[移动开发]Xpose_HOOK入门教程

开发工具:AndroidStudio maven VirtualXposed

?一.新建Hook项目

二、配置HOOK环境

引入xposed

?compileOnly 'de.robv.android.xposed:api:82'

compileOnly 'de.robv.android.xposed:api:82:sources'

下面来配置清单文件??(配置AndroidManifest.xml)
? ?? ?? ???配置如下图

<!-- 应用为模块 -->
<meta-data
    android:name="xposedmodule"
    android:value="true" /> <!-- 版本信息 -->
<meta-data
    android:name="xposedminversion"
    android:value="53" /> <!-- 模块描述 -->
<meta-data
    android:name="xposeddescription"
    android:value="淘宝抓包" />

三.编写hook代码

创建HookMain类，实现IXposedHookLoadPackage这个接口

源码如下：

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class HookMain implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {

        if(lpparam.packageName.contains("com.taobao")){  //抓包的包名
            //XposedUtil.checkXposed(lpparam);
            XposedHelpers.findAndHookMethod(XposedHelpers.findClassIfExists("mtopsdk.mtop.global.SwitchConfig",   //抓包的类名
                    lpparam.classLoader), "isGlobalSpdySwitchOpen",//抓包的方法名
                    new XC_MethodHook() {
                        protected void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable {
                            super.afterHookedMethod(methodHookParam);
                            XposedBridge.log("--------开始抓包----------");
                            methodHookParam.setResult(Boolean.valueOf(false));
                        }
                    });
        }
    }
}

?之后将该插件和要抓包的APP安装到VirtualXposed,就可以HOOK到

补充：获取参数说明

 XposedHelpers.findAndHookMethod(
                //要 hook 的类，很明显是 MainActivity
                "com.sddz.logint.MainActivity",
                //类加载器
                lpparam.classLoader,
                //要 hook 方法的名称
                "toastMessage",
                //参数类型
                String.class,
                //参数类型
                String.class,
                new XC_MethodHook() {
                    //在方法运行之前 hook 可在运行之前改变参数的值从而影响运行结果,得不到返回值
                    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {

                    }

                    //在方法运行之后 hook 可以得到返回值 这里我们在运行之后就可以了 因为我们需要拿到返回值
                    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                        //参数 1 的值
                        XposedBridge.log("whj userName:" + param.args[0]);

                        //参数 2 的值
                        XposedBridge.log("whj password:" + param.args[1]);

                        //返回值
                        XposedBridge.log("whj Login:" + param.getResult());

                        param.setResult("你已被劫持");//修改值

                        //获取私有属性 name 的值
                        XposedBridge.log("whj name:" + XposedHelpers.getObjectField(param.thisObject, "name")
                        );
                    }
                });