Android Studio編寫Xposed模塊

要Hook的App

 

1.新建安卓工程

 

2. 打開AndroidManifest,加入以下配置

 

<!-- 添加標識 -->
<meta-data android:name="xposedmodule" android:value="true"/>
<!-- 載入Hook模塊之後顯示的信息 -->
<meta-data android:name="xposeddescription" android:value="Xposed Proxy For HOOK"/>
<!-- 規定jar包的版本信息 -->
<meta-data android:name="xposedminversion" android:value="54"/>

3.導入 XposedBridgeApi-54.jar 包

(1) 將XposedBridgeApi-54.jar拷貝到libs目錄下

(2) 引入libs下的jar包必須使用compileOnly,否則程序安裝後,XPosed無法正常執行Hook操作

 

4.新建Hook操作類,MyModule

package com.example.xptest3;


import android.widget.EditText;

import java.lang.reflect.Field;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class MyModule implements IXposedHookLoadPackage {

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpp) throws Throwable {
        if (lpp.packageName.equals("com.qianyu.textactivity")) {
            XposedHelpers.findAndHookMethod("com.qianyu.textactivity.MainActivity", lpp.classLoader,
                    "login", String.class, String.class, new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            XposedBridge.log("賬號：" + param.args[0]);
                            XposedBridge.log("密碼：" + param.args[1]);
                            //打印堆棧查看調用關係
                            StackTraceElement[] wodelogs = new Throwable("wodelog").getStackTrace();
                            for (int i = 0; i < wodelogs.length; i++) {
                                XposedBridge.log("查看堆棧：" + wodelogs[i].toString());
                            }
                        }

                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            //獲取類
                            Class<?> clazz = param.thisObject.getClass();
                            XposedBridge.log("要hook的方法所在的類：" + clazz.getName());
                            // 輸入框不爲私有private可通過以下方式獲取
                            //Field field = clazz.getField("ed_pwd");

                            // 通過類的字節碼得到該類中聲明的所有屬性，無論私有或公有
                            Field field = clazz.getDeclaredField("ed_pwd");
                            // 設置訪問權限
                            field.setAccessible(true);
                            EditText pwd = (EditText) field.get(param.thisObject);
                            String str = pwd.getText().toString();
                            XposedBridge.log("劫持到的密碼：" + str);
                            pwd.setText("123456");
                        }
                    });
        }
    }
}

5.新建Assets目錄,創建xposed_init文件,內容爲MyModule包位置

(1) 

 (2)

(3) 

6.編譯運行安卓到手機後,激活重啓模擬器或手機

 

 7.重啓後確認模塊已勾選,清除一下日誌,打開我們要hook的app

 

 

 8.

(1) 

 (2)選擇重新載入

(3) 

完成