https://www.52pojie.cn/thread-1740944-1-1.html
看着这位佬和正己大佬的博客跟着学的
随便创建一个空项目
配置
进来等他配置一会,如果觉得慢,可以去.gralde/目录下设置镜像文件,网上有很多教程
下载上面博客的bridgeaPI
在这里点击到project 看得更方便
app目录下新建lib,复制我们的jar包进去
右键add as libray
然后
打开src/main目录下的AndroidManifest.xml 在application下进行编写,那xposed等工具识别这是个模块
[Asm] 纯文本查看 复制代码
在app项目下的build.gradle进行修改
改为compileonly
6.新建-->Folder-->Assets Folder,创建xposed_init(不要后缀名):只有一行代码,就是说明入口类
7.新建Hook类,实现IXposedHookLoadPackage接口,然后在handleLoadPackage函数内编写Hook逻辑
按照正己大佬的来
导入包
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Hook implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
}
}
然后在jadx中找到我们要hook的地方
复制为xposed片段
[Java] 纯文本查看 复制代码package com.example.xposedhook;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class Hook implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
XposedHelpers.findAndHookMethod("com.ctf.backdoor.MainActivity", loadPackageParam.classLoader, "ooxx", "String", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
}
});
}
}
整理下来大约就是这样,大家上面几个包和参数需要大家自己改改
下面有两个方法
我们就可以开始编写xposed模块了
比如我这里,我要调用这个方法,自主传参然后输出
[Java] 纯文本查看 复制代码public class Hook implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if (!loadPackageParam.packageName.equals("com.ctf.backdoor")) {
return;
}
Log.d("xposed", "handleLoadPackage: ");
// 在类初始化后主动调用
XposedHelpers.findAndHookMethod("com.ctf.backdoor.MainActivity",
loadPackageParam.classLoader,
"ooxx",
String.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// 主动调用native方法
String result = (String) XposedHelpers.callStaticMethod(
param.method.getDeclaringClass(),
"ooxx",
"DWFmBkwae2inas+nZvG+Pg==" // 替换为实际要传入的字符串
);
Log.d("xposed", "主动调用结果: " + result);
XposedBridge.log("主动调用返回值: " + result);
}
});
}
}
在启动模块然后运行
去loagcat就ok了!
