As you may know, these commercail emulators use x86 (kernel) and arm (user land) mixed-mode method to accelerate the emulation and this makes it difficult to hook the native arm libraries. This emulator hooking framework is intented to solve this problem.
- Modify the jni/realinject.c file. You can hook functions both by address or by the function's symbol name:
static struct hook_t eph1; static struct hook_t eph_sendto; ... ... /*On BlueStacks*/ //hook_by_addr(&eph1, "arm/libc.so", target_addr, hook_func1); /*Other emulators*/ hook_by_name(&eph_sendto, "nb/libc.so", "sendto", hook_sendto);
Notice: If you are hooking system libraries like "libc.so", please make sure you are giving the right path of the arm version binary.
Push the following 3 binary to android /data/local/tmp directory:
Or just run
- On android, type
- For NOX emulator, you should use the Android 5.1.1 instead of the default 4.4.2.
- Also see this repo: XEHook.
Thanks to these 大神s' work. They made my life much easier. https://github.com/zhengmin1989/TheSevenWeapons/tree/master/LiBieGou