Hooking /system/bin/linker

[jacobvhall]

Hello, I want to hook usages of open in linker, but it is not working. I can hook open in other libs, like libart but not in the linker. Is this not possible with xHook?

I want to hook this open specifically http://androidxref.com/5.0.0_r2/xref/bionic/linker/linker.cpp#723

Thank you for your wonderful tool.

int (*old_open)(const char *pathname, int flags, mode_t mode);
int my_open(const char *pathname, int flags, mode_t mode) {

    int result = old_open(pathname, flags, mode);
    __android_log_print(ANDROID_LOG_DEBUG, "xHook", "open - %s, %d, result %d", pathname, flags, result);
    return result;
}

JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM* vm, void* reserved) {
    JNIEnv* env;
    if (vm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK) {
        return JNI_ERR; // JNI version not supported.
    }
    __android_log_print(ANDROID_LOG_DEBUG, "Culet", " JNI_OnLoad");
    xhook_enable_debug(1);
    xhook_enable_sigsegv_protection(0);
    xhook_register(".*\\linker$", "open", (void *)my_open, (void**)&old_open);
    xhook_refresh(0);
    return  JNI_VERSION_1_6;
}

[caikelun]

No. xHook (or any other PLT hook tools) does not apply to linker.

Linker does not dependent on any dynamic libraries in runtime ...

arm-linux-androideabi-readelf -d ./linker | grep NEEDED

... even libc.so. http://androidxref.com/5.0.0_r2/xref/bionic/linker/Android.mk#49

LOCAL_STATIC_LIBRARIES := libc_nomalloc

Because there is no other dynamic linker that can help the /system/bin/linker load these libraries.

There is almost no relocation info in linker ...

arm-linux-androideabi-readelf -r ./linker

... and this knocked down PLT hook approach.