Epic是基于Xposed框架的非侵入式Android运行时AOP Hook框架,支持4.0到9.0。它无需注解处理器或字节码重写,只需一行代码即可实现集成。不仅可以hook应用代码,还可以hook运行在应用进程中的Android框架代码。示例包括监控线程创建和销毁,以及拦截dex加载行为。目前,Epic支持Dalvik及ART环境,但不支持所有架构。欢迎贡献和报告问题。
What is it?
Epic is the continution of Dexposed on ART(Supporting 4.0~9.0).
Dexposed is a powerful yet non-invasive runtime AOP (Aspect-oriented Programming) framework for Android app development, based on the work of open-source Xposed framework project.
The AOP of Dexposed is implemented purely non-invasive, without any annotation processor, weaver or bytecode rewriter. The integration is as simple as loading a small JNI library in just one line of code at the initialization phase of your app.
Not only the code of your app, but also the code of Android framework that running in your app process can be hooked.
Epic keeps the same API and all capability of Dexposed, you can do anything which is supported by Dexposed.
Typical use-cases
Classic AOP programming
Instrumentation (for testing, performance monitoring and etc.)
Security audit (sensitive api check,Smash shell)
Just for fun :)
Integration
Directly add epic aar to your project as compile libraries, it contains a jar file "dexposedbridge.jar" two so files "libdexposed.so libepic.so" from 'epic' directory.
Gradle dependency like following(jcenter):
dependencies {
compile 'me.weishu:epic:0.3.6'
}
Everything is ready.
Newer version of epic is not open source, v0.3.6 is enough for test or personal usage. If you want for the newer version (better compatibility for Android 8.0+ and support for Android 9.0), please contact me.
Basic usage
There are three injection points for a given method: before, after, origin.
Example 1: monitor the creation and destroy of java thread
class ThreadMethodHook extends XC_MethodHook{
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
Thread t = (Thread) param.thisObject;
Log.i(TAG, "thread:" + t + ", started..");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Thread t = (Thread) param.thisObject;
Log.i(TAG, "thread:" + t + ", exit..");
}
}
DexposedBridge.hookAllConstructors(Thread.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Thread thread = (Thread) param.thisObject;
Class> clazz = thread.getClass();
if (clazz != Thread.class) {
Log.d(TAG, "found class extend Thread:" + clazz);
DexposedBridge.findAndHookMethod(clazz, "run", new ThreadMethodHook());
}
Log.d(TAG, "Thread: " + thread.getName() + " class:" + thread.getClass() + " is created.");
}
});
DexposedBridge.findAndHookMethod(Thread.class, "run", new ThreadMethodHook());
Example 2: Intercept the dex loading behavior
DexposedBridge.findAndHookMethod(DexFile.class, "loadDex", String.class, String.class, int.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
String dex = (String) param.args[0];
String odex = (String) param.args[1];
Log.i(TAG, "load dex, input:" + dex + ", output:" + odex);
}
});
Checkout the sample project to find out more.
Support
Epic support all dalvik runtime arm architecture devices from Android 2.3 to 4.4 (no include 3.0), which inherits from Dexposed. Further more, it support ART thumb2 and arm64 architecture from Android 5.0 to 8.1. arm32, x86, x86_64 and mips are not supported now. The stability is not proved in any online product, it is only personal use now(mainly for performance analysis), Welcome to any compatibility issues or PRs.
Follow is support status.
Runtime
Android Version
Support
Dalvik
2.2
Not Test
Dalvik
2.3
Yes
Dalvik
3.0
No
Dalvik
4.0-4.4
Yes
ART
L (5.0)
Yes
ART
L MR1 (5.1)
Yes
ART
M (6.0)
Yes
ART
N (7.0)
Yes
ART
N MR1 (7.1)
Yes
ART
O (8.0)
Yes
ART
O MR1(8.1)
Yes
ART
P (9.0)
Yes
And the architecture support status:
Runtime
Arch
Support
Dalvik
All
Yes
ART
Thumb2
Yes
ART
ARM64
Yes
ART
ARM32
No
ART
x86/x86_64
No
ART
mips
No
Known Issues
Short method (instruction less 8 bytes on thumb2 or less 16bytes in ARM64) are not supported.
Fully inlined methods are not supported.
Contribute
We are open to constructive contributions from the community, especially pull request and quality bug report. Currently, the implementation for ART is not proved in large scale, we value your help to test or improve the implementation.
You can clone this project, build and install the sample app, just make some click in your device, if some bugs/crash occurs, please file an issue or a pull request, I am very appreciative :)
Thanks
Contact me
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
