Xposed插件开发进阶篇

时间  2019-11-16
标签 xposed 插件 开发 进阶 繁體版
原文   原文链接

基础移步:http://www.codefrom.com/paper/Xposed%E6%8F%92%E4%BB%B6%E5%BC%80%E5%8F%...java

  1. Dalvik 孵化器 Zygote (Android系统中,全部的应用程序进程以及系统服务进程SystemServer都是由Zygote进程孕育/fork出来的)进程对应的程序是/system/bin/app_process. Xposed 框架中真正起做用的是对方法的 hook。android

    由于 Xposed 工做原理是在/system/bin 目录下替换文件,在 install 的时候须要 root 权限,可是运行时不须要 root 权限。apache

  2. log 统一管理,tag 显示包名app

    Log.d(MYTAG+lpparam.packageName, "hello" + lpparam.packageName);

  3. 植入广播接收器,动态执行指令框架

    findAndHookMethod("android.app.Application", lpparam.classLoader, "onCreate", new XC_MethodHook() {
        @Override
        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {

            Context context = (Context) param.thisObject;
            IntentFilter filter = new IntentFilter(myCast.myAction);
            filter.addAction(myCast.myCmd);
            context.registerReceiver(new myCast(), filter);

        }

        @Override
        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
            super.afterHookedMethod(param);
        }
    });

  4. context 获取(关于 context可见http://www.codefrom.com/paper/Android.Context)async

    fristApplication = (Application) param.thisObject;

  5. 注入点选择 application oncreate 程序真正启动函数 (该类有可能被重写,因此经过反射获得 oncreate 方法)ide

    String appClassName = this.getAppInfo().className;
        if (appClassName == null) {
            Method hookOncreateMethod = null;
            try {
                hookOncreateMethod = Application.class.getDeclaredMethod("onCreate", new Class[] {});
            } catch (NoSuchMethodException e) {
                e.printStackTrace();
            }
            hookhelper.hookMethod(hookOncreateMethod, new ApplicationOnCreateHook());

  6. 排除系统 app,排除自身,肯定主线程函数

    if(lpparam.appInfo == null || 
                (lpparam.appInfo.flags & (ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_UPDATED_SYSTEM_APP)) !=0){
            return;
        }else if(lpparam.isFirstApplication && !ZJDROID_PACKAGENAME.equals(lpparam.packageName)){

  7. hook methodthis

    Only methods and constructors can be hooked,Cannot hook interfaces,Cannot hook abstract methods
只能 hook 方法和构造方法,不能 hook 接口和抽象方法

  8. 参数中有 自定义类url

    public void myMethod (String a, MyClass b)

    经过反射获得自定义类...

  9. 注入后反射自定义类

    Class<?> hookMessageListenerClass = null;

hookMessageListenerClass = lpparam.classLoader.loadClass("org.jivesoftware.smack.MessageListener");

findAndHookMethod("org.jivesoftware.smack.ChatManager", lpparam.classLoader, "createChat", String.class , hookMessageListenerClass ,new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {

        String sendTo = (String) param.args[0];
        Log.i(tag , "sendTo : + " + sendTo );

    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
    }
});

  10. hook 一个类的方法,该类是子类而且没有重写父类的方法,此时应该 hook 父类仍是子类.(hook 父类方法后,子类若没重写,同样生效.子类重写方法须要另外 hook)

    例如
    java.net.HttpURLConnection extends URLConnection ,

    方法在父类

    javapublic OutputStream getOutputStream() throws IOException {
        throw new UnknownServiceException("protocol doesn't support output");
 }

    org.apache.http.impl.client.AbstractHttpClient extends CloseableHttpClient ,方法在父类(注意,android的继承的 AbstractHttpClient implements org.apache.http.client.HttpClient)

    javapublic CloseableHttpResponse execute(
        final HttpHost target,
        final HttpRequest request,
        final HttpContext context) throws IOException, ClientProtocolException {
                return doExecute(target, request, context);
}

    android.async.http复写HttpGet致使zjdroid hook org.apache.http.impl.client.AbstractHttpClient execute 没法获取到请求 url和method

  11. hook 构造方法

    javapublic static XC_MethodHook.Unhook findAndHookConstructor(String className, ClassLoader classLoader, Object... parameterTypesAndCallback) {
            return findAndHookConstructor(findClass(className, classLoader), parameterTypesAndCallback);
}
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程