Xposed API使用大全

hybpjx Lv4
  2024-12-08 22:49:41 2024-12-08 22:49:41 创建   2024-12-08 22:49:42 2024-12-08 22:49:42 更新  763 字  4 分钟  

Xposed常用HOOK方法

不讲废话

hook修改静态方法

1
2
3
XposedHelpers.setBooleanField("对象", "名称", false);
XposedHelpers.setIntField("对象", "名称", 1);
XposedHelpers.setObjectField("对象", "名称", "值");

hook 构造函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookConstructor(clazz, new XC_MethodHook() {
   @Override
   protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
      super.beforeHookedMethod(param);
   }
});
XposedHelpers.findAndHookConstructor(clazz, String.class, new XC_MethodHook() {
   @Override
   protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
      super.beforeHookedMethod(param);
   }
});

hook 普通方法

1
2
3
4
5
6
7
8
9
10
11
12
13
// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        super.beforeHookedMethod(param);
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        super.afterHookedMethod(param);
    }
});

hook 复杂函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
// 找到类名方法
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名",
        String[][].class,
        String.class,
        Map.class,
        ArrayList.class,
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
            }
        }
);

或者

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
// 找到类名方法
 
XposedHelpers.findAndHookMethod(clazz, "方法名",
        "[[Ljava.lang.String",
        "java.lang.String",
        Class.forName("java.utils.Map"),
        Class.forName("java.util.ArrayList"),
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }

            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
            }
        }
);

hook 自定义类参数

获取类的方式

  1. 类名.class
  2. 对象.getClass()
  3. class.forName()
  4. xposedHelpers.findClass(“”,””)
  5. new DexClassLoader(“”,””,””,””).loadClass() .// 加载类 用于脱壳加固
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
// 类名.class  对象.getClass()  class.forName()  xposedHelpers.findClass("","")
Class<?> JiaZaiClazz = lpparam.classLoader.loadClass("xxxx.xxx.xxx.类名");
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", 
        "[[Ljava.lang.String",
        "java.lang.String",
        JiaZaiClazz,// 加载的自定义类
        Class.forName("java.utils.Map"),
        Class.forName("java.util.ArrayList"),
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                super.beforeHookedMethod(param);
            }
        }
);

或者用上面的前四种的方法。

简单示例

1
2
3
4
Class<?> JiaZaiClazz = Class.forName("xxxx.xxx.xxx.类名", // 路径类名
                                     false,// 是否初始化,一般都是false
                                     lpparam.classLoader// 这个意思是用哪个加载器加载这个类
                                    );
1
Class<?> JiaZaiClazz = XposedHelpers.findClass("xxxx.xxx.xxx.类名","lpparam.classLoader");

还有一种特殊的

1
"xxxx.xxx.xxx.类名" // 直接输入即可

hook 替换函数

即改掉整个函数,不在提前或者之后hook

1
2
3
4
5
6
7
8
Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(clazz, "方法名", new XC_MethodReplacement() {
    @Override
    protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
        Log.d(TAG, "替换的函数输出");
        return null;
    }
});

hook内部类

1
2
3
4
5
6
7
8
9
10
XposedHelpers.findAndHookMethod(XposedHelpers.findClass("xxx.xxx.xxx.类名$内部类名", lpparam.classLoader),
                "内部类的方法名",
                String.class,
                new XC_MethodHook() {
                    @Override
                    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                        super.beforeHookedMethod(param);
                    }
                }
        );

主动调用

1
2
3
4
5
6
7
8
9
10
11
12
final Class<?> clazz = XposedHelpers.findClass("xxx.xxx.类名", lpparam.classLoader);
XposedHelpers.findAndHookMethod(XposedHelpers.findClass("xxx.xxx.xxx.类名$内部类名", lpparam.classLoader),
        "内部类的方法名",
        String.class,
        new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                XposedHelpers.callMethod(clazz.newInstance(),"具体方法","值");
                super.beforeHookedMethod(param);
            }
        }
);

Java 反射大法

  • 标题: Xposed API使用大全
  • 作者: hybpjx
  • 创建于 : 2024-12-08 22:49:41
  • 更新于 : 2024-12-08 22:49:42
  • 链接: http://hybpjx.github.io/2024/12/08/Xposed-API使用大全/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论
此页目录
Xposed API使用大全
  1. 1. Xposed常用HOOK方法
  2. 2. hook修改静态方法
  3. 3. hook 构造函数
  4. 4. hook 普通方法
  5. 5. hook 复杂函数
  6. 6. hook 自定义类参数
  7. 7. hook 替换函数
  8. 8. hook内部类
  9. 9. 主动调用
  10. 10. Java 反射大法