本文主要参考https://my.oschina.net/wisedream/blog/471292?fromerr=rNPFQidG的内容,本身实现了一遍,侵权请告知php
已经安装xposed Installer的nexus5一台,Xposed Installer版本2.7 experimental1, Android 版本4.4.4java
开发环境Android Studio 2.2.3android
库版本 XposedBridgeApi-54.jarapp
一、拷贝XposedBridgeApi-54.jar到新建工程的libs目录ide
二、修改app目录下的build.gradle文件,在AndroidManifest.xml中增长Xposed相关内容gradle
三、新建hook类,编写hook代码ui
四、在app上右键新建assets folder,而后在assets目录下新建文件xposed_init,在里面写上hook类的完整路径this
一、新建Android studio工程,选择无activity,并将XposedBridgeApi-54.jar拷贝到libs目录下,而后双击app目录下的build.gradle文件,将spa
compile fileTree(include: ['*.jar'], dir: 'libs') 替换为 provided fileTree(include: ['*.jar'], dir: 'libs')
二、修改AndroidManifest.xml文件,在Application标签下增长内容以下.net
<meta-data android:name="xposedmodule" android:value="true" /> <meta-data android:name="xposeddescription" android:value="模块描述" /> <meta-data android:name="xposedminversion" android:value="54" />
三、新建hook类,命名为XMdodule,内容以下
public class XModule implements IXposedHookLoadPackage{ @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable { if(loadPackageParam.packageName.equals("com.example.test")){ XposedBridge.log("XLZH " + loadPackageParam.packageName); XposedHelpers.findAndHookMethod(TelephonyManager.class, "getDeviceId", new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { return "this is imei"; } }); XposedHelpers.findAndHookMethod(TelephonyManager.class, "getSubscriberId", new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { return "this is imsi"; } }); } } }
代码功能是hook 系统TelephonyManager类的getDeviceId()和getSubscriberId()方法,返回字符串,并且只hook com.example.test应用。
四、新建assets目录,在其中新建文本xposed_init,里面内容为
com.zcgames.xposedtest.XModule
最后的目录结构以下图所示
Android Studio新建com.example.test应用,MainActivity.java内容以下
public class MainActivity extends AppCompatActivity { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); Button button = (Button)findViewById(R.id.getImei); button.setOnClickListener(new View.OnClickListener(){ @Override public void onClick(View v) { TelephonyManager tm = (TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE); try { Log.d("XLZH", "get imei " + tm.getDeviceId()); Log.d("XLZH", "get imsi " + tm.getSubscriberId()); }catch (Exception e) { Log.d("XLZH", e.getMessage()); e.printStackTrace(); } } }); } }
一、XposedTest工程编写完成后,点击Build-Build Apk(由于没有Activity,因此没法点击运行自动安装),build成功后,在app/build/output/apk目录下生成app-debug.apk,点击as下发的Terminal,进入该目录使用adb install安装便可
二、com.example.test工程完成后,点击run运行,点击按钮,使用logcat | grep XLZH,查看结果以下
3,打开xposed Installer应用,选择模块,能够看到XposedTest模块,选中,而后重启手机,再次打开目标应用,点击按钮,结果以下所示,hook成功
一、xposed加载模块失败,在xposed installer的log中看到提示以下
java.lang.IllegalAccessError: Class ref in pre-verified class resolved to unexpected implementation
缘由:由于没有修改build.gradle文件,默认libs目录下的内容会被包仅apk中,致使和手机上原有的发生了冲突,在build.gradle中把compile修改为provided便可。
二、xposed_init中区分大小写,例如com.zcgames.xposedtest.XModule修改为com.zcgames.XposedTest.XModule,也会致使模块加载失败
三、模块安装后再次使用adb install安装时,提供程序已经安装,须要到设置->应用中找到安装的模块进行卸载(没有activity,没法在桌面卸载)