A library for hiding and retrieving imports in ELF binaries.
- Hide and retrieve symbols in ELF binaries
- Support for multiple architectures (x86, x86_64, ARM, ARM64)
- Cache resolved symbols for performance
- Thread-safe symbol resolution
- Detailed logging for debugging purposes
- Check hooking before calling (ARM and ARM64 only)
- Prevent hooking completely
Compatible Compilers
- GCC or Clang
- Make
- CMake
Clone the repository:
git clone https://github.com/reveny/Android-Native-Import-Hide.git
cd Android-Native-Import-Hide
To include the library in your project, add the following line to your source code:
#include "HideImport.hpp"
Here is a simple example demonstrating how to use the library and make sure to include HideImport.cpp in the source file list:
#include <stdio.h>
#include "HideImport.hpp"
int main() {
HI_FUNCTION_POINTER(my_malloc, void*, size_t size) = HI_GET("libc.so", "malloc");
void *testMemory = my_malloc(20);
printf("my_malloc test returned: %p\n", testMemory);
free(testMemory);
return 0;
}
#include <stdio.h>
#include "HideImport.hpp"
int main() {
void *testMemory2 = HI_CALL("libc.so", malloc, void*, size_t)(15);
printf("malloc test 2 returned: %p\n", testMemory2);
free(testMemory2);
return 0;
}
#include <stdio.h>
#include "HideImport.hpp"
int main() {
void *testMemory2 = HI_CALL_SAFE("libc.so", malloc, void*, size_t)(15);
printf("malloc test 2 returned: %p\n", testMemory2);
free(testMemory2);
return 0;
}
The SAFE version will check if the function is hooked before calling. If the function happens to be hooked, the call will not be executed and return NULL.
A single header version of the library is available for convenience. Simply include single_header/HideImport.hpp in your project.
Disassembly without string encryption:
Disassembly with string encryption:
Special thanks to:
- ARandomPerson for doing a lot of the work and the significant contribution and collaboration on this project.
- Ac3ss0r for some inspiration from ShellcodeLab
- LSPlt for inspiration from their module listing implementation: LSPlt
Feel free to reach out via:
- Telegram Group: Join Group
- Telegram Contact: Contact
This project is licensed under the GPLv3 License. See the LICENSE file for details.