popsky's blog
天天开心^_^

Xpoded 开发

10 11月
作者:popsky|分类:逆向

1:修改静态变量内容.

        //包名+类名
        Class<?> clazz = XposedHelpers.findClass("com.popsky.demo",loadPackageParam.classLoader);
        //MyInt为静态变量名,整形
        XposedHelpers.setStaticIntField(clazz,"MyInt",10000);
        //设置字符串
        XposedHelpers.setStaticObjectField(clazz,"MyStr","Popsky");

2:Hook构造函数,构造函数分了两个,一个是无参数构造函数,还有一个是有参数String构造函数

//Hook无参构造函数
XposedHelpers.findAndHookConstructor(clazz, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        //HOOK前执行
        Log.d("DEMO","这个是无参数构造函数Hook执行前");
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        Log.d("DEMO","这个是无参数构造函数Hook执行后");
    }
});

//Hook有参构造函数(参数类型是一个String,无论参数是什么,后面加个.class即可)
XposedHelpers.findAndHookConstructor(clazz, String.class, new XC_MethodHook() {
    @Override
    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
        Log.d("DEMO",String.valueOf(param.args[0])); //打印传递进来的第0号参数
    }

    @Override
    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
        Log.d("DEMO","这个是有参数构造函数Hook执行后");
    }
});


3:HOOK普通方法

        //HOOK普通方法
        XposedHelpers.findAndHookMethod(clazz, "FangFaMing", String.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                Log.d("DEMO",String.valueOf(param.args[0])); //打印传递进来的第0号参数
            }
            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                Log.d("DEMO","Hook普通方法执行后!");
            }
        });


4:参数带有自定义类

        //参数带有自定义类(支持抽象类)
        //Class aniClass = loadPackageParam.classLoader.loadClass("com.DEMO.ani"); //第一种写法
        //Class aniClass = XposedHelpers.findClass("com.DEMO.ani",loadPackageParam.classLoader); //第二种写法
        Class aniClass = Class.forName("com.DEMO.ani",false,loadPackageParam.classLoader); //第三种写法
        //方法名为Inner
        //第四种写法,aniClass处直接写上"com.DEMO.ani"
        XposedHelpers.findAndHookMethod(clazz, "Inner", aniClass, String.class, new XC_MethodHook() {
            @Override
            protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                Log.d("DEMO","Hook自定义类参数!");
            }
        });

5:替换方法执行

        //替换方法执行
        XposedHelpers.findAndHookMethod(clazz, "FangFaMing", String.class, new XC_MethodReplacement() {
            @Override
            protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
                new Throwable().printStackTrace();
                XposedHelpers.callMethod(clazz.newInstance(),"Fangfa1"); //需要实例化
                XposedHelpers.callStaticMethod(clazz,"FangFa2");
                return null;
            }
        });

6:获取内部类,匿名内,父类后面加上$,例如"DEMO$ZI"

7:主动调用方法。(主动调用方法时,不分私有公有,只分静态和动态)

                XposedHelpers.callMethod(clazz.newInstance(),"Fangfa1"); //需要实例化
                XposedHelpers.callStaticMethod(clazz,"FangFa2");

8:打印栈

    StringWriter out = new StringWriter();
    new Throwable().printStackTrace(new PrintWriter(out));
    String description = out.toString();


浏览54k 评论26421
返回
目录 返回
首页
动态绑定事件 Delphi 随机指定长度字节

发表评论

  • 评论列表