环境配置较为繁琐,分为以下步骤
复制 XposedBridgeApi-82.jar 到工程中供使用
切换至 Project 模式,在app目录下新建文件夹lib,将 XposedBridgeApi-82.jar 复制到 app/lib 文件夹下
配置依赖
新建 Empty Activity 并在 AndroidManifest.xml 中添加代码
新建入口类 Main.java 并实现 IXposedHookLoadPackage 接口
复制入口类名
右键入口类 Main — Copy Path/Reference — Copy Reference
配置入口类名文件
app/src/main 文件夹下新建文件夹 assets,app/src/main/assets 文件夹下新建文件 xposed_init,将复制的入口类名粘贴在文件中即可
想要Hook某一个函数则需要得到该函数的三点关键信息
使用 replaceHookedMethod 方法 Hook TelephonyManager.getDeviceId() 函数
Main.java
findAndHookMethod 函数还有另一种重载方式
Main.java
Hook 程序自身实现的函数
Main.java
Hook 程序自身实现的函数还可以使用更加强大的 XC_MethodHook 方法,它内部需要实现两个方法,可以做到修改参数和修改返回值
Main.java
实现 Hook Person的构造方法
Main.java
实现对匿名内部类的 Hook
<meta-data android:name = "xposedmodule" android:value="true"/>
<meta-data android:name = "xposeddescription" android:value="Xposed模块示例"/>
<meta-data android:name = "xposedminversion" android:value="54"/>
<meta-data android:name = "xposedmodule" android:value="true"/>
<meta-data android:name = "xposeddescription" android:value="Xposed模块示例"/>
<meta-data android:name = "xposedminversion" android:value="54"/>
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import android.telephony.TelephonyManager;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a1
// 类名: android.telephony.TelephonyManager
// 方法原型: public String getDeviceId()
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a1"))
return;
XposedHelpers.findAndHookMethod(
TelephonyManager.class,
"getDeviceId",
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return "123456789";
}
});
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import android.telephony.TelephonyManager;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a1
// 类名: android.telephony.TelephonyManager
// 方法原型: public String getDeviceId()
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a1"))
return;
XposedHelpers.findAndHookMethod(
TelephonyManager.class,
"getDeviceId",
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return "123456789";
}
});
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import android.telephony.TelephonyManager;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a1
// 类名: android.telephony.TelephonyManager
// 方法原型: public String getDeviceId()
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a1"))
return;
XposedHelpers.findAndHookMethod(
"android.telephony.TelephonyManager",
loadPackageParam.classLoader,
"getDeviceId",
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return "123456789";
}
});
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import android.telephony.TelephonyManager;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a1
// 类名: android.telephony.TelephonyManager
// 方法原型: public String getDeviceId()
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a1"))
return;
XposedHelpers.findAndHookMethod(
"android.telephony.TelephonyManager",
loadPackageParam.classLoader,
"getDeviceId",
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return "123456789";
}
});
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a2
// 类名: com.example.a2.MainActivity
// 方法原型: private boolean check(String str1, String str2)
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a2"))
return;
XposedHelpers.findAndHookMethod(
"com.example.a2.MainActivity",
loadPackageParam.classLoader,
"check",String.class,String.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
}
}
package com.example.xposeddemo;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a2
// 类名: com.example.a2.MainActivity
// 方法原型: private boolean check(String str1, String str2)
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a2"))
return;
XposedHelpers.findAndHookMethod(
"com.example.a2.MainActivity",
loadPackageParam.classLoader,
"check",String.class,String.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
}
}
package com.example.xposeddemo;
import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a2
// 类名: com.example.a2.MainActivity
// 方法原型: private boolean check(String str1, String str2)
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a2"))
return;
XposedHelpers.findAndHookMethod(
"com.example.a2.MainActivity",
loadPackageParam.classLoader,
"check", String.class, String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
// 打印参数
Log.d("lxz","arg1:" + param.args[0]);
Log.d("lxz","arg2:" + param.args[1]);
// xposed输出日志
XposedBridge.log("arg1:" + param.args[0]);
XposedBridge.log("arg2:" + param.args[1]);
// 修改参数
param.args[0] = "lxz";
param.args[1] = "lxz";
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
// xposed输出日志
XposedBridge.log("arg1:" + param.args[0]);
XposedBridge.log("arg2:" + param.args[1]);
// 修改返回值
param.setResult(true);
}
});
}
}
package com.example.xposeddemo;
import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Main implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 包名: com.example.a2
// 类名: com.example.a2.MainActivity
// 方法原型: private boolean check(String str1, String str2)
String packageName = loadPackageParam.packageName;
if(!packageName.equals("com.example.a2"))
return;
XposedHelpers.findAndHookMethod(
"com.example.a2.MainActivity",
loadPackageParam.classLoader,
"check", String.class, String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2023-2-16 18:05
被简单的简单编辑
,原因:
