.so
#include “native_hook.h”
void* find_lib_symbol(char* lib_name, char* symbol)
{
// Using dl_iterate_phdr() to get the symbol’s address
// in the loaded library whose name is lib_name.
…
return ptr_to_symbol;
}
Before/After hook SDK
67. How find_lib_symbol() works ?
With the following facts, we can get the hooked_symbol in hooked_library with
dl_iterate_phdr(callback, void* data)
● hooked_lib is loaded in the memory
● dl_iterate_phdr()iterates all loaded libraries in the process, and get each
library’s program header and base address.
● With library’s program header, we can get .dynamic segment, and therefore we get
.dynstr and .dynsym section
● With .dynsym and .dynstr, we can find the offset of hooked_symbol in hooked_lib.
● hooked_symbol_addr = base address + offset
68. // in libmine.so
#include “native_hook.h”
double my_sin(double x)
{
char hooked_lib[] = "/system/lib/libm.so";
char hooked_symbol[] = "sin";
double (*hooked_sin)(double) = find_lib_symbol(hooked_lib, hooked_symbol);
/*
before hook : you can do something before calling hooked_func
*/
double result = hooked_sin(x);
/*
after hook : you can do something after calling hooked_func
*/
result += 5566;
return result;
}
After hook example
69. After hook example
// in main.c
#include <math.h>
#include <stdio.h>
#define PI 3.14159265
int main(void)
{
double angle = 30.0;
double result = sin((angle * PI) /
180);
printf(“sin(%lf) = %lfn”, angle,
result);
return 0;
}
libm.so:sin:libmine.so:my_sin
...
Native Hook Table
$ ./main
sin(30.000000) = 5566.500000
75. ● Hook functions that affect the performance of applications in
Android
● Scenario
○ Functions in libm.so are not good enough for some special
purpose, we can hook the function with the optimized one.
Boosting apps performance
78. Security sandbox
● Use “before hook” to hook the open()in libc
● Examine the filename and other parameters in advance
○ If the to-be-written file is a critical file, we let the app open another file to write
without consciousness.
80. Security sandbox
f = open(“/data/critical.txt”, ‘w’);
...
modifying critical.txt ...
...
App
Sandbox
/data/critical.txt
should not be
modified.
81. Security sandbox
f = open(“/data/critical.txt”, ‘w’);
...
modifying critical.txt ...
...
App
Sandbox
f = open(“/data/another.txt”, ‘w’);
In the sandbox, app is deceived to write to
“/data/another.txt” instead of
“/data/critical.txt”.
82. Security sandbox
App
Sandbox
f = open(“/data/another.txt”, ‘w’);
f = open(“/data/another.txt”, ‘w’);
...
modifying another.txt ...
...
83. ● Provide more easy-to-use API for Native Hook in Android
○ Native Hook SDK
Future works
84. ● Completely integrate Native Hook into Android Dynamic
Framework
○ Provide hooking between Java method and native functions.
Future works
Integrated Hook Table
liba.so:funca:libb.so:funcb # hook native to native
classA:methoda:classB:methodb # hook java to java
classA:methoda:libb.so:funcb # hook java to native
libb.so:funcb:classA:methoda # hook native to java
...
85. Conclusion
● Native Hook mechanism is a strong and useful framework in
Android allowing developers to replace native functions at
runtime without modifying the existing functions.
● Native Hook is more powerful than Java method hook
mechanisms because it is implemented in Bionic Linker.
● With Before/After hook mechanism, you can do whatever you
want before/after any existing function.
● With Native Hook enabled, it suffers only little overhead to
load nh_file and hooking libraries.
89. void* find_lib_symbol(char* lib_name, char* symbol)
{
// Using dl_iterate_phdr() to get the symbol’s address
// in the loaded library whose name is lib_name.
static void* unordered_map<std::string, void*> cache = nullptr;
std::string lib_symbol = std::string(lib_name) + symbol;
if (cache) {
unordered_map<std::string, void*>::iterator it = cache.find(lib_symbol);
if (it != cache.end()) {
return it->second;
}
}
…
// find ptr_to_symbol
if (ptr_to_symbol) {
cache[lib_symbol] = ptr_to_symbol;
}
return ptr_to_symbol;
}
Before/After hook with cache in find_lib_symbol
90. Replace hooked_symbol with hooking_symbol
liba1.soexe liba2.so libhooking.s
o
libraries_list
liba1.so:hi:libhooking.so:ha
...
Native Hook Table
exe
hi ha
linker
FOUND
hi
1. look up native
hook table
liba1.so:hi is to be hooked
2. find libhooking.so:ha