简介
除了之前介绍的用悬浮窗绘制方框之外,还有几种比较特殊的绘制方框的方法.
可执行文件
首先需要搭建aosp环境,雷电模拟器以Android5.1为例
编译aosp可以参考这个视频:
Android开源项目AOSP
编译系统后,在external目录将test拷贝过来.
代码逻辑如下:
1.创建surface
sp<SurfaceControl> surfaceControl = client->createSurface(String8("test"),
display.w, display.h, PIXEL_FORMAT_RGBA_8888, ISurfaceComposerClient::eHidden);
2.设置surface属性
SurfaceComposerClient::openGlobalTransaction();
surfaceControl->setLayer(100000);
surfaceControl->setPosition(0, 0);
surfaceControl->show();
SurfaceComposerClient::closeGlobalTransaction();
3.结合skia绘制
SkCanvas surfaceCanvas(surfaceBitmap);
SkPaint paint;
SkRect rect{i, i, display.w - i, display.h - i};
paint.setColor(SK_ColorRED);
paint.setStrokeWidth(2);
paint.setStyle(SkPaint::kStroke_Style);
surfaceCanvas.drawRect(rect, paint);
示例代码见github:
https://github.com/PShocker/Android_executable_draw
注意,每个Android版本的skia代码都可能不一样,所以该示例编译的文件仅仅适用于Android5.1
Hook Surfaceflinger进程的eglSwapBuffers函数
替换Surfaceflinger进程的Surfaceflinger.so的eglSwapBuffers为自己的new_eglSwapBuffers函数,并在new_eglSwapBuffers的函数内调用opengl相关函数实现绘制.
EGLBoolean new_eglSwapBuffers(EGLDisplay dpy, EGLSurface surface)
{
LOGD("New eglSwapBuffers\n");
// glClearColor(0, 255, 0, 1);
// glClear(GL_COLOR_BUFFER_BIT);
eglQuerySurface(dpy, surface, EGL_WIDTH, &w);
eglQuerySurface(dpy, surface, EGL_HEIGHT, &h);
// LOGD("EGL_WIDTH:%d\n",w);
// LOGD("EGL_HEIGHT:%d\n",h);
glUseProgram(gProgram);
glLineWidth(2);
glEnableVertexAttribArray(0);
// glVertexAttribPointer(gvPositionHandle, 2, GL_FLOAT, GL_FALSE, 0, gTriangleVertices);
// glEnableVertexAttribArray(gvPositionHandle);
// glVertexAttribPointer(0, 3, GL_FLOAT, GL_FALSE, 0, vVertices);
// glDrawArrays(GL_LINE_LOOP, 0, 4);
// drawRect(100,10,200,200);
drawRect(0,0,200,200);
return eglSwapBuffers(dpy, surface);
}
github示例:
x86模拟器版本:
https://github.com/PShocker/Android_hook_sf_draw_x86
arm64版本:
https://github.com/PShocker/Android_hook_sf_draw_arm64
参考:
https://blog.csdn.net/jinzhuojun/article/details/10428435
https://github.com/MelonWXD/ELFHooker
https://blog.csdn.net/jinzhuojun/article/details/9900105
https://github.com/android/ndk-samples/tree/main/hello-gl2
PC端建立透明窗口
将手机画面投屏到PC上或直接使用Android模拟器,由PC创建一个透明窗口覆盖到手机或模拟器画面上,所有绘制均在PC的透明窗口完成.
这里读取数据的方法可以是读取内存,拦截游戏数据包,解密直接获取坐标.
参考赶马人代码:
https://www.52pojie.cn/thread-1582463-1-1.html
某游戏模拟器绘制:
https://github.com/zhaoke1995/pubg-mobile-esp
[复制链接]
发表于 2022-2-14 17:08
|
发表于 2022-2-14 17:55
哈哈哈,AOSP编译?是拉大锯的粉丝?
