问小白 wenxiaobai
资讯
历史
科技
环境与自然
成长
游戏
财经
文学与艺术
美食
健康
家居
文化
情感
汽车
三农
军事
旅行
运动
教育
生活
星座命理

Xposed框架进行Hook基础环境搭建教程

创作时间:
作者:
@小白创作中心

Xposed框架进行Hook基础环境搭建教程

引用
CSDN
1.
https://m.blog.csdn.net/weixin_51111267/article/details/139087638

目录

  • 一、xposed环境搭建
  • (1) 导入依赖api-82.jar
  • (2) 修改AndroidManifest.xml(改为xposed模块)
  • (3) 编写hook类
  • (3) 增加 xposed 初始化入口
  • (4) 编译为xposed模块apk
  • (5) 激活刚刚的xposed模块
  • (6) 连接安卓进行调试输出
  • 二、hook教学
  • (1) hook普通函数
  • (2) 打印调用栈

一、xposed环境搭建

(1) 导入依赖api-82.jar

(2) 修改AndroidManifest.xml(改为xposed模块)

<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="this is a hook script" />
<meta-data
android:name="xposedminversion"
android:value="82" />

(3) 编写hook类

package com.example.myandroidstudio;
import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
public class Hook implements IXposedHookLoadPackage {
    public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable{
        if(!lpparam.packageName.equals("com.app.acc"))return;  // 过滤,只hook包名为com.app.acc的app
        Log.d("yunxiao>>>","hook start...");
    }
}

(3) 增加 xposed 初始化入口

新建一个名为xposed_init的text文件,填写Hook类的路径,如下即可

(4) 编译为xposed模块apk

编译完成后,找到apk手动安装即可

(5) 激活刚刚的xposed模块

打开xposed找到模块,打勾然后软重启即可

(6) 连接安卓进行调试输出

添加log信息过滤器,即可输出hook相应的app

注意事项:有可能调试输出没有找到相应app的包名,解决办法:重启手机

二、hook教学

(1) hook普通函数

package com.example.myandroidstudio;
import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import java.util.Map;
public class Hook implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
        if(!lpparam.packageName.equals("com.xxx.abc")) return;
        Log.d("yunxiao>>>","hook com.xxx.abc");
        
        
        XposedHelpers.findAndHookMethod("abc.g$a", lpparam.classLoader, "onCallToAddSecurityFactor", String.class, Map.class, new XC_MethodHook() {
            // $a 为类中类
            // String.class, Map.class 为入参类型,如果入参为空则不用填,有多少个入参填多少个
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }
            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                String args0 = (String) param.args[0];
                String args1 = param.args[1].toString();    // map打印输出
                Log.d("yunxiao>>>","================================= hook start ==================================");
                Log.d("yunxiao>>>","after args0:"+args0);
                Log.d("yunxiao>>>","after args1:"+args1);
                Log.d("yunxiao>>>","after result:"+param.getResult().toString());
                Log.d("yunxiao>>>","================================= hook end ==================================");
                super.afterHookedMethod(param);
            }
        });
    }
}

(2) 打印调用栈

把下面代码放到
afterHookedMethod
中即可 

Log.e("yunxiao>>>","Stack:",new Throwable("Stack dump"));
热门推荐
© 2023 北京元石科技有限公司 ◎ 京公网安备 11010802042949号