以下代码均为kotlin编写
- 获取imei的调用栈
XposedHelpers.findAndHookMethod(
"android.telephony.TelephonyManager",
lpparam?.classLoader,
"getDeviceId",
object : XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val sts = Thread.currentThread().stackTrace
val builder = StringBuilder()
for (st in sts) {
builder.append("$st\n")
}
Log.d(tag, "getDeviceId Called : $builder")
}
})
- 打印获取签名的调用堆栈
XposedHelpers.findAndHookMethod(
"android.app.ApplicationPackageManager",
lpparam?.classLoader,
"getPackageInfo",
String::class.java,
Int::class.java,
object : XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val flags = param?.args!![1] as Int
// 老版 flag, deprecated in API level 28
if ((flags and PackageManager.GET_SIGNATURES != 0) ||
// 新版 flag
(flags and PackageManager.GET_SIGNING_CERTIFICATES != 0)) {
val sts = Thread.currentThread().stackTrace
val builder = StringBuilder()
for (st in sts) {
builder.append("$st\n")
}
Log.d(tag, "signature caller: $builder")
}
}
})
- 输入框 getText
XposedHelpers.findAndHookMethod(
"android.widget.EditText",
lpparam?.classLoader,
"getText",
object : XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val editTextValue = param!!.result as Editable
Log.d(tag, editTextValue.toString())
}
})
- mutidex
XposedHelpers.findAndHookMethod(
Application::class.java,
"attach",
Context::class.java,
object : XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
XposedHelpers.findAndHookMethod(/* some code*/)
}
}
)
- 加壳App,一般是找 attachBaseContext 方法获取 context,从而获取ClassLoader
// 爱加密
XposedHelpers.findAndHookMethod(
"s.h.e.l.l.S",
lpparam?.classLoader,
"attachBaseContext",
Context::class.java,
object :XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val context = param!!.args[0] as Context
Log.d(tag, "Text from xposed")
Toast.makeText(context, "Text from xposed", Toast.LENGTH_LONG).show()
}
})
// 360
XposedHelpers.findAndHookMethod(
"com.stub.StubApp",
lpparam?.classLoader,
"attachBaseContext",
Context::class.java,
object :XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val context = param!!.args[0] as Context
Log.d(tag, "Text from xposed")
Toast.makeText(context, "Text from xposed", Toast.LENGTH_LONG).show()
}
})
// 娜迦
XposedHelpers.findAndHookMethod(
"com.vdog.VDogApplication",
lpparam?.classLoader,
"attachBaseContext",
Context::class.java,
object :XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val context = param!!.args[0] as Context
Log.d(tag, "Text from xposed")
Toast.makeText(context, "Text from xposed", Toast.LENGTH_LONG).show()
}
})
- 查看 代理检测的调用栈
XposedHelpers.findAndHookMethod(
"java.lang.System",
lpparam?.classLoader,
"getProperty",
String::class.java,
object : XC_MethodHook() {
override fun afterHookedMethod(param: MethodHookParam?) {
val property = param!!.args[0] as String
if ("http.proxyHost" == property) {
val sts = Thread.currentThread().stackTrace
val builder = StringBuilder()
for (st in sts) {
builder.append("$st\n")
}
builder.append(property)
Log.d(tag, "proxyHost Called : $builder")
} else if ("http.proxyPort" == property) {
val sts = Thread.currentThread().stackTrace
val builder = StringBuilder()
for (st in sts) {
builder.append("$st\n")
}
builder.append(property)
Log.d(tag, "proxyPort Called : $builder")
}
}
})
网友评论