Android Xpose Hook(一)

实验环境:

    Droid4x模拟器 (目前Android版本4.2.2)

    Android Studio

1.下载相关工具

XposedInstaller下载

http://repo.xposed.info/module/de.robv.android.xposed.installer

XposedBridged.jar下载

https://github.com/rovo89/XposedBridge/releases

2.安装XposedInstaller并激活

激活步骤: 启动XposedInstaller -> 框架 -> 安装更新 ->模拟器重启 (ps:模拟器会直接屏幕黑掉,直接结束进程即可,不行就反复试几下 )

激活后这里会有绿色的数字信息

3.Android Studio新建一个测试工程(被Hook的APP)

UI如下:

MainActivity类新建如下被Hook函数 (如上3个按钮点击分别传递对应的参数进入,返回值显示在textview控件上)

public String sayhello(int num1, int num2 )
{
    if (num1 + num2 < 100) {
        return "so small than 100!";
    }
    if (num1 + num2 == 100) {
        return "equal 100!";
    }
    if (num1 + num2 > 100) {
        return "so big than 100!";
    }
    return "error";
}

4.新建我们的XposedHook工程(建议SDK版本选择4.0.3)

●在AndroidManifest文件中加入如下代码

<meta-data
    android:name="xposedmodule"
    android:value="true" />
<meta-data
    android:name="xposeddescription"
    android:value="Easy example" />
<meta-data
    android:name="xposedminversion"
    android:value="54" />

●新建lib目录
将下载好的XposedBridged.jar放入该目录

并右键->Add To Library   这个步骤会在grandlew中添加

dependencies {
    compile fileTree(dir: 'libs', include: ['*.jar'])
    testCompile 'junit:junit:4.12'
    compile 'com.android.support:appcompat-v7:23.1.1'
    compile files('lib/XposedBridgeApi-54.jar')
}

我们要将compile files修改为provided files,最后效果如下

dependencies {
    compile fileTree(dir: 'libs', include: ['*.jar'])
    testCompile 'junit:junit:4.12'
    compile 'com.android.support:appcompat-v7:23.1.1'
    provided files('lib/XposedBridgeApi-54.jar')
}

●添加assets目录

在该目录下添加xposed_init   

该文件的作用是指定module入口类,Hook的实现代码在该类中

格式: 包名称 + 类名

com.bingghost.xposeddemo.XposedHook

●新建xposed_init中指明的入口类XposedHook

public class XposedHook implements IXposedHookLoadPackage {
    public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
        XposedBridge.log("Loaded app: " + lpparam.packageName);

        if (!lpparam.packageName.equals("com.bingghost.simplehelloworld"))
        {
            return;
        }

        findAndHookMethod("com.bingghost.simplehelloworld.MainActivity", lpparam.classLoader, "sayhello", int.class, int.class, new XC_MethodHook() {
            protected void afterHookedMethod(MethodHookParam param) {
                String str = (String) param.getResult();
                Log.v("hook after result :", str);
                Integer  para1 =  (Integer) param.args[0];   //获取参数1
                Integer para2 = (Integer) param.args[1];     //获取参数2
                String s1 = Integer.toString(para1);
                String s2 = Integer.toString(para2);
                param.setResult("i am new result! after");   //设置返回值

                Log.v("hook param1:", s1);
                Log.v("hook param2:", s2);
                Log.v("hook result:", "i am new result! after");
            }

            protected void beforeHookedMethod(MethodHookParam param) {
                param.setResult("i am new result! before");  //
                Integer  para1 =  (Integer) param.args[0];   //获取参数1
                Integer para2 = (Integer) param.args[1];     //获取参数2
                String s1 = Integer.toString(para1);
                String s2 = Integer.toString(para2);
                Log.v("hook before param1:", s1);
                Log.v("hook before param2:", s2);

                param.args[0] = 100;  //设置参数1
                param.args[1] = 200;  //设置参数2

                Log.v("hook", "before hook!");
            }

        });
    }
}

handleLoadPackage           包加载时会调用

afterHookedMethod         Hook函数调用前

beforeHookedMethod     Hook函数后

XposedBridge.log              打印的内容将在XposedInstall的日志界面

安装好XposedDemoAPP 在模块中勾选上重启系统

5.运行结果

测试APP显示结果如下:

点击第2个按钮logcat输出

来自为知笔记(Wiz)