SkillAgentSearch skills...

Arminject

An application to dynamically inject a shared object into a running process on ARM architectures.

GenerateConvertImprove

Install / Use

/learn @evilsocket/Arminject
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

ARM Inject

An application to dynamically inject a shared object into a running process on ARM architectures and hook API calls.

Read more on:

How to Test

In order to test this, you'll need the Android NDK installed and a device connected to your USB port, then simply run:

make test

This will launch a new Chrome browser instance and inject libhook into it. Once injected the library will hook the open function and print every call to it to the logcat.

@ Pushing files to /data/local/tmp ...
@ Starting com.android.chrome/com.google.android.apps.chrome.Main ...
@ Injection into PID 18233 starting ...

I/LIBHOOK (18233): LIBRARY LOADED FROM PID 18233.
I/LIBHOOK (18233): Found 104 loaded modules.
I/LIBHOOK (18233): Installing 12 hooks.
I/LIBHOOK (18233): [0xA0861000] Hooking /data/app/com.android.chrome-2/lib/arm/libchrome.so ...
I/LIBHOOK (18233): [0xA0A68000] Hooking /data/app/com.android.chrome-2/lib/arm/libchrome.so ...
I/LIBHOOK (18233): [0xAB8A9000] Hooking /system/vendor/lib/egl/libGLESv2_adreno.so ...
I/LIBHOOK (18233): [0xAB9EC000] Hooking /system/vendor/lib/egl/libGLESv1_CM_adreno.so ...
I/LIBHOOK (18233): [0xABA20000] Hooking /system/vendor/lib/libgsl.so ...
I/LIBHOOK (18233):   open - 0xb6f31951 -> 0xa446577c
I/LIBHOOK (18233):   write - 0xb6f55ec8 -> 0xa4464d5c
I/LIBHOOK (18233):   read - 0xb6f56964 -> 0xa4464c70
I/LIBHOOK (18233):   close - 0xb6f552e8 -> 0xa4464e54
I/LIBHOOK (18233):   connect - 0xb6f30365 -> 0xa44657fc
I/LIBHOOK (18233):   sendto - 0xb6f562a0 -> 0xa4465020
I/LIBHOOK (18233):   recvfrom - 0xb6f5679c -> 0xa4465318
I/LIBHOOK (18233):   shutdown - 0xb6f566ac -> 0xa4465518
I/LIBHOOK (18233):   send - 0xb6f33851 -> 0xa4464f28
I/LIBHOOK (18233):   recvmsg - 0xb6f560c0 -> 0xa446542c
I/LIBHOOK (18233):   sendmsg - 0xb6f55de0 -> 0xa4465134
...
...
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 18
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 18
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] open('/data/data/com.android.chrome/shared_prefs/com.google.android.apps.chrome.omaha.xml', 0) -> 18
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 19
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 19
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] read( '/data/data/com.android.chrome/shared_prefs/com.google.android.apps.chrome.omaha.xml', 0xb007c00c, 16384 ) -> 655
I/LIBHOOK (18233): [18233] close( '/data/data/com.android.chrome/shared_prefs/com.google.android.apps.chrome.omaha.xml' ) -> 0
I/LIBHOOK (18233): [18233] write( 'pipe:[4020814]', W, 1, 2147483647 ) -> 1
I/LIBHOOK (18233): [18233] write( '(14)', 18306, 5, -1601827487 ) -> 5
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 22
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 22
I/LIBHOOK (18233): [18233] close( '/dev/ashmem' ) -> 0
I/LIBHOOK (18233): [18233] close( '(22)' ) -> 0
I/LIBHOOK (18233): [18233] read( '(18)', 0xa0860b6c, 16 ) -> 1
I/LIBHOOK (18233): [18233] close( '(24)' ) -> 0
I/LIBHOOK (18233): [18233] close( '(22)' ) -> 0
I/LIBHOOK (18233): [18233] open('/dev/ashmem', 2) -> 22
I/LIBHOOK (18233): [18233] recvfrom( 'socket:[4043146]', nysv, 2400, 64, 0x0, 0 ) -> 24
I/LIBHOOK (18233): [18233] recvfrom( 'socket:[4043146]', nysv, 2400, 64, 0x0, 0 ) -> -1
I/LIBHOOK (18233): [18233] read( '(18)', 0xa0860b6c, 16 ) -> 1
I/LIBHOOK (18233): [18233] write( 'pipe:[4020814]', W, 1, 2147483647 ) -> 1
I/LIBHOOK (18233): [18233] recvfrom( 'socket:[4043184]', , 2264, 64, 0x0, 0 ) -> -1
I/LIBHOOK (18233): [18233] write( 'pipe:[4043980]', W, 1, -1 ) -> 1
...
...
@ CTRL+C detected, killing process ...

Note

Most of the ELF manipulation code inside the file hook.cpp of libhook was taken from the Andrey Petrov's blog post "Android hacking: hooking system functions used by Dalvik" and fixed by me ( the original source code didn't work due to page align, memory protection, etc ).

License

Released under the BSD license.
Copyright © 2015, Simone Margaritelli evilsocket@gmail.com
All rights reserved.

Related Skills

node-connect

344.4k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

99.2k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

344.4k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

344.4k

QQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。

evilsocket

View profile

View on GitHub
GitHub Stars453
CategoryDevelopment
Updated4mo ago
Forks156
evilsocket/arminject

Languages

C++

Security Score

77/100

Audited on Dec 2, 2025

No findings