GitPedia

AndKittyInjector

Inject a shared library into a process using ptrace

From MJx0·Updated June 16, 2026·View on GitHub·

Android shared library injector based on ptrace with help of [KittyMemoryEx](https://github.com/MJx0/KittyMemoryEx). The project is written primarily in C++, distributed under the MIT License license, first published in 2023. Key topics include: android, injector, linux, ptrace, reverse-engineering.

Latest release: v5.2.1
April 16, 2026View Changelog →

AndKittyInjector

Android shared library injector based on ptrace with help of KittyMemoryEx.

Requires C++17 or above.</br>
Inject from /data for Android

<h2> Support: </h2>
  • Tested on Android 5.0 ~ 16
  • ABI arm, arm64, x86, x86_64
  • Inject emulated arm64 & arm32 via libhoudini.so or libndk_translation.so
  • Inject multiple libs at once
  • Bypass android linker namespace restrictions
  • memfd dlopen support
  • Watch app launch and inject
  • Auto launch app and inject
  • Inject on dlopen breakpoint
  • Inject & Unload lib after entry point execution
  • Hide lib segments from /maps
  • Hide lib from native or emu linker solist ( dladdr & dl_iterate_phdr )
  • Randomize ELF header
<h2> How to use: </h2>

Make sure to chmod +x or 755

text
Usage: AndKittyInjector [--help] [--version] --package <name> --libs <paths>... [--launch] [--watch] [--bp] [--delay <micros>] [--timeout <ms>] [--memfd] [--free] [--hide]

Optional arguments:
  -h, --help        shows help message and exits 
  -v, --version     prints version information and exits 
  --package <name>  Target package name to inject into. [required]
  --libs            Libraries path to be injected. [nargs: 1 or more] [required]
  --launch          Launch process and inject. 
  --watch           Monitor process start then inject. 
  --bp              Inject after native/emulated dlopen breakpoint hit. 
  --delay <micros>  Delay injection in microseconds. 
  --timeout <ms>    Timeout for ptrace remote calls in milliseconds. 
  --memfd           Use memfd dlopen. 
  --free            Unload library after entry point execution. 
  --hide            Remove soinfo from solist/sonext, remap library to anonymouse memory and randomize ELF header.

Example:

shell
# launching app and injecting 2 libs with 1 second delay and timeout 3 seconds
./AndKittyInjector --package com.target.package --libs path/to/lib1 path/to/lib2 --memfd --launch --delay 1000000 --timeout 3000
<h2>Notes: </h2>
  • Do not start a thread in library constructor, instead use JNI_OnLoad:
cpp
extern "C" jint JNIEXPORT JNI_OnLoad(JavaVM* vm, void *key)
{
    // key 1337 is passed by injector
    if (key != (void*)1337)
        return JNI_VERSION_1_6;

    KITTY_LOGI("JNI_OnLoad called by injector.");

    JNIEnv *env = nullptr;
    if (vm->GetEnv((void**)&env, JNI_VERSION_1_6) == JNI_OK)
    {
        KITTY_LOGI("JavaEnv: %p.", env);
        // ...
    }
    
    std::thread(thread_function).detach();
    
    return JNI_VERSION_1_6;
}

  • When using --launch or --watch to inject as soon as the target app launches, you may need to use --bp or --delay as well, especially when injecting emulated lib.

  • If injection fails, target app will be force stopped.

<h2> Compile: </h2>
  • Make sure to have NDK, cmake and make installed and added to OS environment path.
  • Set NDK_HOME to point to NDK folder
shell
git clone --recursive https://github.com/MJx0/AndKittyInjector.git
cd AndKittyInjector/AndKittyInjector
ndk-build.bat
<h2>Credits: </h2>

arminject

injectvm-binderjack

TinyInjector

am_proc_start

Contributors

Showing top 2 contributors by commit count.

MJx0

MJx0

76 commits

LukeFZ

LukeFZ

2 commits

View all contributors on GitHub →

This article is auto-generated from MJx0/AndKittyInjector via the GitHub API.Last fetched: 6/24/2026