Xposed

最新推荐文章于 2023-12-29 15:53:41 发布
最新推荐文章于 2023-12-29 15:53:41 发布
阅读量417 收藏 2
点赞数
分类专栏: android安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u014679440/article/details/114183719
版权

xposed开发环境搭建

创建一个无Activity的项目,切换到Project视图,在app目录下创建一个lib目录
在这里插入图片描述
将xposed的jar添加到lib目录下,选中这个jar包,然后右击,将这个添加为库(编译的时候,不需要打包这个jar包)
在build.gradle的dependencies中添加一行

provided files('lib/api-82.jar')

在这里插入图片描述
修改AndroidManifest.xml

<meta-data
    android:name="xposedmodule"
    android:value="true" />
<meta-data
    android:name="xposeddescription"
    android:value="my name is xiaojianbang" />
<meta-data
    android:name="xposedminversion"
    android:value="53" />

在这里插入图片描述
然后创建一个类Hook,输入内容

public class Hook implements IXposedHookLoadPackage{

    // Xposed是一个全局的Hook
    // 如果对一个app进行过滤,需要 参数XC_LoadPackage.LoadPackageParam loadPackageParam进行判断
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        Log.d("showme","hook start...");

        if(!loadPackageParam.packageName.equals("com.xingin.xls")) return;
        
    }
}

在main目录下创建一个assets目录,创建一个文本文件 xposed_init
指定入口类:在其中输入 Hook类的完整路径名(包名.类名)
在这里插入图片描述
点击Build
在这里插入图片描述
找到生成的apk,进行安装
在这里插入图片描述
安装好之后,激活模块,然后重启
在这里插入图片描述

hook构造函数

ClassLoader classLoader = loadPackageParam.classLoader;
Class StudentClass = classLoader.loadClass("com.showme.xposedhook01.Student");
XposedHelpers.findAndHookConstructor(StudentClass, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        XposedBridge.log("com.showme.xposedhook01.Student() is called!!beforeHookedMethod");
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        XposedBridge.log("com.showme.xposedhook01.Student() is called!!afterHookedMethod");
    }
});


XposedHelpers.findAndHookConstructor(StudentClass, String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        java.lang.Object[] argsobjarray = param.args;
        String name = (String) argsobjarray[0];
        XposedBridge.log("com.showme.xposedhook01.Student(String) is called!!beforeHookedMethod--" + name);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        XposedBridge.log("com.showme.xposedhook01.Student(String) is called!!afterHookedMethod");
    }
});


XposedHelpers.findAndHookConstructor("com.showme.xposedhook01.Student", loadPackageParam.classLoader, String.class, String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        java.lang.Object[] argsobjarray = param.args;
        String name = (String) argsobjarray[0];
        String id = (String) argsobjarray[1];
        XposedBridge.log("com.showme.xposedhook01.Student(String,String) is called!!beforeHookedMethod--" + name + "---" + id);

    }
});


ClassLoader pathClassLoader= loadPackageParam.classLoader;
final Class stuClass=pathClassLoader.loadClass("com.showme.xposedhook01.Student");
XposedHelpers.setStaticObjectField(stuClass,"teacher","teacher888");
String teachername2= (String) XposedHelpers.getStaticObjectField(stuClass,"teacher");



XposedHelpers.findAndHookConstructor(StudentClass, String.class, String.class, int.class,String.class,String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        java.lang.Object[] argsobjarray = param.args;
        String name = (String) argsobjarray[0];
        String id = (String) argsobjarray[1];
        int age = (int) (argsobjarray[2]);
        argsobjarray[1] = "2050";
        argsobjarray[2] = 100;

        String teacher= (String) argsobjarray[3];
        String nickname= (String) argsobjarray[4];

        XposedBridge.log("com.showme.xposedhook01.Student(String,String) is called!!beforeHookedMethod--" + name + "---" + id + "--" + age+"---"+teacher+"---"+nickname);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);

        Object thisobj = param.thisObject;

    /*       Field nicknameField=stuClass.getDeclaredField("nickname");
        XposedBridge.log(stuClass+"--nicknameField->"+nicknameField);
        nicknameField.setAccessible(true);
        nicknameField.set(thisobj,"bear");*/

        XposedHelpers.setObjectField(thisobj,"nickname","chick");

        Object returnobj = param.getResult();
        XposedBridge.log(thisobj + "---" + returnobj);
        XposedBridge.log("com.showme.xposedhook01.Student(String,String,int) is called!!afterHookedMethod");
    }
});

hook系统类,DexClassLoader,应用加载了哪些插件

XposedHelpers.findAndHookConstructor(DexClassLoader.class, String.class, String.class, String.class, ClassLoader.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        Object array[]=param.args;
        String dexpath= (String) array[0];
        String optimizedDirectory= (String) array[1];
        String librarySearchPath= (String) array[2];
        XposedBridge.log("DexClassLoader beforeHookedMethod:"+dexpath+"---"+optimizedDirectory+"---"+librarySearchPath);

    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);

        DexClassLoader dexClassLoader= (DexClassLoader) param.thisObject;
        XposedBridge.log("DexClassLoader afterHookedMethod:"+dexClassLoader);
    }
});

hook属性:使用java反射和Xposed的API

ClassLoader classLoader = loadPackageParam.classLoader;
Class StudentClass = classLoader.loadClass("com.showme.xposedhook.Student");

// java反射
Field teacherField=stuClass.getDeclaredField("teacher");
teacherField.setAccessible(true);
teacherField.set(null,"teacher666");
String teachername1= (String) teacherField.get(null);
XposedBridge.log("teacherField->"+teachername1);

// Xposed中的实现和java反射一样,但是默认调用了 setAccessible(true);
XposedHelpers.setStaticObjectField(stuClass,"teacher","teacher888");
String teachername2= (String) XposedHelpers.getStaticObjectField(stuClass,"teacher");


@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
    super.afterHookedMethod(param);

    Object thisobj = param.thisObject;
    XposedHelpers.setObjectField(thisobj,"nickname","chick");

    Object returnobj = param.getResult();
    XposedBridge.log(thisobj + "---" + returnobj);
}

hook一般方法

ClassLoader classLoader = loadPackageParam.classLoader;
Class StuClass = classLoader.loadClass("com.showme.xposedhook01.Student");

// 一般java函数的hook 
XposedHelpers.findAndHookMethod("com.showme.xposedhook01.Student", loadPackageParam.classLoader, "privatefunc", String.class, int.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        Object[] objectarray = param.args;
        String arg0 = (String) objectarray[0];
        int arg1 = (int) objectarray[1];
        XposedBridge.log("beforeHookedMethod11 privatefunc->arg0:" + arg0 + "---arg1:" + arg1);

    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);

        String result = (String) param.getResult();
        XposedBridge.log("afterHookedMethod11 privatefunc->result:" + result);

    }
});

// 内部类中的函数hook
Class personClass = XposedHelpers.findClass("com.showme.xposedhook01.Student$person", loadPackageParam.classLoader);
XposedHelpers.findAndHookMethod(personClass, "getpersonname", String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        XposedBridge.log("beforeHookedMethod getpersonname->" + param.args[0]);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        XposedBridge.log("afterHookedMethod getpersonname->" + param.getResult());
    }
});

// 匿名内部类函数的hook - 匿名内部类总会有一个类名的,用那个类名就行了

// 类中JNI函数的hook - 和普通函数一样

主动调用函数

// java 反射的方式
ClassLoader classLoader = loadPackageParam.classLoader;
Class StuClass = classLoader.loadClass("com.showme.xposedhook01.Student");
Method publicstaticfunc_method = StuClass.getDeclaredMethod("publicstaticfunc", String.class, int.class);
publicstaticfunc_method.invoke(null, "InvokedByXposed", 100);

// Xposed 中的API
//            public static java.lang.Object callMethod(java.lang.Object obj, java.lang.String methodName, java.lang.Object... args) { /* compiled code */ }
//
//            public static java.lang.Object callMethod(java.lang.Object obj, java.lang.String methodName, java.lang.Class<?>[] parameterTypes, java.lang.Object... args) { /* compiled code */ }
//
//            public static java.lang.Object callStaticMethod(java.lang.Class<?> clazz, java.lang.String methodName, java.lang.Object... args)
//
//            public static java.lang.Object callStaticMethod(java.lang.Class<?> clazz, java.lang.String methodName, java.lang.Class<?>[] parameterTypes, java.lang.Object... args)

java.lang.Class<?>[] parameterTypes = {String.class, int.class};

XposedHelpers.callStaticMethod(StuClass, "publicstaticfunc", parameterTypes, "publicstaticfunc is called by XposedHelpers.callStaticMethod11", 100);
XposedHelpers.callStaticMethod(StuClass, "publicstaticfunc", "publicstaticfunc is called by XposedHelpers.callStaticMethod22", 200);

XposedHelpers.callStaticMethod(StuClass, "privatestaticfunc", parameterTypes, "privatestaticfunc is called by XposedHelpers.callStaticMethod11", 400);
XposedHelpers.callStaticMethod(StuClass, "privatestaticfunc", "privatestaticfunc is called by XposedHelpers.callStaticMethod22", 300);


Method privatestaticfunc_method = StuClass.getDeclaredMethod("privatestaticfunc", String.class, int.class);
privatestaticfunc_method.setAccessible(true);
String result = (String) privatestaticfunc_method.invoke(null, "privatestaticfuncIsInvokedByXposed", 200);


//            public static java.lang.Object callMethod(java.lang.Object obj, java.lang.String methodName, java.lang.Object... args) { /* compiled code */ }
//
//            public static java.lang.Object callMethod(java.lang.Object obj, java.lang.String methodName, java.lang.Class<?>[] parameterTypes, java.lang.Object... args) { /* compiled code */ }

//            public static java.lang.Object newInstance(java.lang.Class<?> clazz, java.lang.Object... args) { /* compiled code */ }
//
//            public static java.lang.Object newInstance(java.lang.Class<?> clazz, java.lang.Class<?>[] parameterTypes, java.lang.Object... args) { /* compiled code */ }


Object StuObjByXposed = XposedHelpers.newInstance(StuClass, "StuObjByXposed.newInstance", "500");
String result1 = (String) XposedHelpers.callMethod(StuObjByXposed, "publicfunc", "publicfunc is called by XposedHelpers.callMethod", 125);
XposedBridge.log("publicfunc XposedHelpers.callMethod result->" + result1);

XposedHelpers.callMethod(StuObjByXposed, "privatefunc", "privatefunc is called by XposedHelpers.callMethod", 130);




//Student cstudent = new Student("xiaohua", "2020");
XposedHelpers.findAndHookConstructor(StuClass, String.class, String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        XposedBridge.log("Student(String,String) is called beforeHookedMethod");
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        XposedBridge.log("Student(String,String) is called afterHookedMethod");
        Object cstudent=param.thisObject;
        XposedHelpers.callMethod(cstudent,"publicfunc","publicfunc is called XposedHelpers.findAndHookConstructor",666);
        XposedHelpers.callMethod(cstudent,"privatefunc","privatefunc is called XposedHelpers.findAndHookConstructor",888);
    }
});


//            public String getNickname() {
//                return nickname;
//            }

XposedHelpers.findAndHookMethod(StuClass, "getNickname", new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        Object obj=param.thisObject;
        XposedHelpers.callMethod(obj,"publicfunc","beforeHookedMethod publicfunc is called XposedHelpers.callMethod",444);
        XposedHelpers.callMethod(obj,"privatefunc","beforeHookedMethod privatefunc is called XposedHelpers.callMethod",333);

        XposedBridge.log("getNickname is called beforeHookedMethod->"+obj);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        Object obj=param.thisObject;
        XposedHelpers.callMethod(obj,"publicfunc","afterHookedMethod publicfunc is called XposedHelpers.callMethod",222);
        XposedHelpers.callMethod(obj,"privatefunc","afterHookedMethod privatefunc is called XposedHelpers.callMethod",111);

        XposedBridge.log("getNickname is called afterHookedMethod->"+param.thisObject);
    }
});

加壳APP处理

/*
1、对于有壳的apk,Xposed首先拿到的是壳的classloader
2、壳一般在,壳代码的OnCreate修成classloader
*/
public class HookShellApk implements IXposedHookLoadPackage {

    public static Field getClassField(ClassLoader classloader, String class_name,
                                      String filedName) {

        try {
            Class obj_class = classloader.loadClass(class_name);//Class.forName(class_name);
            Field field = obj_class.getDeclaredField(filedName);
            field.setAccessible(true);
            return field;
        } catch (SecurityException e) {
            e.printStackTrace();
        } catch (NoSuchFieldException e) {
            e.printStackTrace();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        }
        return null;

    }

    public static Object getClassFieldObject(ClassLoader classloader, String class_name, Object obj,
                                             String filedName) {

        try {
            Class obj_class = classloader.loadClass(class_name);//Class.forName(class_name);
            Field field = obj_class.getDeclaredField(filedName);
            field.setAccessible(true);
            Object result = null;
            result = field.get(obj);
            return result;
        } catch (SecurityException e) {
            e.printStackTrace();
        } catch (NoSuchFieldException e) {
            e.printStackTrace();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        }
        return null;

    }

    public static Object invokeStaticMethod(String class_name,
                                            String method_name, Class[] pareTyple, Object[] pareVaules) {

        try {
            Class obj_class = Class.forName(class_name);
            Method method = obj_class.getMethod(method_name, pareTyple);
            return method.invoke(null, pareVaules);
        } catch (SecurityException e) {
            e.printStackTrace();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        } catch (NoSuchMethodException e) {
            e.printStackTrace();
        } catch (InvocationTargetException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        }
        return null;

    }

    public static Object getFieldOjbect(String class_name, Object obj,
                                        String filedName) {
        try {
            Class obj_class = Class.forName(class_name);
            Field field = obj_class.getDeclaredField(filedName);
            field.setAccessible(true);
            return field.get(obj);
        } catch (SecurityException e) {
            e.printStackTrace();
        } catch (NoSuchFieldException e) {
            e.printStackTrace();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (NullPointerException e) {
            e.printStackTrace();
        }
        return null;

    }

    public static ClassLoader getClassloader() {
        ClassLoader resultClassloader = null;
        Object currentActivityThread = invokeStaticMethod(
                "android.app.ActivityThread", "currentActivityThread",
                new Class[]{}, new Object[]{});
        Object mBoundApplication = getFieldOjbect(
                "android.app.ActivityThread", currentActivityThread,
                "mBoundApplication");
        Application mInitialApplication = (Application) getFieldOjbect("android.app.ActivityThread",
                currentActivityThread, "mInitialApplication");
        Object loadedApkInfo = getFieldOjbect(
                "android.app.ActivityThread$AppBindData",
                mBoundApplication, "info");
        Application mApplication = (Application) getFieldOjbect("android.app.LoadedApk", loadedApkInfo, "mApplication");
        resultClassloader = mApplication.getClassLoader();
        return resultClassloader;
    }

    public void GetClassLoaderClasslist(ClassLoader classLoader) {
        //private final DexPathList pathList;
        //public static java.lang.Object getObjectField(java.lang.Object obj, java.lang.String fieldName)
        XposedBridge.log("start dealwith classloader:" + classLoader);
        Object pathListObj = XposedHelpers.getObjectField(classLoader, "pathList");
        //private final Element[] dexElements;
        Object[] dexElementsObj = (Object[]) XposedHelpers.getObjectField(pathListObj, "dexElements");
        for (Object i : dexElementsObj) {
            //private final DexFile dexFile;
            Object dexFileObj = XposedHelpers.getObjectField(i, "dexFile");
            //private Object mCookie;
            Object mCookieObj = XposedHelpers.getObjectField(dexFileObj, "mCookie");
            //private static native String[] getClassNameList(Object cookie);
            //    public static java.lang.Object callStaticMethod(java.lang.Class<?> clazz, java.lang.String methodName, java.lang.Object... args) { /* compiled code */ }
            Class DexFileClass = XposedHelpers.findClass("dalvik.system.DexFile", classLoader);

            String[] classlist = (String[]) XposedHelpers.callStaticMethod(DexFileClass, "getClassNameList", mCookieObj);
            for (String classname : classlist) {
                XposedBridge.log(dexFileObj + "---" + classname);
            }
        }
        XposedBridge.log("end dealwith classloader:" + classLoader);

    }

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        Log.i("Xposed01", loadPackageParam.packageName);
        XposedBridge.log("HookLebo->app packagename" + loadPackageParam.packageName);
        if (loadPackageParam.packageName.equals("com.test.abc")) {
            XposedBridge.log("showme " + loadPackageParam.packageName);
            Class StubAppClass=XposedHelpers.findClass("com.test.abc.MyWrapperProxyApplication",loadPackageParam.classLoader);
            Method[] methods=StubAppClass.getDeclaredMethods();
            for(Method i:methods){
                XposedBridge.log("com.test.abc.MyWrapperProxyApplication->"+i);
            }
            XposedHelpers.findAndHookMethod("com.test.abc.MyWrapperProxyApplication", loadPackageParam.classLoader, "onCreate", new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    XposedBridge.log("com.test.abc.MyWrapperProxyApplication->onCreate beforeHookedMethod");
                }

                @Override
                protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                    super.afterHookedMethod(param);
                    XposedBridge.log("com.test.abc.MyWrapperProxyApplication->onCreate afterHookedMethod");

                    ClassLoader finalClassLoader=getClassloader();
                    XposedBridge.log("finalClassLoader->" + finalClassLoader);
                    XposedHelpers.findAndHookMethod("com.orginal.apk.MainActivity", finalClassLoader, "onCreate", Bundle.class, new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            super.beforeHookedMethod(param);
                            XposedBridge.log("beforeHookedMethod com.orginal.apk.MainActivity.onCreate");

                        }

                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            super.afterHookedMethod(param);
                            XposedBridge.log("afterHookedMethod com.orginal.apk.MainActivity.onCreate");

                        }
                    });
                }
            });
        }
    }
}

so中函数处理

1、创建android studio native项目,使用inhook框架,编写hook的内容
2、通过Xposed,在java.lang.Runtime.loadLibrary的时机加载so

// java.lang.System.loadLibrary,的下一级,会使用当前调用者的ClassLoader,所以会被使用成Xposed的ClassLoader
// 可以用java.lang.Runtimem,但是在不同版本的源码中,loadLibrary的名字不一样,需要适配
XposedHelpers.findAndHookMethod("java.lang.Runtime", loadPackageParam.classLoader, "loadLibrary", String.class,ClassLoader.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
        String soname= (String) param.args[0];
        XposedBridge.log("beforeHookedMethod Runtime.load("+soname+","+param.args[1]+")");
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
        String soname= (String) param.args[0];
        XposedBridge.log("afterHookedMethod Runtime.load("+soname+")");
        if(soname.contains("native-lib")){
            System.load("/data/data/com.showme.xposedhookso/files/hookso.so");
        }
    }
});

对于armv8,可以使用sandHook框架

指纹检测与简单定制
showme#
关注
专栏目录
监控系统试运行记录.docx
06-28
监控系统试运行记录 系统名称: 建设单位: 设计(施工)单位: 日期/时间 系统运行情况(含误、漏报警) 备注 值班人 注: 1. 系统运行情况栏中,正常打" "并每天不少于填写一次;不正常的再备注栏内及时扼要说明情况(包括修复日期)。 2. 系统有报警部分的,报警试验每天进行一次。无漏报警的,在对应空格内打" ",有漏报警的打"×",并在备注栏说明情况;出现误报警的也在相应备注栏内如实填写。 监控系统试运行记录全文共1页,当前为第1页。 监控系统试运行记录全文共1页,当前为第1页。 监控系统试运行记录
Xposed基本知识整理
I_am_a_coder_coder的博客
11-25 589
1.基本类和方法 public class Module implements IXposedHookLoadPackage { @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable { ...
Xposed 绕过360加固获得真正的classloader
miqt
11-05 1593
XposedHelpers.findAndHookMethod("com.stub.StubApp", loadPackageParam.classLoader, "attachBaseContext", Context.class, new XC_MethodHook() { @Override pr
python智能写诗的程序_【百度大脑新品体验】智能写诗与智能春联
weixin_39620273的博客
02-21 708
上面两个字符段是接口的输入,text字数小于 5 个,是春联的主题。index可以用来指定生成的对联,不同的index可能会生成不同的对联。智能春联的返回参数如下表: 其输出为 json 字符串。例如:“春节”对应的一个输出为{'couplets': {'center': '迎春接福', 'first': '春节迎春新世纪', 'second': '福音报福小康年'}}智能写诗接口智能写...
Android笔记-Xposed的使用(Hook登录函数获取用户名密码)
IT1995的博客
07-27 1539
如这个APP例子: 点击登录,Xposed打印: 对应的Java代码: 这里可以看到其包名为hfdcxy.com.myapplication 函数为check。 Xposed关键函数如下: public class HookUtils implements IXposedHookLoadPackage { @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam load..
VirtualXposed
12-26
VirtualXposed框架虚拟机是基于VirtualApp和epic在非ROOT环境下运行Xposed模块的实现
xposed x86手架包
09-19
Xposed框架是一款强大的Android系统修改工具,它允许用户在不修改APK的情况下影响应用程序的运行方式,从而实现各种自定义功能。"xposed x86手架包"是专为x86架构(通常用于模拟器或部分平板电脑)设计的Xposed框架...
XPosed框架,原XPosed派大星,目前可用的XP框架
02-04
Xposed鸭是一款基于Xposed Installer的修改版软件,他弥补了原版XPosed框架无法在线下载的遗憾,使其成为Xposed Installer的一个非常有趣的替代品。 安装Xposed框架非常简单,只需要下载并安装Xposed鸭,然后点击...
Xposed-v86-sdk22-x86框架包
12-28
Xposed框架是一款强大的Android系统修改工具,它允许用户在不修改APK的情况下影响应用程序的行为。Xposed-v86-sdk22-x86框架包是专为基于Android 5.0(API级别22)的x86架构设备设计的版本。这个框架在Android爱好者...
180729 安卓-Xposed笔记(2)
whklhhhh的博客
07-31 480
今天提交才发现这几天研究的点错了,血崩orz 回头重新搞,目标so做了混淆,感觉比较像控制流平坦化 但java层几乎没做混淆,关键符号加字符串定位轻而易举,结合Hook验证后即可通过Hook进行调用 然而Native方法不知怎么的死活没有Hook到 明明调用函数都已经抓到了的说 HookNative方法 Xposed也是可以HookNative方法的,只不过同样只能操作beforeHo...
xposed中集成sandhook框架实现native层hook
weixin_44348983的博客
08-16 934
xposed中集成sandhook,使其具有so hook能力
Xposed 插件开发之二: Xposed的一些知识
热门推荐
KeepStudy
09-18 1万+
一、 Api说明1. IXposedHookLoadPackage.java加载回调接口,在xposed入口类继承,实现handleLoadPackage方法 handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) 这个方法用于在加载应用程序的包的时候执行用户的操作 参数: LoadPackageParam loa
Xposed API详解
一个孤独漫步者的遐想的博客
11-12 3707
Xposed API详解Hook修改变量Hook普通方法回调函数XC_MethodHookXC_MethodReplacementHook获取参数与返回值获取参数获取返回值Hook构造函数无参构造有参构造Hook复杂函数Hook自定义类参数Hook替换函数与函数置空替换函数函数置空Hook内部类与匿名类内部类匿名类Xposed主动调用 Hook修改变量 静态变量(static):类被初始化,同步进行初始化 非静态变量:类被实例化(产生一个对象的时候),进行初始化 [外链图片转存失败,源站可能有防盗链机制
java反射
lqb3732842的博客
02-04 240
java中final类型的值能不能被修改? 在c,c++中 我们可以通过指针直接修改内存的值,包括final修饰的,在java中不存在指针概念,但是java确留了一黑手:反射!! 反射能做什么? 1:通过反射能获得类名,包名等信息!class2 = Person.class; System.out.println("Demo2:(写法2) 包名: " + class2.ge
xposed 03 - hook字段与一般方法
a5right的博客
12-26 906
本文主要讨论一下如何hook字段与方法hook字段有两种方式:使用反射使用 xposed api由于xposed 模块也运行在 app 进程中,所以我们可以将 app 的代码当作自己的,直接反射访问。
讨论 Xposed 模块的类和宿主中的类
qq_28987919的博客
12-29 444
Xposed 模块是一种Android应用程序的插件,可以为手机增加各种功能和特性,而无需修改操作系统或应用程序的源代码。这使得用户可以更轻松地个性化和改进Android设备。所以,Xposed 框架其实就是一种组件化开发的技术。
Xposed Hook Json
lhh0129的博客
05-17 993
Xposed Hook Json返回值 XposedHelpers.findAndHookConstructor,这个代码的意思是Hook类的构建方法! XposedHelpers.findAndHookConstructor("org.json.JSONObject", lpparam.classLoader, String.class, new XC_MethodHook() { ...
Xposed Hook不到类报错以及Xposed的Hook方法讲解
qq_42356008的博客
10-17 3681
介绍了Xposed hook不到类方法的解决方案,和Xposed的常用hook类的介绍
Xposed模块开发及构造函数Hook
q1921098027的博客
09-27 426
Xposed Hook 构造方法
sekiro xposed
最新发布
08-01
对不起,"Sekiro Xposed"似乎不是一个明确的概念。Xposed是一款安卓系统下的模块化框架,它允许用户修改系统的底层功能而无需root权限,通常用于安装各种自定义模块增强手机的功能。然而,如果将"Sekiro"理解为游戏《 Sekiro: Shadows Die Twice》(血源诅咒的精神续作),那么它本身并不与Xposed相关。 如果你提到的是将《 Sekiro》游戏与Xposed联系起来的可能性,那可能是某个玩家社区或模组开发者尝试制作适用于游戏的Xposed模块,比如修改游戏设置、增加新功能等。但这通常是非法且非官方的行为,不建议进行此类操作。 如果你有关于《 Sekiro》游戏本身的问题,或是对Xposed框架有技术方面的疑问,请具体说明以便我能提供更准确的信息。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值