要Hook的App
1.新建安卓工程
2. 打開AndroidManifest,加入以下配置
<!-- 添加標識 -->
<meta-data android:name="xposedmodule" android:value="true"/>
<!-- 載入Hook模塊之後顯示的信息 -->
<meta-data android:name="xposeddescription" android:value="Xposed Proxy For HOOK"/>
<!-- 規定jar包的版本信息 -->
<meta-data android:name="xposedminversion" android:value="54"/>
3.導入 XposedBridgeApi-54.jar 包
(1) 將XposedBridgeApi-54.jar拷貝到libs目錄下
(2) 引入libs下的jar包必須使用compileOnly,否則程序安裝後,XPosed無法正常執行Hook操作
4.新建Hook操作類,MyModule
package com.example.xptest3;
import android.widget.EditText;
import java.lang.reflect.Field;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class MyModule implements IXposedHookLoadPackage {
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpp) throws Throwable {
if (lpp.packageName.equals("com.qianyu.textactivity")) {
XposedHelpers.findAndHookMethod("com.qianyu.textactivity.MainActivity", lpp.classLoader,
"login", String.class, String.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("賬號:" + param.args[0]);
XposedBridge.log("密碼:" + param.args[1]);
//打印堆棧查看調用關係
StackTraceElement[] wodelogs = new Throwable("wodelog").getStackTrace();
for (int i = 0; i < wodelogs.length; i++) {
XposedBridge.log("查看堆棧:" + wodelogs[i].toString());
}
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
//獲取類
Class<?> clazz = param.thisObject.getClass();
XposedBridge.log("要hook的方法所在的類:" + clazz.getName());
// 輸入框不爲私有private可通過以下方式獲取
//Field field = clazz.getField("ed_pwd");
// 通過類的字節碼得到該類中聲明的所有屬性,無論私有或公有
Field field = clazz.getDeclaredField("ed_pwd");
// 設置訪問權限
field.setAccessible(true);
EditText pwd = (EditText) field.get(param.thisObject);
String str = pwd.getText().toString();
XposedBridge.log("劫持到的密碼:" + str);
pwd.setText("123456");
}
});
}
}
}
5.新建Assets目錄,創建xposed_init文件,內容爲MyModule包位置
(1)
(2)
(3)
6.編譯運行安卓到手機後,激活重啓模擬器或手機
7.重啓後確認模塊已勾選,清除一下日誌,打開我們要hook的app
8.
(1)
(2)選擇重新載入
(3)
完成