How To Hook System Calls Of My Android App

I want to intercept the connect() system call and use my own custom implementation. The custom implementation will do some action like printing a log for simplicity and then call t

Solution 1:

The error hast nothing to do with the mProtect(). This is actually the exact same place I have placed the code snippet as well. Here is my code and it works fine:

void* hook_call(char *soname, char *symbol, void* newval){
 soinfo *si = NULL;
   Elf32_Rel *rel = NULL;
   Elf32_Sym *s = NULL;
   unsignedint sym_offset = 0;
   if (!soname || !symbol || !newval)
      return0;

   si = (soinfo*) dlopen(soname, RTLD_LAZY);
   if (!si)
    return0;


   s = soinfo_elf_lookup(si, elfhash(symbol), symbol);
   if (!s)
     return0;

   sym_offset = s - si->symtab;
   rel = si->plt_rel;


   constchar *strtab = si->strtab;
   Elf32_Sym *symtab = si->symtab;

   /* walk through reloc table, find symbol index matching one we've got */int i;

   for (i = 0; i < si->plt_rel_count; i++, rel++) {
    unsigned type = ELF32_R_TYPE(rel->r_info);
    unsigned sym = ELF32_R_SYM(rel->r_info);
    unsigned reloc = (unsigned)(rel->r_offset + si->base);
    //unsigned oldval = 0;void* pOldFun;

    if (sym_offset == sym) {

     switch(type) {
       case R_ARM_JUMP_SLOT:
          //Set appropriate memory access rightsuint32_t page_size = getpagesize();
          uint32_t entry_page_start = reloc& (~(page_size - 1));
          mprotect((uint32_t *)entry_page_start, page_size, PROT_READ | PROT_WRITE);

         pOldFun = (void *)*((unsigned *)reloc);

          *((unsignedint*)reloc)= (unsigned)newval;  

          return pOldFun;
       default:
          return0;
     }
    }
   }
   return0;

}

The *jump to case label ... error: crosses initialization normally occurs when variables are not correctly initilized when using the switch case i.e. initialized in one case and used in another. Have a look at this question. A similar error occurred and was resolved.