使用Xpose框架实现Hook操作
1.项目导入
在app/build.gradle中配置
repositories {
jcenter()
}
dependencies {
compileOnly 'de.robv.android.xposed:api:82'
}
2.在AndroidManifest.xml配置
<!-- 是否是xposed模块,xposed根据这个来判断是否是模块 -->
<meta-data
android:name="xposedmodule"
android:value="true" />
<!-- 模块描述,显示在xposed模块列表那里第二行 -->
<meta-data
android:name="xposeddescription"
android:value="测试Xposed模块" />
<!-- 最低xposed版本号(lib文件名可知) -->
<meta-data
android:name="xposedminversion"
android:value="30" />
3.创建hook类和被hook的类
被hook的程序类
findViewById(R.id.btn).setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
// dexLoadTest();
TelephonyManager tm = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);
try {
Log.d("allen", "get imei " + tm.getDeviceId());
Log.d("allen", "get imsi " + tm.getSubscriberId());
}catch (Exception e) {
Log.d("allen", e.getMessage());
e.printStackTrace();
}
dexLoadTest();
}
});
}
public void dexLoadTest() {
System.out.print("----dexLoadTest 已执行");
Log.d("allen", "----dexLoadTest 已执行");
}
hook类
public class HookTest implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
XposedBridge.log("开始--handleLoadPackage---");
if (lpparam.packageName.equals("com.mediatek.classlodertest")) {
XposedBridge.log("开始hook测试程序");
//hook类调用方法
XposedHelpers.findAndHookMethod(TelephonyManager.class, "getDeviceId", new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return "momoxiaoming";
}
});
//hook 类名+方法名所在方法
XposedHelpers.findAndHookMethod("com.mediatek.classlodertest.MainActivity",lpparam.classLoader,"dexLoadTest",new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
XposedBridge.log("洗澡后...");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
XposedBridge.log("洗澡前...");
}
});
}
}
}
对于一些延迟动态加载的代码,hook方式
XposedHelpers.findAndHookMethod("dalvik.system.DexFile", clzLd, "loadClass",
String.class, "java.lang.ClassLoader", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
String className = (String) param.args[0];
Object result = param.getResult();
if (result != null && result instanceof Class) {
if ("com.alipay.mobile.nebulauc.impl.UCWebViewClient".equals(className)) {
LogUtil.debug(LOG_BILL_CLICK_LOG,"Load class:" + ((Class) result).getName());
// hookLoadWebViewClient(((Class) result).getClassLoader());
} else if ("com.alipay.mobile.bill.list.ui.BillListActivity".equals(className)) {
LogUtil.debug(LOG_BILL_CLICK_LOG,"Load class:" + ((Class) result).getName());
hookBillList(((Class) result).getClassLoader());
}
}
}
});
//这个和上面不会同时发生
if (XposedHelpers.findClassIfExists("com.alipay.mobile.nebulauc.impl.UCWebViewClient", clzLd) != null) {
LogUtil.debug(LOG_BILL_CLICK_LOG,"Hook class:" + "com.alipay.mobile.nebulauc.impl.UCWebViewClient");
// hookLoadWebViewClient(classLoader);
}
if (XposedHelpers.findClassIfExists("com.alipay.mobile.bill.list.ui.BillListActivity", clzLd) != null) {
LogUtil.debug(LOG_BILL_CLICK_LOG,"Hook class:" + "com.alipay.mobile.bill.list.ui.BillListActivity");
hookBillList(clzLd);
}
4.在assets目录下创建xposed_init文件
内容填写为上面的hook类的包名+类名
5.安装程序
5.2 安装我们的测试程序和被测试程序
测试
将程序和被hook的程序装入手机,勾选Xpose模块,重启手机,点击被hook程序按钮,查看代码是否已被拦截
测试log
11-21 18:21:15.833 3535-3535/? I/Xposed: 开始--handleLoadPackage---
11-21 18:22:35.285 3057-3057/com.mediatek.classlodertest I/Xposed: 洗澡后...
11-21 18:22:35.285 3057-3057/com.mediatek.classlodertest I/Xposed: 洗澡前...
11-21 18:34:38.758 3057-3057/com.mediatek.classlodertest D/allen: get imei momoxiaoming
11-21 18:34:38.761 3057-3057/com.mediatek.classlodertest D/allen: get imsi null
二. substrate Hook
使用指南:http://www.cydiasubstrate.com/inject/android/
SDK下载:http://www.cydiasubstrate.com/id/73e45fe5-4525-4de7-ac14-6016652cc1b8/
框架APK下载:http://www.cydiasubstrate.com/download/com.saurik.substrate.apk
网友评论