Xposed作为Android开发中的神器,功能强大之处就不做过多介绍了,本文主要讲解一些常用的API,基本包含常用的Hook操作。
Hook静态变量
Class cla = XposedHelpers.findClass(claName, loadPackageParam.classLoader);
XposedHelpers.setStaticBooleanField(cla, fieldName, val);
XposedHelpers
下包含有各种变量类型的api:
Hook 修改方法返回值
XposedHelpers.findAndHookMethod(clazz, method, new Object[]{new XC_MethodHook() {
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
param.setResult(result); // 设置返回值
}
}});
Hook 获取方法返回值
XposedHelpers.findAndHookMethod(clazz, method, new Object[]{new XC_MethodHook() {
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Object result = param.getResult(); //获取返回值
}
}});
Hook 获取方法传入的参数值
XposedHelpers.findAndHookMethod(claName, cl, "i", String.class, String.class, Object[].class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// 数组param.args存储的参数列表里的值
XposedBridge.log(TAG + param.args[0]);
XposedBridge.log(TAG + param.args[1]);
XposedBridge.log(TAG + param.args[2]);
}
});
Hook 给方法传值
Class cla = XposedHelpers.findClass(className, loadPackageParam.classLoader);
Object com = XposedHelpers.callStaticMethod(cla, "getInstance");
XposedHelpers.callMethod(com, "setDebug", true); // 传入指定值
Hook 获取Intent的值
private void hookGetIntent(XC_LoadPackage.LoadPackageParam loadPackageParam) {
try {
XposedHelpers.findAndHookMethod("android.app.Activity", loadPackageParam.classLoader, "getIntent", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Intent sou = (Intent) param.getResult();
KLog.d("hookGetIntent:" + sou.toURI().toString());
}
});
} catch (Exception e) {
e.printStackTrace();
}
}
Hook 广播发送的Intent信息
private void hookSendBroadcast(XC_LoadPackage.LoadPackageParam loadPackageParam) {
try {
XposedHelpers.findAndHookMethod("android.content.ContextWrapper", loadPackageParam.classLoader, "sendBroadcast", Intent.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Intent sou = (Intent) param.args[0];
KLog.d("sendBroadcast:" + sou.toURI().toString());
}
});
} catch (Exception e) {
e.printStackTrace();
}
}
Xposed一般Hook的是默认的dex文件,但是现在很多的APP都有多个Dex文件,所以使用Xposed时,经常遇到类名路径正确却出现ClassNotFoundError找不到类的错误。要解决这个问题,需要获取对应Dex文件的上下文环境。
Android在加载dex文件后会创建一个Application类,然后会调用attach方法,attach方法的参数就是上下文context,而且attach方法是final方法,不会因为被覆盖而hook不到,拿到这个context就可以获取对应的classload,然后就可以顺利hook到multidex的类了。
XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
ClassLoader cl = ((Context) param.args[0]).getClassLoader(); // 获取ClassLoader
Class<?> hookClass = null;
try {
hookClass = cl.loadClass(claName); // 获取Class
// 使用cl 和 hookClass 完成hook
XposedHelpers.setStaticIntField(hookClass, fieldName, val);
XposedHelpers.findAndHookMethod(claName, cl, "i", String.class, String.class, Object[].class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(TAG + param.args[0]);
XposedBridge.log(TAG + param.args[1]);
XposedBridge.log(TAG + param.args[2]);
}
});
} catch (Exception e) {
e.printStackTrace();
}
}
});
网友评论