Add xhook_ignore().

README.md

@@ -19,6 +19,7 @@ xhook has been keeping optimized for stability and compatibility.
 * Support armeabi, armeabi-v7a and arm64-v8a.
 * Support **ELF HASH** and **GNU HASH** indexed symbols.
 * Support **SLEB128** encoded relocation info.
+* Support setting hook info via regular expressions.
 * Do **NOT** need root permission.
 * Do not depends on any third-party shared libraries.
 * Pure C code. Small library size.
@@ -78,9 +79,22 @@ The `new_func` **must** have the same function declaration as the original one.
 
 Return zero if successful, non-zero otherwise.
 
+The regular expression for `pathname_regex_str` only support **POSIX BRE (Basic Regular Expression)**.
+
+## 2. Ignore some hook info
+
+```c
+int xhook_ignore(const char *pathname_regex_str,  
+                 const char *symbol);
+```
+
+Ignore some hook info according to `pathname_regex_str` and `symbol`, from registered hooks by `xhook_register`. If `symbol` is `NULL`, xhook will ignore all symbols from ELF which pathname matches `pathname_regex_str`.
+
+Return zero if successful, non-zero otherwise.
+
 The regular expression for `pathname_regex_str` only support **POSIX BRE**.
 
-## 2. Do hook
+## 3. Do hook
 
 ```c
 int xhook_refresh(int async);
@@ -94,7 +108,7 @@ Return zero if successful, non-zero otherwise.
 
 xhook will keep a global cache for saving the last ELF loading info from `/proc/self/maps`. This cache will also be updated in `xhook_refresh`. With this cache, `xhook_refresh` can determine which ELF is newly loaded. We only need to do hook in these newly loaded ELF.
 
-## 3. Clear cache
+## 4. Clear cache
 
 ```c
 void xhook_clear();
@@ -104,7 +118,7 @@ Clear all cache owned by xhook, reset all global flags to default value.
 
 If you confirm that all PLT entries you want have been hooked, you could call this function to save some memory.
 
-## 4. Enable/Disable debug info
+## 5. Enable/Disable debug info
 
 ```c
 void xhook_enable_debug(int flag);
@@ -114,7 +128,7 @@ Pass `1` to `flag` for enable debug info. Pass `0` to `flag` for disable. (**dis
 
 Debug info will be sent to logcat with tag `xhook`.
 
-## 5. Enable/Disable SFP (segmentation fault protection)
+## 6. Enable/Disable SFP (segmentation fault protection)
 
 ```c
 void xhook_enable_sigsegv_protection(int flag);
@@ -152,9 +166,13 @@ xhook_register(".*\\.so$", "__android_log_print",  my_log_print,  NULL);
 xhook_register(".*\\.so$", "__android_log_vprint", my_log_vprint, NULL);
 xhook_register(".*\\.so$", "__android_log_assert", my_log_assert, NULL);
 
-//tracking
+//tracking (ignore linker and linker64)
 xhook_register("^/system/.*$", "mmap",   my_mmap,   NULL);
 xhook_register("^/vendor/.*$", "munmap", my_munmap, NULL);
+xhook_ignore  (".*/linker$",   "mmap");
+xhook_ignore  (".*/linker$",   "munmap");
+xhook_ignore  (".*/linker64$", "mmap");
+xhook_ignore  (".*/linker64$", "munmap");
 
 //defense to some injection attacks
 xhook_register(".*com\\.hacker.*\\.so$", "malloc",  my_malloc_always_return_NULL, NULL);
@@ -163,6 +181,9 @@ xhook_register(".*/libhacker\\.so$",     "connect", my_connect_with_recorder,
 //fix some system bug
 xhook_register(".*some_vendor.*/libvictim\\.so$", "bad_func", my_nice_func, NULL);
 
+//ignore all hooks in libwebviewchromium.so
+xhook_ignore(".*/libwebviewchromium.so$", NULL);
+
 //hook now!
 xhook_refresh(1);
 ```

README.zh-CN.md

@@ -19,6 +19,7 @@ xhook 一直在稳定性和兼容性方面做着持续的优化。
 * 支持 armeabi, armeabi-v7a 和 arm64-v8a。
 * 支持 **ELF HASH** 和 **GNU HASH** 索引的符号。
 * 支持 **SLEB128** 编码的重定位信息。
+* 支持通过正则表达式批量设置 hook 信息。
 * **不**需要 ROOT 权限。
 * 不依赖于任何的第三方动态库。
 * 纯 C 的代码。比较小的库体积。
@@ -78,9 +79,22 @@ int xhook_register(const char  *pathname_regex_str,
 
 成功返回 0，失败返回 非0。
 
+`pathname_regex_str` 只支持 **POSIX BRE (Basic Regular Expression)** 定义的正则表达式语法。
+
+## 2. 忽略部分 hook 信息
+
+```c
+int xhook_ignore(const char *pathname_regex_str,  
+                 const char *symbol);
+```
+
+根据 `pathname_regex_str` 和 `symbol`，从已经通过 `xhook_register` 注册的 hook 信息中，忽略一部分 hook 信息。如果 `symbol` 为 `NULL`，xhook 将忽略所有路径名符合正则表达式 `pathname_regex_str` 的 ELF。
+
+成功返回 0，失败返回 非0。
+
 `pathname_regex_str` 只支持 **POSIX BRE** 定义的正则表达式语法。
 
-## 2. 执行 hook
+## 3. 执行 hook
 
 ```c
 int xhook_refresh(int async);
@@ -94,7 +108,7 @@ int xhook_refresh(int async);
 
 xhook 在内部维护了一个全局的缓存，用于保存最后一次从 `/proc/self/maps` 读取到的 ELF 加载信息。每次一调用 `xhook_refresh` 函数，这个缓存都将被更新。xhook 使用这个缓存来判断哪些 ELF 是这次新被加载到内存中的。我们每次只需要针对这些新加载的 ELF 做 hook 就可以了。
 
-## 3. 清除缓存
+## 4. 清除缓存
 
 ```c
 void xhook_clear();
@@ -104,7 +118,7 @@ void xhook_clear();
 
 如果你确定你需要的所有 PLT 入口点都已经被替换了，你可以调用这个函数来释放和节省一些内存空间。
 
-## 4. 启用/禁用 调试信息
+## 5. 启用/禁用 调试信息
 
 ```c
 void xhook_enable_debug(int flag);
@@ -114,7 +128,7 @@ void xhook_enable_debug(int flag);
 
 调试信息将被输出到 logcat，对应的 TAG 为：`xhook`。
 
-## 5. 启用/禁用 SFP (段错误保护)
+## 6. 启用/禁用 SFP (段错误保护)
 
 ```c
 void xhook_enable_sigsegv_protection(int flag);
@@ -152,9 +166,13 @@ xhook_register(".*\\.so$", "__android_log_print",  my_log_print,  NULL);
 xhook_register(".*\\.so$", "__android_log_vprint", my_log_vprint, NULL);
 xhook_register(".*\\.so$", "__android_log_assert", my_log_assert, NULL);
 
-//追踪某些调用
+//追踪某些调用 (忽略 linker 和 linker64)
 xhook_register("^/system/.*$", "mmap",   my_mmap,   NULL);
 xhook_register("^/vendor/.*$", "munmap", my_munmap, NULL);
+xhook_ignore  (".*/linker$",   "mmap");
+xhook_ignore  (".*/linker$",   "munmap");
+xhook_ignore  (".*/linker64$", "mmap");
+xhook_ignore  (".*/linker64$", "munmap");
 
 //防御某些注入攻击
 xhook_register(".*com\\.hacker.*\\.so$", "malloc",  my_malloc_always_return_NULL, NULL);
@@ -163,6 +181,9 @@ xhook_register(".*/libhacker\\.so$",     "connect", my_connect_with_recorder,
 //修复某些系统 bug
 xhook_register(".*some_vendor.*/libvictim\\.so$", "bad_func", my_nice_func, NULL);
 
+//忽略 libwebviewchromium.so 的所有 hook 信息
+xhook_ignore(".*/libwebviewchromium.so$", NULL);
+
 //现在执行 hook!
 xhook_refresh(1);
 ```

libbiz/jni/biz.c

@@ -41,4 +41,8 @@ void Java_com_qiyi_biz_NativeHandler_start(JNIEnv* env, jobject obj)
     xhook_register("^/system/.*\\.so$",  "__android_log_print", my_system_log_print,  NULL);
     xhook_register("^/vendor/.*\\.so$",  "__android_log_print", my_system_log_print,  NULL);
     xhook_register(".*/libtest\\.so$", "__android_log_print", my_libtest_log_print, NULL);
+
+    //just for testing
+    xhook_ignore(".*/liblog\\.so$", "__android_log_print"); //ignore __android_log_print in liblog.so
+    xhook_ignore(".*/libjavacore\\.so$", NULL); //ignore all hooks in libjavacore.so
 }