[转载] Android.Hook框架xposed开发篇
本文转载自: http://www.52pojie.cn/thread-396793-1-1.html
<?xml version="1.0"encoding="utf-8"?><manifestxmlns:android="http://schemas.android.com/apk/res/android"package="de.robv.android.xposed.mods.tutorial"android:versionCode="1"android:versionName="1.0" ><uses-sdk android:minSdkVersion="15" /><applicationandroid:icon="@drawable/ic_launcher"android:label="@string/app_name" ><meta-dataandroid:name="xposedmodule"android:value="true" /><meta-dataandroid:name="xposeddescription"android:value="Easy example" /><meta-dataandroid:name="xposedminversion"android:value="54" /></application></manifest>
packagede.robv.android.xposed.mods.tutorial;importde.robv.android.xposed.IXposedHookLoadPackage;importde.robv.android.xposed.XposedBridge;importde.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;publicclassTutorial implementsIXposedHookLoadPackage{publicvoidhandleLoadPackage(finalLoadPackageParam lpparam)throwsThrowable {XposedBridge.log("Loaded app: "+ lpparam.packageName);}}
packagede.robv.android.xposed.mods.tutorial;importstaticde.robv.android.xposed.XposedHelpers.findAndHookMethod;importde.robv.android.xposed.IXposedHookLoadPackage;importde.robv.android.xposed.XC\_MethodHook;importde.robv.android.xposed.callbacks.XC\_LoadPackage.LoadPackageParam;publicclassTutorialimplementsIXposedHookLoadPackage {publicvoidhandleLoadPackage(finalLoadPackageParam lpparam) throwsThrowable {if(!lpparam.packageName.equals("com.android.systemui")) return;findAndHookMethod("com.android.systemui.statusbar.policy.Clock",lpparam.classLoader, "updateClock", newXC_MethodHook() {@OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param) throwsThrowable {// this will be called beforethe clock was updated by the original method}@OverrideprotectedvoIDAfterHookedMethod(MethodHookParam param) throwsThrowable {// this will be called afterthe clock was updated by the original method}});}}
IXposedHookLoadPackage
publicclassXposedInterfaceimplementsIXposedHookLoadPackage {publicvoidhandleLoadPackage(finalLoadPackageParamlpparam) throwsThrowable {XposedBridge.log("Kevin-Loaded app:"+ lpparam.packageName); }}参数说明|final LoadPackageParam lpparam 这个参数包含了加载的应用程序的一些基本信息。XposedHelpersfindAndHookMethod ;这是一个辅助方法,可以通过如下方式静态导入:importstaticde.robv.android.xposed.XposedHelpers.findAndHookMethod;使用示例findAndHookMethod("com.android.systemui.statusbar.policy.Clock",lpparam.classLoader, "handleUpdateClock", newXC_MethodHook() {@OverrideprotectedvoidbeforeHookedMethod(MethodHookParamparam) throwsThrowable {// this will be called before the clock wasupdated by the original method }@OverrideprotectedvoidafterHookedMethod(MethodHookParamparam) throwsThrowable {// this will be called after the clock wasupdated by the original method }});
findAndHookMethod(Class<?>clazz, //需要Hook的类名ClassLoader, //类加载器,可以设置为 nullString methodName, //需要 Hook 的方法名Object... parameterTypesAndCallback该函数的最后一个参数集,包含了:(1)Hook 的目标方法的参数,譬如:"com.android.internal.policy.impl.PhoneWindow.DecorView"是方法的参数的类。(2)回调方法:a.XC_MethodHookb.XC_MethodReplacement
findAndHookMethod("android.app.Application",lpparam.classLoader, "onCreate", newXC_MethodHook() {@OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param) throwsThrowable {Context context = (Context) param.thisObject;IntentFilter filter = newIntentFilter(myCast.myAction);filter.addAction(myCast.myCmd);context.registerReceiver(newmyCast(), filter);}@OverrideprotectedvoidafterHookedMethod(MethodHookParam param) throwsThrowable {super.afterHookedMethod(param);}});
String appClassName = this.getAppInfo().className;if(appClassName == null) {Method hookOncreateMethod = null;try{hookOncreateMethod =Application.class.getDeclaredMethod("onCreate", newClass[] {});} catch(NoSuchMethodException e) {e.printStackTrace();}hookhelper.hookMethod(hookOncreateMethod, newApplicationOnCreateHook());6.排除系统 app,排除自身,确定主线程if(lpparam.appInfo == null||(lpparam.appInfo.flags &(ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_UPDATED_SYSTEM_APP)) !=0){return;}elseif(lpparam.isFirstApplication &&!ZJDROID_PACKAGENAME.equals(lpparam.packageName)){
Only methods and constructors can behooked,Cannot hook interfaces,Cannot hook abstractmethods
publicvoidmyMethod(String a, MyClass b)
Class<?> hookMessageListenerClass =null;hookMessageListenerClass =lpparam.classLoader.loadClass("org.jivesoftware.smack.MessageListener");findAndHookMethod("org.jivesoftware.smack.ChatManager",lpparam.classLoader, "createChat", String.class, hookMessageListenerClass,newXC_MethodHook() {@OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param) throwsThrowable {String sendTo = (String) param.args[0];Log.i(tag , "sendTo : + "+ sendTo );}@OverrideprotectedvoidafterHookedMethod(MethodHookParam param) throwsThrowable {super.afterHookedMethod(param);}});
publicOutputStream getOutputStream() throwsIOException {thrownewUnknownServiceException("protocol doesn't supportoutput");}org.apache.http.impl.client.AbstractHttpClientextendsCloseableHttpClient ,方法在父类(注意,android的继承的 AbstractHttpClient implements org.apache.http.client.HttpClient)publicCloseableHttpResponse execute(finalHttpHost target,finalHttpRequest request,finalHttpContext context) throwsIOException, ClientProtocolException {returndoExecute(target, request, context);}
publicstaticXC_MethodHook.UnhookfindAndHookConstructor(String className, ClassLoader classLoader, Object...parameterTypesAndCallback) {returnfindAndHookConstructor(findClass(className, classLoader),parameterTypesAndCallback);}
Method executeRequest =RefInvoke.findMethodExact("org.apache.http.impl.client.AbstractHttpClient",ClassLoader.getSystemClassLoader(),"execute", HttpHost.class, HttpRequest.class,HttpContext.class);hookhelper.hookMethod(executeRequest, newAbstractBahaviorHookCallBack(){@OverridepublicvoiddescParam(HookParam param) {// TODO Auto-generated method stubLogger.log_behavior("Apache Connect to URL ->");HttpHost host = (HttpHost) param.args[0];HttpRequest request = (HttpRequest) param.args[1];if(request instanceoforg.apache.http.client.methods.HttpGet) {org.apache.http.client.methods.HttpGet httpGet =(org.apache.http.client.methods.HttpGet) request;Logger.log_behavior("HTTP Method : "+ httpGet.getMethod());Logger.log_behavior("HTTP GET URL : "+httpGet.getURI().toString());Header[] headers = request.getAllHeaders();if(headers != null) {for(inti = 0; i < headers.length;i++) {Logger.log_behavior(headers.getName() + ":"+headers.getName());}}} elseif(request instanceofHttpPost) {HttpPost httpPost = (HttpPost) request;Logger.log_behavior("HTTP Method : "+ httpPost.getMethod());Logger.log_behavior("HTTP URL : "+httpPost.getURI().toString());Header[] headers = request.getAllHeaders();if(headers != null) {for(inti = 0; i <headers.length; i++) {Logger.log_behavior(headers.getName() + ":"+headers.getValue());}}HttpEntity entity = httpPost.getEntity();String contentType = null;if(entity.getContentType() != null) {contentType =entity.getContentType().getValue();if(URLEncodedUtils.CONTENT_TYPE.equals(contentType)) {try{byte[] data =newbyte[(int) entity.getContentLength()];entity.getContent().read(data);String content =newString(data, HTTP.DEFAULT_CONTENT_CHARSET);Logger.log_behavior("HTTP POST Content : "+ content);}catch(IllegalStateException e) {// TODO Auto-generatedcatch blocke.printStackTrace();} catch(IOException e) {// TODO Auto-generatedcatch blocke.printStackTrace();}}elseif(contentType.startsWith(HTTP.DEFAULT_CONTENT_TYPE)) {try{byte[] data =newbyte[(int) entity.getContentLength()];entity.getContent().read(data);String content =newString(data, contentType.substring(contentType.lastIndexOf("=") +1));Logger.log_behavior("HTTP POST Content : "+ content);}catch(IllegalStateException e) {// TODO Auto-generatedcatch blocke.printStackTrace();} catch(IOException e) {// TODO Auto-generatedcatch blocke.printStackTrace();}}}else{byte[] data = newbyte[(int)entity.getContentLength()];try{entity.getContent().read(data);String content =newString(data, HTTP.DEFAULT_CONTENT_CHARSET);Logger.log_behavior("HTTP POST Content : "+ content);} catch(IllegalStateException e){// TODO Auto-generatedcatch blocke.printStackTrace();} catch(IOException e) {// TODO Auto-generatedcatch blocke.printStackTrace();}}}}@OverridepublicvoidafterHookedMethod(HookParam param) {// TODO Auto-generated method stubsuper.afterHookedMethod(param);HttpResponse resp = (HttpResponse) param.getResult();if(resp != null) {Logger.log_behavior("Status Code = "+resp.getStatusLine().getStatusCode());Header[] headers = resp.getAllHeaders();if(headers != null) {for(inti = 0; i <headers.length; i++) {Logger.log_behavior(headers.getName() + ":"+headers.getValue());}}}}});对 HttpURLConnection 的 hook Zjdroid 未能提供完美的解决方案,想要取得除了 URL 之外的 data 字段必须对I/O流操作.Method openConnectionMethod =RefInvoke.findMethodExact("java.net.URL",ClassLoader.getSystemClassLoader(), "openConnection");hookhelper.hookMethod(openConnectionMethod,newAbstractBahaviorHookCallBack() {@OverridepublicvoiddescParam(HookParam param) {// TODO Auto-generated method stubURL url = (URL) param.thisObject;Logger.log_behavior("Connect to URL ->");Logger.log_behavior("The URL = "+ url.toString());}});
findAndHookMethod("java.io.PrintWriter",lpparam.classLoader, "print",String.class, newXC_MethodHook() {@OverrideprotectedvoidbeforeHookedMethod(MethodHookParam param) throwsThrowable {String print = (String) param.args[0];Pattern pattern = Pattern.compile("(\\w+=.*)");Matcher matcher = pattern.matcher(print);if(matcher.matches())Log.i(tag+lpparam.packageName,"data : "+ print);//Log.d(tag,"A :" + print);}});
else{HttpEntityEnclosingRequestBase httpGet =(HttpEntityEnclosingRequestBase) request;HttpEntity entity =httpGet.getEntity();Logger.log_behavior("HttpRequestBase URL : "+httpGet.getURI().toString());Header[] headers =request.getAllHeaders();if(headers != null) {for(inti = 0; i <headers.length; i++) {Logger.log_behavior(headers.getName() + ":"+headers.getName());}}if(entity!= null){try{String content = EntityUtils.toString(entity);Logger.log_behavior("HTTP entity Content : "+content);}catch(IllegalStateException e) {// TODOAuto-generated catch blocke.printStackTrace();}catch(IOException e) {// TODO Auto-generated catchblocke.printStackTrace();}}
[转载] Android.Hook框架xposed开发篇的更多相关文章
- 【转】Android Hook框架Xposed详解
1 Introduction 1.1 概述 Xposed 是 GitHUB 上 rovo89 大大设计的一个针对 Android 平台的动态劫持项目,通过替换 /system/bin/app_pro ...
- Android Hook框架Xposed详解
1 Introduction 1.1 概述 Xposed 是 GitHUB 上 rovo89 大大设计的一个针对 Android 平台的动态劫持项目,通过替换 /system/bin/app_pro ...
- android hook 框架 xposed 如何实现挂钩
Android so注入-libinject2 简介.编译.运行 Android so注入-libinject2 如何实现so注入 Android so注入-Libinject 如何实现so注入 A ...
- android hook 框架 xposed 如何实现注入
Android so注入-libinject2 简介.编译.运行 Android so注入-libinject2 如何实现so注入 Android so注入-Libinject 如何实现so注入 A ...
- android hook 框架 ADBI 如何实现dalvik函数挂钩
Android so注入-libinject2 简介.编译.运行 Android so注入-libinject2 如何实现so注入 Android so注入-Libinject 如何实现so注入 A ...
- android hook 框架 libinject2 如何实现so注入
Android so注入-libinject2 简介.编译.运行 Android so注入-libinject2 如何实现so注入 Android so注入-Libinject 如何实现so注入 A ...
- android hook 框架 libinject2 简介、编译、运行
Android so注入-libinject2 简介.编译.运行 Android so注入-libinject2 如何实现so注入 Android so注入-Libinject 如何实现so注入 A ...
- Android网络框架Volley(体验篇)
Volley是Google I/O 2013推出的网络通信库,在volley推出之前我们一般会选择比较成熟的第三方网络通信库,如: android-async-http retrofit okhttp ...
- Android网络框架Volley(实战篇)
之前讲了ym—— Android网络框架Volley(体验篇),大家应该了解了volley的使用,接下来我们要看看如何把volley使用到实战项目里面,我们先考虑下一些问题: 从上一篇来看 mQu ...
随机推荐
- ooize节点的属性控制
<workflow-app name="[WF-DEF-NAME]" xmlns="uri:oozie:workflow:[version]"> & ...
- UNICODE与UTF8和GBK之间的关系
http://wenku.baidu.com/link?url=bheGEzfSjEx-QX-ciME5oKooKYE08_NJZ02l2kKFa7kVZJ4t8Ks2uSNByovgP2QL6btq ...
- 快速使用node.js进行web开发
首先关于node.js的学习,这里推荐一本比较好的教程,nodejs web开发指南,该书通俗易懂地将node.js语言特性讲解完之后,又从一个项目角度带领读者使用node.js学习web开发.相信这 ...
- 是不是content-type: text/html的数据包一到,浏览器就肯定刷新页面?
整理自:http://q.cnblogs.com/q/54726/ 是不是content-type: text/html的数据包一到,浏览器就肯定刷新页面? 或者说,浏览器收到的状态正常的conten ...
- knockout 学习实例3 html
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title> ...
- Fatal error: Call to undefined function imagettftext()解决办法
Fatal error: Call to undefined function imagettftext()解决办法 我的问题是php编译安装时指定了gd的目录,其实不用指定.就可以了 博客分类: ...
- 关闭和开启oracle
1.使用sqlplus 启动和关闭数据库. 答:使用sqlplus以sysdba的身份登录数据库 因为我的数据库是启动状态,所以我就先演示数据库的关闭 数据库的关闭使用语句shutdown immed ...
- 每天一个 Linux 命令(12):more命令
more命令,功能类似 cat ,cat命令是整个文件的内容从上到下显示在屏幕上. more会以一页一页的显示方便使用者逐页阅读,而最基本的指令就是按空白键(space)就往下一页显示,按 b 键就会 ...
- Highcharts——大气好用的图标制作工具
Highcharts是一款纯javascript编写的图表库,能够很简单便捷的在Web网站或Web应用中添加交互性的图表,Highcharts目前支持直线图.曲线图.面积图.柱状图.饼图.散点图等多达 ...
- 18. Word Ladder && Word Ladder II
Word Ladder Given two words (start and end), and a dictionary, find the length of shortest transform ...