简介:Android application hooking tool based on VirtualApp
更多:作者   提 Bug   


VirtualHook is a tool for hooking application without root permission. It is based on two projects:

  • VirtualApp. It's a plugin framework which allows running applications in its virtual space.
  • YAHFA. It's a hook framework for ART which allows hooking Java method of the application.

Currently VirtualHook supports:

  • Android 5.0(API 21)
  • Android 5.1(API 22)
  • Android 6.0(API 23)
  • EXPERIMENTAL Android 7.0(API 24)
  • EXPERIMENTAL Android 7.1(API 25)


Basically, VirtualHook makes the following changes to the upstream:


Import and build the project in Android Studio(with Instant Run disabled). There are four modules:

  • app. This is the VirtualApp application module.
  • lib. This is the VirtualApp library module.
  • YAHFA. This is the YAHFA hook module.
  • demoHookPlugin. This is a demo hook plugin which compiles to an APK.


  • Write and build a hook plugin APK. You can take a look at the demoHookPlugin module for reference. Don't forget to put following meta-data in AndroidManifest.xml:
  • Push the plugin APK to sdcard
  • Run VirtualHook and click the Add button
  • Swipe to the 'APPS IN SDCARD' page. Then select and add hook plugins which are displayed with an icon
  • Add and run non-plugin apps

Hooking Native Methods

VirtualApp comes with native method hooking ability in the first place, which is done with the following function:

namespace Cydia{
    void MSHookFunction(void *symbol, void *replace, void **result);

To utilize that, you can use dlsym() to find the symbol and then hook your targets. Here's a demo which hooks __system_property_get.

Example Hook Plugins


Both VirtualApp and YAHFA are distributed under GNU GPL V3.

Android 开发经验分享
C 轮融资近 30 亿元理财推荐
Android 开发经验分享
C 轮融资近 30 亿元理财推荐