Inline Hooking Articles

From Symbol Hijacking to Runtime Tracing in Linux: How to Function Hook, Audit Hijacking, and Function Instrumentation?

2025-11-25 by boardor

Hello, friends! Hooking using LD_PRELOAD Hooking using LD_PRELOAD Hooking using RTLD_NEXT LD_AUDIT linker listening mechanism GCC function instrumentation feature (-finstrument-functions) In this article, we will learn about Linux from symbol hijacking to runtime tracing: function hooking (LD_PRELOAD), audit stream hijacking (LD_AUDIT), and function instrumentation, as well as how to use and leverage these tools. Hooking … Read more

Summary of Common Linux Hooking Techniques

2025-11-22 by boardor

01Hook FunctionsHook functions are predefined hooks in a program that allow you to attach or register a hook function when needed, making it available for the target.If there are no hooks, you can also obtain function pointers to encapsulate functions, but this can only be attached before or after the function runs, not during its … Read more

Analysis of One-Click New Device Modification Principles

2025-08-30 by boardor

A Case Study of Device Modification: In June, I received a well-reviewed commercial device modification case that could only run on specified phones and ROMs, claiming that major apps could not detect it and that it was a modification framework that did not require root access. I only had a Nexus 6P on hand, so … Read more

Dobby Source Code Reading: Instruction-Level Tool

2025-06-16 by boardor

This article is an excellent piece from the KX forum. KX Forum Author ID: KerryS Dobby has two main functions: one is inline hooking, and the other is instruction instrumentation. The principles of both are similar, but this article mainly introduces instruction instrumentation. Instruction instrumentation refers to inserting instrumentation into any instruction (either at the … Read more