Android Xpose Hook(一)

实验环境: Droid4x模拟器 (目前Android版本4.2.2)
Android Studio
1.下载相关工具XposedInstaller下载http://repo.xposed.info/module/de.robv.android.xposed.installer
XposedBridged.jar下载https://github.com/rovo89/XposedBridge/releases

2.安装XposedInstaller并激活激活步骤: 启动XposedInstaller -> 框架 -> 安装更新 ->模拟器重启 (ps:模拟器会直接屏幕黑掉,直接结束进程即可,不行就反复试几下 )激活后这里会有绿色的数字信息


3.Android Studio新建一个测试工程(被Hook的APP)UI如下:


MainActivity类新建如下被Hook函数 (如上3个按钮点击分别传递对应的参数进入,返回值显示在textview控件上)

public String sayhello(int num1, int num2 )
{
if (num1 + num2 < 100) {
return "so small than 100!";
}
if (num1 + num2 == 100) {
return "equal 100!";
}
if (num1 + num2 > 100) {
return "so big than 100!";
}
return "error";
}

4.新建我们的XposedHook工程(建议SDK版本选择4.0.3)●在AndroidManifest文件中加入如下代码

<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="Easy example" />
<meta-data
android:name="xposedminversion"
android:value="54" />

●新建lib目录
将下载好的XposedBridged.jar放入该目录并右键->Add To Library 这个步骤会在grandlew中添加

dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.1.1'
compile files('lib/XposedBridgeApi-54.jar')
}

我们要将compile files修改为provided files,最后效果如下

dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.1.1'
provided files('lib/XposedBridgeApi-54.jar')
}

●添加assets目录在该目录下添加xposed_init 该文件的作用是指定module入口类,Hook的实现代码在该类中格式: 包名称 + 类名

com.bingghost.xposeddemo.XposedHook

●新建xposed_init中指明的入口类XposedHook

public class XposedHook implements IXposedHookLoadPackage {
public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
XposedBridge.log("Loaded app: " + lpparam.packageName);

if (!lpparam.packageName.equals("com.bingghost.simplehelloworld"))
{
return;
}

findAndHookMethod("com.bingghost.simplehelloworld.MainActivity", lpparam.classLoader, "sayhello", int.class, int.class, new XC_MethodHook() {
protected void afterHookedMethod(MethodHookParam param) {
String str = (String) param.getResult();
Log.v("hook after result :", str);
Integer  para1 =  (Integer) param.args[0];   //获取参数1
Integer para2 = (Integer) param.args[1];     //获取参数2
String s1 = Integer.toString(para1);
String s2 = Integer.toString(para2);
param.setResult("i am new result! after");   //设置返回值

Log.v("hook param1:", s1);
Log.v("hook param2:", s2);
Log.v("hook result:", "i am new result! after");
}

protected void beforeHookedMethod(MethodHookParam param) {
param.setResult("i am new result! before");  //
Integer  para1 =  (Integer) param.args[0];   //获取参数1
Integer para2 = (Integer) param.args[1];     //获取参数2
String s1 = Integer.toString(para1);
String s2 = Integer.toString(para2);
Log.v("hook before param1:", s1);
Log.v("hook before param2:", s2);

param.args[0] = 100;  //设置参数1
param.args[1] = 200;  //设置参数2

Log.v("hook", "before hook!");
}

});
}
}

handleLoadPackage 包加载时会调用afterHookedMethod Hook函数调用前beforeHookedMethod Hook函数后XposedBridge.log 打印的内容将在XposedInstall的日志界面
安装好XposedDemoAPP 在模块中勾选上重启系统


5.运行结果测试APP显示结果如下:


点击第2个按钮logcat输出


来自为知笔记(Wiz)