Android Xpose Hook(一)

实验环境:

Droid4x模拟器 (目前Android版本4.2.2)

Android Studio

1.下载相关工具

XposedInstaller下载

http://repo.xposed.info/module/de.robv.android.xposed.installer

XposedBridged.jar下载

https://github.com/rovo89/XposedBridge/releases

2.安装XposedInstaller并激活

激活步骤: 启动XposedInstaller -> 框架 -> 安装更新 ->模拟器重启 (ps:模拟器会直接屏幕黑掉,直接结束进程即可,不行就反复试几下 )

激活后这里会有绿色的数字信息

3.Android Studio新建一个测试工程(被Hook的APP)

UI如下:

MainActivity类新建如下被Hook函数 (如上3个按钮点击分别传递对应的参数进入,返回值显示在textview控件上)

public String sayhello(int num1, int num2 ){    if (num1 + num2 < 100) {        return "so small than 100!";    }    if (num1 + num2 == 100) {        return "equal 100!";    }    if (num1 + num2 > 100) {        return "so big than 100!";    }    return "error";}

4.新建我们的XposedHook工程(建议SDK版本选择4.0.3)

●在AndroidManifest文件中加入如下代码

<meta-data    android:name="xposedmodule"    android:value="true" /><meta-data    android:name="xposeddescription"    android:value="Easy example" /><meta-data    android:name="xposedminversion"    android:value="54" />

●新建lib目录
将下载好的XposedBridged.jar放入该目录

并右键->Add To Library   这个步骤会在grandlew中添加

dependencies {    compile fileTree(dir: ‘libs‘, include: [‘*.jar‘])    testCompile ‘junit:junit:4.12‘    compile ‘com.android.support:appcompat-v7:23.1.1‘    compile files(‘lib/XposedBridgeApi-54.jar‘)}

我们要将compile files修改为provided files,最后效果如下

dependencies {    compile fileTree(dir: ‘libs‘, include: [‘*.jar‘])    testCompile ‘junit:junit:4.12‘    compile ‘com.android.support:appcompat-v7:23.1.1‘    provided files(‘lib/XposedBridgeApi-54.jar‘)}

●添加assets目录

在该目录下添加xposed_init

该文件的作用是指定module入口类,Hook的实现代码在该类中

格式: 包名称 + 类名

com.bingghost.xposeddemo.XposedHook

●新建xposed_init中指明的入口类XposedHook

public class XposedHook implements IXposedHookLoadPackage {    public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {        XposedBridge.log("Loaded app: " + lpparam.packageName);

if (!lpparam.packageName.equals("com.bingghost.simplehelloworld"))        {            return;        }

findAndHookMethod("com.bingghost.simplehelloworld.MainActivity", lpparam.classLoader, "sayhello", int.class, int.class, new XC_MethodHook() {            protected void afterHookedMethod(MethodHookParam param) {                String str = (String) param.getResult();                Log.v("hook after result :", str);                Integer  para1 =  (Integer) param.args[0];   //获取参数1                Integer para2 = (Integer) param.args[1];     //获取参数2                String s1 = Integer.toString(para1);                String s2 = Integer.toString(para2);                param.setResult("i am new result! after");   //设置返回值

Log.v("hook param1:", s1);                Log.v("hook param2:", s2);                Log.v("hook result:", "i am new result! after");            }

protected void beforeHookedMethod(MethodHookParam param) {                param.setResult("i am new result! before");  //                Integer  para1 =  (Integer) param.args[0];   //获取参数1                Integer para2 = (Integer) param.args[1];     //获取参数2                String s1 = Integer.toString(para1);                String s2 = Integer.toString(para2);                Log.v("hook before param1:", s1);                Log.v("hook before param2:", s2);

param.args[0] = 100;  //设置参数1                param.args[1] = 200;  //设置参数2

Log.v("hook", "before hook!");            }

});    }}

handleLoadPackage           包加载时会调用

afterHookedMethod         Hook函数调用前

beforeHookedMethod     Hook函数后

XposedBridge.log              打印的内容将在XposedInstall的日志界面

安装好XposedDemoAPP 在模块中勾选上重启系统

5.运行结果

测试APP显示结果如下:

点击第2个按钮logcat输出

来自为知笔记(Wiz)