Any idea about this error I'm getting with "make test"?

`MacBook-Pro-Bran:arminject-master bran$ make test
[armeabi-v7a] Compile++ thumb: hook <= main.cpp
[armeabi-v7a] Compile++ thumb: hook <= hook.cpp
[armeabi-v7a] Compile++ thumb: hook <= report.cpp
[armeabi-v7a] Compile++ thumb: hook <= io.cpp
[armeabi-v7a] SharedLibrary : libhook.so
[armeabi-v7a] Install : libhook.so => libs/armeabi-v7a/libhook.so
[armeabi-v7a] Compile++ thumb: injector <= main.cpp
[armeabi-v7a] Executable : injector
[armeabi-v7a] Install : injector => libs/armeabi-v7a/injector
python test.py
@ Pushing files to /data/local/tmp ...
adb I 2522 14384 usb_osx.cpp:259] Found vid=22b8 pid=2e76 serial=ZX1B24GXK3
adb I 2522 14384 usb_osx.cpp:259]

@ Starting com.android.chrome/com.google.android.apps.chrome.Main ...
Traceback (most recent call last):
File "test.py", line 48, in
pid = adb.start_activity( process, activity )
File "/Users/bran/Documents/arminject-master/pyadb/adb.py", line 63, in start_activity
return self.get_pid( proc )
File "/Users/bran/Documents/arminject-master/pyadb/adb.py", line 57, in get_pid
return int( self.sudo( "pidof %s" % proc ).strip() )
ValueError: invalid literal for int() with base 10: ''
make: *** [test] Error 1`

Hello, When run command make test, I get this error:
I/LIBHOOK ( 6626): dlopen error: dlopen failed: invalid flags to dlopen: 4.

V/ActivityThread( 9902): ActivityThread,callActivityOnCreate
I/DEBUG ( 2757): x0 00000000fffffffc x1 00000000f21028f0 x2 0000000000000010 x3 00000000ffffffff
I/DEBUG ( 2757): x4 0000000000000000 x5 0000000000000008 x6 0000000000000001 x7 00000000a4fa1000
I/DEBUG ( 2757): x8 0000000000000016 x9 00000000a4fa1e18 x10 0000000000000003 x11 0000000000000001
I/DEBUG ( 2757): x12 0000000000000001 x13 00000000a4fa1fa0 x14 0000000000000000 x15 0000000055555410
I/DEBUG ( 2757): x16 0000007fa4f9aae0 x17 0000007fa4f18974 x18 0000007fa4fa1000 x19 00000055972147d0
I/DEBUG ( 2757): x20 0000007ff21028f0 x21 00000000ffffffff x22 00000055972147ec x23 0000000000000000
I/DEBUG ( 2757): x24 0000005597214870 x25 0000000012c6a2b0 x26 0000000000000000 x27 00000000ffffffff
I/DEBUG ( 2757): x28 0000000000000000 x29 0000007ff2102820 x30 0000007fa4f18998
I/DEBUG ( 2757): sp 0000007ff2102820 pc 00000000a4f5f3ac pstate 0000000060000000
I/DEBUG ( 2757):
I/DEBUG ( 2757): backtrace:
I/DEBUG ( 2757): #00 pc 00000000a4f5f3ac
I/DEBUG ( 2757): #1 pc 000000010000007f
W/libbacktrace( 2757): virtual bool BacktracePtrace::ReadWord(uintptr_t, word_t*): invalid pointer 0xf2102e087080a8e8 reading from tid 11607, ptrace() strerror(errno)=I/O error

hi, I just want hook a method in libdvm.so, the method name is "dvmResolveClass", first issue is " si = (struct soinfo )dlopen( soname, 4 / RTLD_NOLOAD */ );" there is no flag RTLD_NOLOAD. than I change it to RTLD_GLOBAL. in this way, I can find the symbol, and get "sym_offset=14", but at last, I get a message "Unable to find symbol in the reloc tables". what wrong?

• eg. "/data/local/tmp/libhook.so" = 26 bytes + (align remaining bytes) = malloc(28)
• malloc does not initialize the bytes to 0, therefore when you (https://github.com/evilsocket/arminject/blob/master/jni/injector/traced.hpp#L146):

/*
You copy 26 bytes, the remaining alignment bytes bytes are junk (not \0\0),
PTRACE_POKETEXT will write those 2 junk bytes from malloc(28)!
*/
memcpy(ptr, buf, blen);

• The remote write then becomes "/data/local/tmp/libhook.so??" instead of "/data/local/tmp/libhook.so\0\0"
• Finally, when the remote dlopen is called, it's looking up a bad filename and thus fails
  to inject

Solution:

Use calloc() instead of malloc() (https://github.com/evilsocket/arminject/blob/master/jni/injector/traced.hpp#L144)

char *ptr = (char *)calloc(blen + blen % sizeof(size_t),1);

PS. Sometimes you'll get real lucky and malloc actually returns 0 initialized bytes in the alignment area, masking this elusive issue! ;)

Cheers!

Martin Alexander

make test lunch Chrom with a blank screen with following output:

@ Starting com.android.chrome/com.google.android.apps.chrome.Main ...
@ Injection into PID 16594 starting ...
--------- beginning of main
--------- beginning of system
01-03 13:09:11.769 16594 16594 I LIBHOOK : LIBRARY LOADED FROM PID 16594.
01-03 13:09:11.779 16594 16594 I LIBHOOK : Found 125 loaded modules.
01-03 13:09:11.779 16594 16594 I LIBHOOK : Installing 12 hooks.
01-03 13:09:11.779 16594 16594 I LIBHOOK : [0x72606000] Hooking /data/dalvik-cache/arm/system@[email protected] ...
01-03 13:09:11.780 16594 16594 I LIBHOOK : [0x91580000] Hooking /data/app/com.android.chrome-1/base.apk ...
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : [0x9D5CD000] Hooking /system/lib/libqdutils.so ...
01-03 13:09:11.782 16594 16594 I LIBHOOK :   open - 0xece0c102 -> 0x9d491fad
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.782 16594 16594 I LIBHOOK :   close - 0xe51b0014 -> 0x9d49195d
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : [0x9D5D5000] Hooking /system/lib/libmemalloc.so ...
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : [0x9D5DF000] Hooking /data/app/com.android.chrome-1/lib/arm/libchromium_android_linker.so ...
01-03 13:09:11.784 16594 16594 I LIBHOOK : [0x9D886000] Hooking /system/lib/hw/gralloc.msm8974.so ...
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : [0x9E664000] Hooking /data/app/com.android.chrome-1/oat/arm/base.odex ...
01-03 13:09:11.785 16594 16594 I LIBHOOK : [0xA7F57000] Hooking /system/lib/libwebviewchromium_loader.so ...

Hello, I've been trying to run it but the script stops at this point:
python test.py
@ Pushing files to /data/local/tmp ...
@ Starting com.instagram.android/.activity.MainTabActivity ...
@ Injection into PID 3472 starting ...
--------- beginning of main
--------- beginning of system

Do you have any idea why? I have installed busybox to accept grep command.
Thank you in advance!

I run on Mac OSX, target: BlueStack emulator, problems: below. Please check ...

make test

make[1]: Entering directory /Users/xxx/Downloads/arminject-master' Compile++ thumb : hook <= main.cpp Compile++ thumb : hook <= hook.cpp Compile++ thumb : hook <= report.cpp Compile++ thumb : hook <= io.cpp SharedLibrary : libhook.so Install : libhook.so => libs/armeabi-v7a/libhook.so Compile++ thumb : injector <= main.cpp Executable : injector Install : injector => libs/armeabi-v7a/injector make[1]: Leaving directory/Users/xxx/Downloads/arminject-master'
python test.py
@ Pushing files to /data/local/tmp ...
@ Starting com.android.chrome/com.google.android.apps.chrome.Main ...
Traceback (most recent call last):
File "test.py", line 48, in
pid = adb.start_activity( process, activity )
File "/Users/xxx/Downloads/arminject-master/pyadb/adb.py", line 63, in start_activity
return self.get_pid( proc )
File "/Users/xxx/Downloads/arminject-master/pyadb/adb.py", line 57, in get_pid
return int( self.sudo( "pidof %s" % proc ).strip() )
ValueError: invalid literal for int() with base 10: '/system/bin/sh: su: not found'
make: *** [test] Error 1

hello, its probably not a issue , im sorry, but i dont know why i got this error :

ruby 2.0.0p645 (2015-04-13) [i386-mingw32]

c:\arminject>adb devices
List of devices attached
20080411 device

c:\arminject>python
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.

c:\arminject>make test
make.exe[1]: Entering directory `/c/arminject'

[armeabi-v7a] Cygwin : Generating dependency file converter script
[armeabi-v7a] Compile++ thumb: hook <= main.cpp
[armeabi-v7a] Compile++ thumb: hook <= hook.cpp
[armeabi-v7a] Compile++ thumb: hook <= report.cpp
[armeabi-v7a] Compile++ thumb: hook <= io.cpp
[armeabi-v7a] SharedLibrary : libhook.so
[armeabi-v7a] Install : libhook.so => libs/armeabi-v7a/libhook.so
[armeabi-v7a] Compile++ thumb: injector <= main.cpp
[armeabi-v7a] Executable : injector
[armeabi-v7a] Install : injector => libs/armeabi-v7a/injector
make.exe[1]: Leaving directory `/c/arminject'
python test.py
'which' is not recognized as an internal or external command,
operable program or batch file.

[STDERR] :
Traceback (most recent call last):
File "test.py", line 30, in
adb = ADB()
File "c:\arminject\pyadb\adb.py", line 34, in init
raise "ADB binary not found in PATH."
TypeError: exceptions must be old-style classes or derived from BaseException, not str
make: *** [test] Error 1

c:\arminject>

Hello, nothing shows when injecting a process in Android Marshmallow. Might it be a KNOX thing?

I installed adb and sdk\ndk and added path to ndk-build to ./zshrc but whatever I have the problem:

Android NDK: WARNING: APP_STL stlport_shared is deprecated and will be removed in the next release. Please switch to either c++_static or c++_shared. See https://developer.android.com/ndk/guides/cpp-support.html for more information.
make[1]: Entering directory `/Users/plrs/code/arminject'
[armeabi-v7a] Compile++ thumb: hook <= main.cpp
[armeabi-v7a] Compile++ thumb: hook <= hook.cpp

jni/libhook/hook.cpp:101:5: error: no matching function for call to 'mprotect'
mprotect(aligned_pointer, pagesize, PROT_WRITE | PROT_READ);
^~~~~~~~
/Users/plrs/Library/android/sdk/ndk-bundle/sysroot/usr/include/sys/mman.h:77:5: note: candidate function not viable: 1st argument ('const void *') would lose const qualifier

int mprotect(void* __addr, size_t __size, int __prot);
^
jni/libhook/hook.cpp:106:5: error: no matching function for call to 'mprotect'
mprotect(aligned_pointer, pagesize, PROT_READ);
^~~~~~~~
/Users/plrs/Library/android/sdk/ndk-bundle/sysroot/usr/include/sys/mman.h:77:5: note: candidate
function not viable: 1st argument ('const void *') would lose const qualifier

int mprotect(void* __addr, size_t __size, int __prot);
^
2 errors generated.

make[1]: *** [obj/local/armeabi-v7a/objs/hook/hook.o] Error 1
make[1]: Leaving directory `/Users/plrs/code/arminject'
make: *** [all] Error 2

What does it mean? What is the problem?

When I run the script I get:

@ Injection into PID 1234 starting ...

--------- beginning of /dev/log/main
--------- beginning of /dev/log/system

I've modified the code in test.py a little bit to print the output of the command in the console:

print(adb.sudo( "/data/local/tmp/injector %d /data/local/tmp/libhook.so" % pid ))

What I got is:

sh: /data/local/tmp/injector: not executable: magic 7F45

Has anyone else had the same problem with the injector file?

The issue is as mentioned above. The following output confirms that the library was loaded in the remote process.

beryllium:/data/local/tmp # ./injector 15449 libhook.so                                                                                                                                  
@ Injecting library libhook.so into process 15449.

@ Calling dlopen in target process ...
@ dlopen returned 0xA8F8DD10

However, there are no entries in logcat, both in the script and in a separate terminal.

Running the injector on Android 5.1.1, dlopen returns NULL as below:

Is it related with SELinux? SELinux status is Enforcing on my device, while I can make ptrace call to other process.