侧边栏壁纸
  • 累计撰写 38 篇文章
  • 累计创建 23 个标签
  • 累计收到 9 条评论

目 录CONTENT

文章目录

【Android】Lsposed 零基础学习 (随缘更新o(╥﹏╥)o)

Fup1p1
2023-03-05 / 0 评论 / 0 点赞 / 997 阅读 / 11,099 字 / 正在检测是否收录...

前言

Xposed常年不更新,Lsposed支持Android更高版本并且继承了Xposed的所有API,于是我决定学习Lsposed。

先实现一个student类

package com.example.hookdemo01;

import android.util.Log;

public class student {
    String name=null;
    String id=null;
    int age=0;
    public String getNickname() {
        return nickname;
    }

    public static String getTeachername() {
        return teachername;
    }

    private  String nickname=null;
    public static  String teachername=null;

    public student(){
        name="default";
        id="default";
        age=12;
    }
    public class person{
        public String name;
        public String sex;
        public String getpersonname(String arg0){
            return arg0;
        }
    }
    public student(String name){
        this.name=name;
        id="default";
        age=12;
    }
    public student(String name,String id){
        this.name=name;
        this.id=id;
        age=12;
    }
    public student(String name,String id,int age){
        this.name=name;
        this.id=id;
        this.age=age;
    }
    public student(String name,int age){
        this.name=name;
        this.age=age;
    }
    public student(String name,String id,int age,String nickname,String teacher){
        this.name=name;
        this.id=id;
        this.age=age;
        teachername=teacher;
        this.nickname=nickname;
    }
    public static String publicstaticfunc(String arg1,int arg2){
        String result=privatestaticfunc("privatestaticfunc",200);
        Log.i("Xposed","Publicstaticfunc is called!"+arg1+"---"+arg2);
        return arg1+"---"+arg2+"---"+result;
    }
    private static String privatestaticfunc(String arg1,int arg2){
        Log.i("Xposed","privatestaticfunc is called!"+arg1+"---"+arg2);
        return arg1+"---"+arg2;
    }
    public  String publicfunc(String arg1,int arg2){
        String result=privatefunc("privatefunc",500);
        Log.i("Xposded","publicfunc is called");
        person tmp=new person();
        String tmpresult=tmp.getpersonname("person");
        return arg1+"---"+arg2+"---"+result+"---"+tmpresult;
    }
    private String privatefunc(String arg1,int arg2){
        Log.i("Xposded","privatefunc is called");
        return arg1+"---"+arg2;
    }
}

package com.example.hookdemo01;

import androidx.appcompat.app.AppCompatActivity;

import android.os.Bundle;
import android.util.Log;

public class MainActivity extends AppCompatActivity {
    public void printstudent(student stu){
        Log.i("Xposed-Fup1p1",stu.name+"---"+stu.id+"---"+stu.age);
    }
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        student astudent=new student();
        student bstudent=new student("xiaoming");
        student dstudent=new student("xiaoming",20);
        student cstudent=new student("xiaohong","2010",20);
        student estudent=new student("xiaohong","2010",20,"Fup1p1","kanxue");
        printstudent(astudent);
        printstudent(bstudent);
        printstudent(cstudent);
        printstudent(dstudent);
        printstudent(estudent);

    }
}

hook构造函数

package com.example.xposed01;

import android.util.Log;

import java.lang.reflect.Field;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class hookconstructor implements IXposedHookLoadPackage {//IXposedHookLoadPackage 接口,实现hook逻辑的类必须实现该接口,
//APP被加载的时候会调用该接口中的 handleLoadPackage(final XC_LoadPackage.LoadPackageParam lpparam) 方法,所以我们需要重写该函数,并在其中实现我们的hook逻辑

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {//XC_LoadPackage.LoadPackageParam,该类下包含与正在加载的应用程序的有关信息。
        Log.i("Xposed->",lpparam.packageName);
        XposedBridge.log("Fup1p1 Loaded app:->" + lpparam.packageName);
        if(lpparam.packageName.equals("com.example.hookdemo01")){
            ClassLoader classLoader=lpparam.classLoader;
            Class studentclass=classLoader.loadClass("com.example.hookdemo01.student");
            XposedHelpers.findAndHookConstructor(studentclass, new XC_MethodHook() {//传递了一个新的 XC_MethodHook 匿名内部类,并覆盖了 beforeHookedMethod 和 afterHookedMethod 方法,以便在构造函数执行前后执行我们的自定义代码。
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    XposedBridge.log("Fup1p1 com.example.hookdemo01.student() is called!!BeforeHookmethod");
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("com.example.hookdemo01.student() is called!!afterHookmethod");
                }
            });

            XposedHelpers.findAndHookConstructor(studentclass, String.class,new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    java.lang.Object[] argsobjarrray= param.args;
                    String name=(String) argsobjarrray[0];
                    XposedBridge.log("com.example.hookdemo01.student(String) is called!!BeforeHookmethod--"+name);
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("com.example.hookdemo01.student(String) is called!!afterHookmethod--");
                }
            });

            XposedHelpers.findAndHookConstructor(studentclass, String.class,String.class,new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    java.lang.Object[] argsobjarrray= param.args;
                    String name=(String) argsobjarrray[0];
                    String id=(String) argsobjarrray[1];
                    XposedBridge.log("com.example.hookdemo01.student(String,String) is called!!BeforeHookmethod--"+name+"---"+id);
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("com.example.hookdemo01.student(String,String) is called!!afterHookmethod--");
                }
            });

            XposedHelpers.findAndHookConstructor(studentclass, String.class,String.class,int.class,String.class,String.class,new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    java.lang.Object[] argsobjarrray= param.args;
                    String name=(String) argsobjarrray[0];
                    String id=(String) argsobjarrray[1];
                    int age=(int) argsobjarrray[2];
                    argsobjarrray[1]="2050";
                    argsobjarrray[2]=100;
                    String nickname= (String) argsobjarrray[3];
                    String teacher= (String) argsobjarrray[4];
                    XposedBridge.log("XXX com.example.hookdemo01.student(String,String,int) is called!!BeforeHookmethod--"+name+"---"+id+"---"+age+"---"+nickname+"---"+teacher);
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("com.example.hookdemo01.student(String,String,int) is called!!afterHookmethod--");
                }
            });
          
        }
    }
}

修改属性

修改静态属性

ClassLoader pathclassloader=lpparam.classLoader;
Class stuclass=pathclassloader.loadClass("com.example.hookdemo01.student");
XposedBridge.log("StudentClass->"+stuclass);
不使用Xposed API
Field teacherFields=stuclass.getDeclaredField("teachername");
teacherFields.set(null,"teacher666");
String teachername= (String) teacherFields.get(null);
XposedBridge.log("teacherFields1->"+teachername);
使用Xposed API

XposedHelpers.setStaticObjectField(stuclass,"teachername","teacher888");
String teachername2= (String) XposedHelpers.getStaticObjectField(stuclass,"teachername");
XposedBridge.log("XposedHelpers.getStaticObjectField->"+teachername2);

修改非静态private属性

不使用Xposed API
            ClassLoader pathclassloader=lpparam.classLoader;
            Class stuclass=pathclassloader.loadClass("com.example.hookdemo01.student");
            XposedHelpers.findAndHookConstructor(studentclass, String.class,String.class,int.class,String.class,String.class,new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    java.lang.Object[] argsobjarrray= param.args;
                    
                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    Object thisobj=param.thisObject;

                    Field nicknamefield1=stuclass.getDeclaredField("nickname");
                    XposedBridge.log("nickname->"+nicknamefield1);
                    nicknamefield1.setAccessible(true);
                    nicknamefield1.set(thisobj,"Fup1p1-1");     
                }
            });
使用Xposed API
            ClassLoader pathclassloader=lpparam.classLoader;
            Class stuclass=pathclassloader.loadClass("com.example.hookdemo01.student");
            XposedHelpers.findAndHookConstructor(studentclass, String.class,String.class,int.class,String.class,String.class,new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    java.lang.Object[] argsobjarrray= param.args;
                    
                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    Object thisobj=param.thisObject;

                    XposedHelpers.setObjectField(thisobj,"nickname","Fup1p1-2");
                    Object returnobj=param.getResult();
                    XposedBridge.log(thisobj+"---"+returnobj);  
                }
            });

Hook内部类

要注意$符号

Class personclass=XposedHelpers.findClass("com.example.hookdemo01.student$person",lpparam.classLoader);
            XposedHelpers.findAndHookMethod(personclass, "getpersonname", String.class, new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    XposedBridge.log("beforeHookedMethod->getpersonname->"+param.args[0]);
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("afterHookedMethod->getpersonname->"+param.getResult());
                }
            });

主动调用类函数

对于静态函数,直接调用。
对于非静态函数,需先得到类的实例,然后才能完成调用。

静态函数

通过反射获得Method,由于是静态函数,所以Object处设置为Null

Publicstaticfunc

不使用Xposed API
Class stuclass=classloader.loadClass("com.example.hookdemo01.student");
            Method publicstaticfunc_method=stuclass.getDeclaredMethod("publicstaticfunc",String.class,int.class);
            publicstaticfunc_method.invoke(null,"InvokeedbyXpossed",100);
使用Xposed API
java.lang.Class<?>[] parameterTYpes={String.class,int.class};  
XposedHelpers.callStaticMethod(stuclass,"publicstaticfunc",parameterTYpes,"invokebyXpose11!!!",114514);

可以省略参数列表

XposedHelpers.callStaticMethod(stuclass,"publicstaticfunc","invokebyXpose22!!!",114514);

QQ图片20230307144110

Privatestaticfunc

不使用Xposed API

其他相同,只需多加一行取消权限检查即可。

 privatestaticfunc_method.setAccessible(true);
使用Xposed API

与publicstatic相同。如果查看xposed源码,就知道这个API已经默认取消权限检查了!

publicfunc

不使用Xposed API

           Method public_method=stuclass.getDeclaredMethod("publicfunc",String.class,int.class);
           Constructor stucons=stuclass.getDeclaredConstructor(String.class,int.class);
           Object stuobj=stucons.newInstance("InstancebyXposed",300);

使用Xposed API

Object stuobjbyxposed1 =XposedHelpers.newInstance(stuclass,"stuobjbyxposed_newinstance1",114114);
String result1= (String) XposedHelpers.callMethod(stuobjbyxposed1,"publicfunc",parameterTYpes,"invokebyXpose333!!!",1145141919);
XposedBridge.log("invokebyXposed->"+result1);

privatefunc

使用Xposed API
Object stuobjbyxposed1 =XposedHelpers.newInstance(stuclass,"stuobjbyxposed_newinstance1",114114);
String result1= (String) XposedHelpers.callMethod(stuobjbyxposed1,"privatefunc",parameterTYpes,"invokebyXpose333!!!",1145141919);
XposedBridge.log("invokebyXposed->"+result1);
0

评论区