Skip to content
/ Android-Native-Import-Hide Public
forked from reveny/Android-Native-Import-Hide

A library for hiding and retrieving imports in ELF binaries.

License

GPL-3.0 license
1 star 33 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

x20888450/Android-Native-Import-Hide

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
images
images
 
 
single_header
single_header
 
 
src
src
 
 
CMakeLists.txt
CMakeLists.txt
 
 
CMakePresets.json
CMakePresets.json
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Test.cpp
Test.cpp
 
 

Repository files navigation

Android-Native-Import-Hide

A library for hiding and retrieving imports in ELF binaries.

Features

  • Hide and retrieve symbols in ELF binaries
  • Support for multiple architectures (x86_64, ARM, ARM64)
  • Cache resolved symbols for performance
  • Thread-safe symbol resolution
  • Detailed logging for debugging purposes
  • Check hooking before calling (ARM and ARM64 only)
  • Prevent hooking completely

Build and Installation

Compatible Compilers

  • GCC or Clang
  • Make
  • CMake

Clone the repository:

git clone https://github.com/reveny/Android-Native-Import-Hide.git
cd Android-Native-Import-Hide

To include the library in your project, add the following line to your source code:

#include "HideImport.hpp"

Usage

Here is a simple example demonstrating how to use the library and make sure to include HideImport.cpp in the source file list:

Using HI_GET

#include <stdio.h>
#include "HideImport.hpp"

int main() {
    HI_FUNCTION_POINTER(my_malloc, void*, size_t size) = HI_GET("libc.so", "malloc");

    void *testMemory = my_malloc(20);
    printf("my_malloc test returned: %p\n", testMemory);
    free(testMemory);

    return 0;
}

Using HI_CALL

#include <stdio.h>
#include "HideImport.hpp"

int main() {
    void *testMemory2 = HI_CALL("libc.so", malloc, void*, size_t)(15);
    printf("malloc test 2 returned: %p\n", testMemory2);
    free(testMemory2);

    return 0;
}

Using HI_SAFE

#include <stdio.h>
#include "HideImport.hpp"

int main() {
    void *testMemory2 = HI_CALL_SAFE("libc.so", malloc, void*, size_t)(15);
    printf("malloc test 2 returned: %p\n", testMemory2);
    free(testMemory2);

    return 0;
}

The SAFE version will check if the function is hooked before calling. If the function happens to be hooked, the call will not be executed and return NULL.

Single Header Library

A single header version of the library is available for convenience. Simply include single_header/HideImport.hpp in your project.

Preview

Disassembly without string encryption:
Preview

Disassembly with string encryption:
Preview

Credits

Special thanks to:

  • ARandomPerson for doing a lot of the work and the significant contribution and collaboration on this project.
  • Ac3ss0r for some inspiration from ShellcodeLab
  • LSPlt for inspiration from their module listing implementation: LSPlt

Contact

Feel free to reach out via:

License

This project is licensed under the GPLv3 License. See the LICENSE file for details.

About

A library for hiding and retrieving imports in ELF binaries.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 98.8%
  • CMake 1.2%