白乐天

道阻且长,行则将至。

Xposed-API

发表于 分类于
本文字数: 7.6k 阅读时长 ≈ 7 分钟

XposedHelpers

findAndHookConstructor()

Hook 类的构造方法

1
2
3
4
5
6
findAndHookMethod(
    String className,         // 要 Hook 的类的完整类名
    ClassLoader classLoader,  // 类加载器
    String methodName,        // 要 Hook 的方法名
    Object... parameterTypesAndCallback // 方法参数类型和回调
)

demo测试

Person类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
public class Person {
    private String name;
    private static int age = 50;
    
    
	public Person(){
        this.name="Bileton";
    }
    
    public Person(String name, int aage) {
        this.name = name;
        age = aage;
    }
}

MainActivity

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
public class MainActivity extends AppCompatActivity implements View.OnClickListener{

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        EdgeToEdge.enable(this);
        setContentView(R.layout.activity_main);

        findViewById(R.id.constructor).setOnClickListener(this);

    }


    @Override
    public void onClick(View v) {
        if (v.getId()==R.id.constructor){
            Person person = new Person("Bileton",18);
            Log.d("Person","name:"+person.name+" age:"+Person.age);
        }
    }
}

Xposed hook

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
public class lsptest implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        XposedBridge.log("Bileton->package"+loadPackageParam.packageName);

        XposedHelpers.findAndHookConstructor("com.example.lsphookdemo.Person", loadPackageParam.classLoader,String.class,int.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
                Log.d("Bileton","before hook "+"name: "+param.args[0]+" age:"+param.args[1]);
                param.args[0] = "bileton";
                param.args[1] = 22;
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
                Log.d("Bileton","after hook "+"name: "+param.args[0]+" age:"+param.args[1]);
            }
        });
    }
}

启动程序,点击按钮,查看日志,如下,hook成功

findAndHookMethod()

Hook 类的方法

重载1

1
2
3
4
5
6
7
XposedHelpers.findAndHookMethod(
    String className,       // 要 Hook 的类的完整类名
    ClassLoader classLoader, // 类加载器
    String methodName,      // 要 Hook 的方法名
    Object... parameterTypesAndCallback // 方法参数类型和回调
);

重载2

1
2
3
4
5
6
findAndHookMethod(
    Class<?> clazz,         // 目标类的 Class 对象
    String methodName,      // 要 Hook 的方法名
    Object... parameterTypesAndCallback // 方法参数类型和回调
)

回调方法

1
2
3
4
5
6
7
8
9
10
11
new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        // 在目标方法调用之前执行的逻辑
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        // 在目标方法调用之后执行的逻辑
    }
};

demo测试

person类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
public class Person {
    public String name;
    public static int age = 50;

    public Person(){
        this.name="Bileton";
    }

    public void setName(String name){
        this.name = name;
    }

    public static void setAge(int age) {
        Person.age = age;
    }
}

MainActivity

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
public class MainActivity extends AppCompatActivity implements View.OnClickListener{

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        EdgeToEdge.enable(this);
        setContentView(R.layout.activity_main);
        
        findViewById(R.id.method).setOnClickListener(this);

    }


    @Override
    public void onClick(View v) {
        if (v.getId()==R.id.method){
            Person person = new Person();
            person.setName("Bileton");
            Person.setAge(18);
            Log.d("Bileton","name:"+person.name+" age:"+Person.age);
        }
    }
}

Xposed hook

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
public class lsptest implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        XposedBridge.log("Bileton->package"+loadPackageParam.packageName);

        XposedHelpers.findAndHookMethod("com.example.lsphookdemo.Person", loadPackageParam.classLoader, "setName", String.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
                Log.d("Bileton","before hook "+"name: "+param.args[0]);
                param.args[0] = "bileton";
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
                Log.d("Bileton","after hook "+"name: "+param.args[0]);
            }
        });

        XposedHelpers.findAndHookMethod("com.example.lsphookdemo.Person", loadPackageParam.classLoader, "setAge", int.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
                Log.d("Bileton","before hook "+"age: "+param.args[0]);
                param.args[0] =21;
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
                Log.d("Bileton","after hook "+"age: "+param.args[0]);
            }
        });
    }
}

启动程序,点击按钮,查看日志,如下,hook成功

newInstance()

动态地创建对象实例。

重载方法

1
2
3
4
5
Object newInstance(Class<?> clazz);

Object newInstance(Class<?> clazz, Object... args);

Object newInstance(Class<?> clazz, Class<?>[] parameterTypes, Object[] args);

Person类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
public class Person {
    public String name;
    public static int age = 50;

    public Person(){
        this.name="Bileton";
    }

    public Person(String name, int aage) {
        this.name = name;
        age = aage;
    }
    
    public void printInfo(){
        Log.d("Bileton","name:"+this.name+" age:"+Person.age);
    }
}

Xposed hook

1
2
3
4
5
6
7
8
9
10
11
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
    XposedBridge.log("Bileton->package"+loadPackageParam.packageName);

    ClassLoader clazzLoader = loadPackageParam.classLoader;
    Class<?> clazz_person = clazzLoader.loadClass("com.example.lsphookdemo.Person");

    Object obj_person = XposedHelpers.newInstance(clazz_person,"bileton",25);
    Method method_printInfo = clazz_person.getDeclaredMethod("printInfo");
    method_printInfo.invoke(obj_person);
}

输出结果

findField()

查找并访问类中的字段。

1
2
3
4
XposedHelpers.findField(
    Class<?> clazz,      // 目标类的 Class 对象
    String fieldName     // 要查找的字段名
);

Person类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
public class Person {
    public String name;
    public static int age = 50;

    public Person(){
        this.name="Bileton";
    }

    public Person(String name, int aage) {
        this.name = name;
        age = aage;
    }
    
    public void printInfo(){
        Log.d("Bileton","name:"+this.name+" age:"+Person.age);
    }
}

Xposed hook

通过反射获取和修改字段的值

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
public class lsptest implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        XposedBridge.log("Bileton->package"+loadPackageParam.packageName);

        ClassLoader clazzLoader = loadPackageParam.classLoader;
        Class<?> clazz_person = clazzLoader.loadClass("com.example.lsphookdemo.Person");

        Object obj_person = XposedHelpers.newInstance(clazz_person,"Bileton",25);

        Field nameField = XposedHelpers.findField(clazz_person,"name");
        String name = (String) nameField.get(obj_person);
        XposedBridge.log("Bileton---name:"+name);
        nameField.set(obj_person,"bileton");

        Field ageField = XposedHelpers.findField(clazz_person,"age");
        int age = ageField.getInt(null);
        XposedBridge.log("Bileton---age:"+age);
        ageField.setInt(null,21);
        Method method_printInfo = clazz_person.getDeclaredMethod("printInfo");
        method_printInfo.invoke(obj_person);
    }
}

输出如下