Skip to content
A linux / android hooking framework
C++ CMake Kotlin Java
Branch: develop
Clone or download
Latest commit 14b211e Nov 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
androidTest added first linux test Nov 2, 2019
docs/res CHG : Added the some icons for status Nov 2, 2019
examples reverted include change Nov 5, 2019
gradle/wrapper initial commit Oct 29, 2019
linuxTest improved readme Nov 2, 2019
macTest changed NULL to nullptr Nov 5, 2019
src changed "" of include to <> Nov 4, 2019
test
.gitignore CHG : Adding logging for the library on the way to platform independency Nov 1, 2019
CMakeLists.txt added platform checks to cmake Nov 2, 2019
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Nov 2, 2019
LICENSE fixed company names Oct 30, 2019
README.md update readme Nov 3, 2019
_config.yml Set theme jekyll-theme-hacker Oct 29, 2019
azure-pipelines.yml
build.gradle added some tests Oct 31, 2019
build.xml update build badges Nov 3, 2019
gradle.properties fixed gradle properties Oct 30, 2019
gradlew initial commit Oct 29, 2019
gradlew.bat fixed x86_64 support Oct 30, 2019
logo.png forgot to add logo... Oct 30, 2019
settings.gradle renamed android test folder Oct 30, 2019

README.md

Build & Test
macOS macOS Build & Test
Linux Linux Build & Test

ChickenHook

ChickenHook logo

General

ChickenHook is a multi architecture hooking framework.

Supported architectures: x86, arm64, x86_64 (experimental) Supported platforms: Android, Linux

Requirements

  • ant

Linux and MacOS

  • cmake
  • make

Android

  • Android SDK
  • Android NDK
  • Android Studio (Optional)

Usage

  1. Create the hook function (the function that should be called instead of the original function)

example here shows a hook function for libc's open

    int my_open(const char *__path, int __flags, ...) {
        // this my_open will be called instead of doIt

        __android_log_print(ANDROID_LOG_DEBUG, "stringFromJNI", "open called [-] %s", __path);
        // yeah we're inside! But sometimes you want to call the original function also.
        // For this purpose we try to retrieve the corresponding trampoline.
        int res = -1;
        Trampoline trampoline;
        if (chickenHook.getTrampolineByAddr((void *) &open, trampoline)) {
            __android_log_print(ANDROID_LOG_DEBUG, "stringFromJNI",
                            "hooked function call original function");
            // Now we copy the original function code into the original function
            trampoline.copyOriginal();
            // We call the function
            res = open(__path, __flags);
            // afterwards we install our trampoline again
            trampolinecode;
            // that's it!
            return res;
        } else {
            __android_log_print(ANDROID_LOG_DEBUG, "stringFromJNI",
                            "hooked function cannot call original function");
        }
        return -1;
    }
  1. Inject the trampoline (enable the hook)
    ChickenHook::getInstance().hook((void *) &open, (void *) &my_open);

Build

Currently ChickenHook can be build for Linux and Android and MacOs.

Linux

ant configure-linux compile-linux test-linux

artifacts will be in build/libs/

Android

Use as an Android Studio project or:

ant configure-android compile-android test-android

MacOS

ant configure-mac compile-mac test-mac install-mac

artifacts will be in ./artifactsOut

Include in your Project

WIP

You can’t perform that action at this time.