使用Xposed Installer实现Android Hook

使用Xposed Installer来实现Android hook,文章参考官方教程,有修改。

1、安装Xposed Installer框架apk到手机,手机必须root;

2、代码编写;

在manifest文件中声明:

<application
  android:allowBackup="true"
  android:icon="@drawable/ic_launcher"
  android:label="@string/app_name"
  android:theme="@style/AppTheme" >
  <meta-data
    android:name="xposedmodule"
    android:value="true" />
  <meta-data
    android:name="xposeddescription"
    android:value="Easy example which changes the color of all app" />
  <meta-data
    android:name="xposedminversion"
    android:value="30" />
</application>

添加xposed库文件到libs目下;新建Main.java类,代码如下:

public class Main implements IXposedHookLoadPackage,IXposedHookZygoteInit{

    @Override
    public void initZygote(StartupParam startupParam) throws Throwable {
        hookResColor();
    }

    void hookResColor(){
        XposedHelpers.findAndHookMethod(Resources.class,
                "getColor", Integer.TYPE,
                new XC_MethodReplacement() {
                    
                    @Override
                    protected Object replaceHookedMethod(MethodHookParam param)
                            throws Throwable {
                        Object color = XposedBridge.invokeOriginalMethod(param.method, param.thisObject, param.args);
                        if (color instanceof Integer) {
                            Integer new_name = (Integer) color;
                            return new_name & ~0x0000ff00 | 0x00ff0000;
                        }
                        return null ;
                    }
                });
    }
    
    @Override
    public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
        hookClock(lpparam);
    }

    void hookClock(LoadPackageParam lpparam){
        if (!lpparam.packageName.equals("com.android.systemui"))
            return;

        XposedHelpers.findAndHookMethod(
                "com.android.systemui.statusbar.policy.Clock",
                lpparam.classLoader, "updateClock", new XC_MethodHook() {
                    @Override
                    protected void afterHookedMethod(MethodHookParam param)
                            throws Throwable {
                        System.out.println("replaceHookedMethod---updateClock");
                        XposedBridge.log("replaceHookedMethod---updateClock-->>");
                        TextView tv = (TextView) param.thisObject;
                        String text = tv.getText().toString();
                        tv.setText(text + " :)-->");
                        tv.setTextColor(Color.RED);
                    }
                });
    }

添加名称为xposed_init的文件到assets目录下,文件内容为“com.app.xposed.example.Main”,就是上面Main类的完整包名。

右键工程选择properties,在Java Build Path里去掉勾选的选项(这里有点坑,必须去掉勾选,不然运行之后没效果,不知道是不是和开发环境有关),如图:

运行工程,效果如下:

这么看来Xposed也和Cydia Substrate一样,需要依赖于Java反射,如果做了代码混淆或者加密之后,此框架还有用吗?

posted @ 2015-01-05 16:35  Alex_the_coder  阅读(4792)  评论(0编辑  收藏  举报