AndroidApplication利用Xposed框架进行HOOK

1、创建一个安卓工程在 AndroidManifest.xml文件中的application标签中添加

 <meta-data
            android:name="xposedmodule"
            android:value="true" />
        <meta-data
            android:name="xposeddescription"
            <!--说明-->
            android:value="冰白寒祭的第一个Xposed应用" />
        <meta-data
            android:name="xposedminversion"
            android:value="53"

标签

2、导入Xposed相关依赖,在app目录下的build.gradle中添加

直接导入jar(jar包可以自己编译)
compileOnly files('lib/api-82.jar')
或者添加gradle依赖，添加完注释掉源码，源码只是用来辅助
compileOnly 'de.robv.android.xposed:api:82'
compileOnly 'de.robv.android.xposed:api:82:sources'

3、创建一个类实现IXposedHookLoadPackage接口，实现handleLoadPackage方法，以下是破解es浏览器会员的类

package com.bingbaihanji.esviphook;

import android.app.Application;
import android.content.Context;
import android.util.Log;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

public class ESVipHook implements IXposedHookLoadPackage {

    Context context;

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        if (loadPackageParam.packageName.equals("com.estrongs.android.pop")) {
            Log.d("冰白寒祭", "成功打开ES");
            XposedHelpers.findAndHookMethod(Application.class, "attach", Context.class, new XC_MethodHook() {
                @Override
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    context = (Context) param.args[0];
                    ClassLoader classLoader = context.getClassLoader();
                    Class<?> vipClass = XposedHelpers.findClass("com.estrongs.android.pop.app.account.model.AccountInfo",
                            classLoader);
                    XposedHelpers.findAndHookMethod(vipClass, "getIsVip", new XC_MethodHook() {
                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                            param.setResult(true);
                            Log.d("冰白寒祭", "成功注入");
                        }
                    });
                }
            });
        }
    }
}

4、配置类的入口

在src下的main模块中右键新建一个Folder-->Assets Folder;

在新创建的assets目录下新创建一个名为xposed_init的文本文档，填入HOOK类的完整类名

com.bingbaihanji.esviphook.ESVipHook

5、XposedHelpers类中常用方法

findFieldIfExists:查找并返回一个存在的字段。类似于findField，但如果字段不存在，不会抛出异常

findFirstFieldByExactType:返回类中给定类型的第一个字段。对于Proguard'ed类来说，使用唯一类型标识字段可能很有用。

setObjectField:设置给定对象实例中对象字段的值

setBooleanField:设置给定对象实例中布尔字段的值

setByteField,setCharField,setDoubleField,setFloatField,setIntField,setLongField,setShortField等方法的功能类似

findAndHookConstructor HOOK构造方法

findAndHookMethodHook普通方法