初探Xposed在android上的应用
本帖最后由 rlive 于 2017-9-4 13:22 编辑Xposed不用多介绍了,可谓神器!之前在学习Xposed的过程中,留下诸多笔记,特摘出来贡献出来,给有需要的小伙伴们,毕竟大部分的资料也是搜索而来,取之于网络,回馈于网络!若有错误之处,但请指正!
Xposed的安装包在附件中,有需要的小伙伴自行下载,包含4.0.3 - 4.4 和 5.0以上两个版本,我只用到4.4;有可能会出现机型不适配,那就要多试试了或自行搜索下载其他版本的Xposed安装包了。
安装非常简单,Xposed只是框架。具体的功能要由模块实现。所以,要么找现成的模块安装,要么就自写,模块一旦安装,Xposed框架能够识别出来。刚刚安装的Xposed是一个模块都没有的.来个Xposed安装完成后的截图.另外,Xposed必需root权限,且有令手机变砖头的神器副作用,建议搞个模拟器玩耍
在包安装完成以后,需要进'框架'菜单做激活,激活完毕重启设备即可,不再细述!并且,每一个模块都必须在Xposed的'模块'选项中进行激活,激活后重启设备才能生效。
开启编写第一个hook模块,使用编译器为: Android Studio
(百度很多现有的资料,很多都是相同的,各种copy啊。但是,却是有错误的,楼主当时也是入坑,后来自己折腾了差不多半天,才搞定,后来也有搜到很好很正确的资料,这是后话了。总之一句话,网上拖来的资料最好还是要验证一番啊,光看看是不行)
1.程序清单中,需要加入一些配置如下
<meta-data
android:name="xposedmodule"
android:value="true"/> <!--表示是xpose模块,因此xpose框架能识别它-->
<meta-data
android:name="xposeddescription"
android:value="module test"/><!--对模块功能的描述信息-->
<meta-data
android:name="xposedminversion"
android:value="54"/><!--模块的api版本,要导jar包的,jar包啥版本就写啥版本-->
写在<application>这个标签下就行
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<!--配置写在android:theme=""的下一行就行了-->
2. 工程的Main目录上右键New->Folder->Assets Floder,新建一个Assets文件夹;在工程的左侧窗口里,要么用Project视窗要么用Android视窗,在视窗里找到Main目录新建就行
这个新建的Assets是放Xposed的文件信息的,当Assets目录新建完毕,就在里面再建一个文件,文件名xposed_init,注意没有后缀。这个文件里就写自定义的hook类的类名即可。因为自定义的模块也是一个apk,自然有包名,假设包名为 com.example.xxoo,且在此包中,hook的代码写在一个class里,class名为myhook,则hook类的完整名称为com.example.xxoo.myhook,则com.example.xxoo.myhook就是要写在xposed_init中的内容,就是这么简单
3.在java目录上右键New->Package,然后将新建的Package的目录名字改成libs,这个libs就是放Xposed的jar包的,jia包在附件的xposed压缩档里,直接复制粘贴进去就行了.jar包导入进去后,可能Android studio无法识别,则在jar包上右键,选择add as library,Androidstudio会去识别它。轻松,给力,愉快.jar包的名称里含有api版本号,第一步里填写的配置<meta-data 中的一项就是这个版本号哦。
4.此时,不出意外的话,build.gradle这个文件中的dependencies 闭包里,已经可以看到针对Xposed导包的脚本语句,正如下面的代码块中的compile files('src/main/java/libs/XposedBridgeApi-54.jar'),将compile修改为provided。build.gradle在整个文件工程里有2个,找包含dependencies 闭包的就可以了。dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
exclude group: 'com.android.support', module: 'support-annotations'
})
compile 'com.android.support:appcompat-v7:25.3.1'
compile 'com.android.support.constraint:constraint-layout:1.0.2'
testCompile 'junit:junit:4.12'
compile files('src/main/java/libs/XposedBridgeApi-54.jar')
}
5. 现在可以在工程里新建一个class,愉快的撸Hook代码了
6. hook类简单的示例代码public class ooxx implements IXposedHookLoadPackage {
private int button1 = 2131427422;
private int button2 = 2131427423;
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam)
throws Throwable {
if(loadPackageParam.packageName.equals("com.example.myxxoo"))
{
Class clazz = loadPackageParam.classLoader.loadClass(
"android.support.v7.app.AppCompatActivity");
XposedHelpers.findAndHookMethod(clazz, "findViewById",int.class,new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
param.args = (int)param.args == 2131427422 ? 2131427423 : 2131427422;
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
}
});
}
}
}
简单解释,代码是钩findViewById这个函数,改变原来的逻辑。原逻辑是点button1走button1代码,点button2走button2代码。hook以后,让他点button1的时候调用button2的代码,点button2的时候调用button1的代码:
一、handleLoadPackage(): 重写此方法,
二、handleLoadPackage()方法的参数loadPackageParam中包含很多信息,可借此过滤包,意义在于只对指定的包做hook操作
三、XposedHelpers.findAndHookMethod()关键方法,它的最后1个参数是个接口,相关的钩子方法就在这个接口的回调
四、拿函数的原始参数做手脚,就在beforeHookedMethod()里搞,拿函数的返回值做手脚,就在afterHookedMethod()里搞
五、各种风骚的操作尽在操作文档
Xposed: 链接:http://pan.baidu.com/s/1qXAO3co 密码:d06c
11-21 04:13:12.820 227-227/? D/XposedStartupMarker: Current time: 1511255592, PID: 227
11-21 04:13:12.820 227-227/? I/Xposed: -----------------
11-21 04:13:12.820 227-227/? I/Xposed: Starting Xposed version 88.2, compiled for SDK 23
11-21 04:13:12.820 227-227/? I/Xposed: Device: Custom Phone - 6.0.0 - API 23 - 768x1280 (Genymotion), Android version 6.0 (SDK 23)
11-21 04:13:12.820 227-227/? I/Xposed: ROM: vbox86p-userdebug 6.0 MRA58K eng.genymotion.20170929.044614 test-keys
11-21 04:13:12.820 227-227/? I/Xposed: Build fingerprint: Android/vbox86p/vbox86p:6.0/MRA58K/genymotion09290447:userdebug/test-keys
11-21 04:13:12.820 227-227/? I/Xposed: Platform: x86, 32-bit binary, system server: yes
11-21 04:13:12.820 227-227/? I/Xposed: SELinux enabled: no, enforcing: no
11-21 04:13:12.820 227-227/? D/Xposed: Using a single process for Xposed services
11-21 04:13:12.820 340-340/? E/Xposed: Error -2147483646 while adding system service user.xposed.system
11-21 04:13:14.968 227-227/? I/Xposed: -----------------
11-21 04:13:14.969 227-227/? I/Xposed: Added Xposed (/system/framework/XposedBridge.jar) to CLASSPATH
11-21 04:13:14.969 227-227/? D/AndroidRuntime: >>>>>> START de.robv.android.xposed.XposedBridge uid 0 <<<<<<
11-21 04:13:15.177 227-227/? I/Xposed: Detected ART runtime
11-21 04:13:15.189 227-227/? I/Xposed: Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing
11-21 04:13:15.514 227-227/? I/Xposed: Loading modules from /data/app/com.example.remtf.myfristxposeddemo-1/base.apk
11-21 04:13:15.525 227-227/? E/Xposed: Cannot load module:
11-21 04:13:15.528 227-227/? E/Xposed: The Xposed API classes are compiled into the module's APK.
11-21 04:13:15.528 227-227/? E/Xposed: This may cause strange issues and must be fixed by the module developer.
11-21 04:13:15.528 227-227/? E/Xposed: For details, see: http://api.xposed.info/using.html
11-21 04:13:19.626 967-967/android.process.acore D/StrictMode: StrictMode policy violation; ~duration=27 ms: android.os.StrictMode$StrictModeDiskReadViolation: policy=65567 violation=2
at android.os.StrictMode$AndroidBlockGuardPolicy.onReadFromDisk(StrictMode.java:1263)
at libcore.io.BlockGuardOs.stat(BlockGuardOs.java:292)
at java.io.File.lastModified(File.java:569)
at android.content.res.XResources.isFirstLoad(XResources.java:115)
at de.robv.android.xposed.XposedInit.cloneToXResources(XposedInit.java:396)
at de.robv.android.xposed.XposedInit.access$100(XposedInit.java:63)
at de.robv.android.xposed.XposedInit$9.afterHookedMethod(XposedInit.java:326)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:374)
at android.app.ResourcesManager.getTopLevelResources(<Xposed>)
at android.app.ActivityThread.getTopLevelResources(ActivityThread.java:1701)
at android.app.LoadedApk.getResources(LoadedApk.java:548)
at android.app.ContextImpl.<init>(ContextImpl.java:1832)
at android.app.ContextImpl.createPackageContextAsUser(ContextImpl.java:1695)
at android.app.ContextImpl.createPackageContext(ContextImpl.java:1679)
at android.content.ContextWrapper.createPackageContext(ContextWrapper.java:746)
at android.app.ActivityThread.installProvider(ActivityThread.java:5126)
at android.app.ActivityThread.installContentProviders(ActivityThread.java:4748)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4688)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
at android.app.ActivityThread.handleBindApplication(<Xposed>)
at android.app.ActivityThread.-wrap1(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1405)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5417)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
求大神解决下错误 remtf 发表于 2017-11-21 17:17
11-21 04:13:12.820 227-227/? D/XposedStartupMarker: Current time: 1511255592, PID: 227
11-21 04:13: ...
The Xposed API classes are compiled into the module's APK.
这行报错,我也遇到了。
解决方式是:
删除这行
implementation files('lib/api-82.jar')
很不错,谢谢分享 这个真没玩过 表示厉害了 先学习了 取之于网络,回馈于网络。这句话说的好 不知道兼容不兼容我这破手机。。 谢谢楼主分享 这就厉害了 对于手机来说要不要ROOT呢。