要Hook的App
1.新建安卓工程
2. 打开AndroidManifest,加入以下配置
<!-- 添加标识 -->
<meta-data android:name="xposedmodule" android:value="true"/>
<!-- 载入Hook模块之后显示的信息 -->
<meta-data android:name="xposeddescription" android:value="Xposed Proxy For HOOK"/>
<!-- 规定jar包的版本信息 -->
<meta-data android:name="xposedminversion" android:value="54"/>
3.导入 XposedBridgeApi-54.jar 包
(1) 将XposedBridgeApi-54.jar拷贝到libs目录下
(2) 引入libs下的jar包必须使用compileOnly,否则程序安装后,XPosed无法正常执行Hook操作
4.新建Hook操作类,MyModule
package com.example.xptest3;
import android.widget.EditText;
import java.lang.reflect.Field;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class MyModule implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpp) throws Throwable {
if (lpp.packageName.equals("com.qianyu.textactivity")) {
XposedHelpers.findAndHookMethod("com.qianyu.textactivity.MainActivity", lpp.classLoader,
"login", String.class, String.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("账号:" + param.args[0]);
XposedBridge.log("密码:" + param.args[1]);
//打印堆栈查看调用关系
StackTraceElement[] wodelogs = new Throwable("wodelog").getStackTrace();
for (int i = 0; i < wodelogs.length; i++) {
XposedBridge.log("查看堆栈:" + wodelogs[i].toString());
}
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
//获取类
Class<?> clazz = param.thisObject.getClass();
XposedBridge.log("要hook的方法所在的类:" + clazz.getName());
// 输入框不为私有private可通过以下方式获取
//Field field = clazz.getField("ed_pwd");
// 通过类的字节码得到该类中声明的所有属性,无论私有或公有
Field field = clazz.getDeclaredField("ed_pwd");
// 设置访问权限
field.setAccessible(true);
EditText pwd = (EditText) field.get(param.thisObject);
String str = pwd.getText().toString();
XposedBridge.log("劫持到的密码:" + str);
pwd.setText("123456");
}
});
}
}
}
5.新建Assets目录,创建xposed_init文件,内容为MyModule包位置
(1)
(2)
(3)
6.编译运行安卓到手机后,激活重启模拟器或手机
7.重启后确认模块已勾选,清除一下日志,打开我们要hook的app
8.
(1)
(2)选择重新载入
(3)
完成