Some time ago made a in-game purchase xposed plug-in, but the current game parts are shell, and the latest game Payment SDK is also encrypted, so it is embarrassing
So to the Internet search for the next: see "non-worm" greatly in the snow on the hair of the part of the code how hook 360 reinforcement application: The original post seems to have been deleted, find some code on the Internet
Link Address: http://www.jianshu.com/p/0d74461ea199
Approximate principle: Get the shell of the classloader and then according to the classloader of the shell to get the corresponding class and then in the hook
if (LoadPackageParam.packageName.equals ("Com.package.name")) {Xposedhelpers.findandhookmethod (" Com.qihoo.util.StubAppxxxxxxxx ", Loadpackageparam.classloader," Getnewappinstance ", Context.class, New Xc_metho Dhook () {@Override protected void Afterhookedmethod (Methodhookparam param) throws Throwable {Super.afterhookedmethod (param); Context context = (context) param.args[0]; ClassLoader ClassLoader =context.getclassloader (); Xposedhelpers.findandhookmethod ("Com.amap.api.location.AMapLocation", ClassLoader, "Getlongitude", New xc_ Methodhook () {@Override protected void Afterhookedmethod (Methodhookparam par AM) throws Throwable {Super.afterhookedmethod (param); Param.setresult (123.123123); } }); Xposedhelpers.findaNdhookmethod ("Com.amap.api.location.AMapLocation", ClassLoader, "Getlatitude", new Xc_methodhook () { @Override protected void Afterhookedmethod (Methodhookparam param) throws Throwable { Super.afterhookedmethod (param); Param.setresult (33.333333); } }); } });}
According to this principle view Xposed source code Xposedhelpers.findandhookmethod method
public static Unhook Findandhookmethod (String className, ClassLoader ClassLoader, String methodName, Object ...) Parametertypesandcallback) { return Findandhookmethod (findclass (className, ClassLoader), MethodName, parametertypesandcallback); }In view: where the Findclass method
public static class<?> Findclass (String className, ClassLoader ClassLoader) { if (ClassLoader = = null) { ClassLoader = Xposedbridge.bootclassloader; } try { classutils.getclass (ClassLoader, ClassName, false); } catch (ClassNotFoundException var3) { throw new Xposedhelpers.classnotfounderror (VAR3); } }That is, by loading class ClassLoader and then by Hook, the idea is to
Hook when class is loaded
For ruggedized applications xposed get ClassLoader not necessarily loaded into class
So according to the Android source code to load the class is Bootclassloader (created when the system starts), and the other is Pathclassloader (created when the application starts), so only to see Pathclassloader source
public class Pathclassloader extends Basedexclassloader
Keep looking at Basedexclassloader.
public class Basedexclassloader extends ClassLoader {private final dexpathlist pathList; /** * Constructs an instance. * * @param dexpath the list of jar/apk files containing classes and * resources, delimited by {@code File.pathsepa Rator}, which * defaults to {@code ":"} on Android * @param optimizeddirectory directory where optimized Dex files * should be written; May is {@code null} * @param librarypath the list of directories containing native * libraries, delimited by {@cod e file.pathseparator}; May be * {@code null} * @param parent the parent class loader */Public Basedexclassloader (String Dexpath, File optimizeddirectory, String LibraryPath, ClassLoader parent) {super (parent); This.pathlist = new Dexpathlist (this, Dexpath, LibraryPath, optimizeddirectory); } @Override protected class<?>Findclass (String name)Throws ClassNotFoundException {list<throwable> suppressedexceptions = new arraylist<throwable> (); Class C = pathlist.findclass (name, suppressedexceptions); if (c = = null) {classnotfoundexception CNFE = new ClassNotFoundException ("didn ' t find class \" "+ name +" \ "O N Path: "+ pathList); for (Throwable t:suppressedexceptions) {cnfe.addsuppressed (t); } throw Cnfe; } return C; }//......}
So the analysis goes on:
Getting: Basedexclassloader.findclass (String name)
----->dexpathlist.findclass (String name, list<throwable> suppressed)
----->dexfile.loadclassbinaryname (String name, ClassLoader loader, list<throwable> suppressed)
---->dexfile.defineclass (String name, ClassLoader loader, Object cookie,list<throwable> suppressed)
---->defineclassnative (name, loader, cookie);
Defineclassnative (name, loader, cookie); method for native method xposed Unable to hook
Finally, if you want to hook up when the class is loaded, then it will be in Dexfile.defineclass (String name, ClassLoader loader, Object cookie,list<throwable> Suppressed) This method on the fuss:
Use the Xposed hook Dalvik.system.DexFile.defineClass method and then filter in the post-hook method to get the desired class
public void Hookdefineclass () {try {/*get dexfile class*/Class clazz = Loadpackagepara M.classloader.loadclass ("Dalvik.system.DexFile"); Method[] methods = Clazz.getdeclaredmethods (); for (int i = 0; i < methods.length; i++) {String name = Methods[i].getname (); if (Name.equalsignorecase ("DefineClass")) {Hookhelper.hookmethod (methods[i], new Methodhookcallback () {@Override public void Beforehookedmethod (Hookparam param) throws Ioexcepti On, ClassNotFoundException {} @Override public void Afterhookedmethod (Hookparam param) throws IOException, ClassNotFoundException, Nosuchfieldexception, Illegalaccessexception, jsonexception {//classnamestring ClassName = (String) param.args[0];; if (Classname.equalsignorecase ("xxxx")) {//here do somethinG//get Class Class Clazz = (Class) param.getresult (); Do something want Xposedhelpers.findandhookmethod (class<?> clazz, String methodName, Object ... Parametertyp Esandcallback)}}); }}} catch (ClassNotFoundException e) {e.printstacktrace (); } }
An example (due to the use of your own encapsulated xposed method):
Unicompay.java (Unicom Payment SDK)
Package Com.xiaobai.viptools.xposedpay;import Com.xiaobai.viptools.impl.payorderhook;import Com.xiaobai.viptools.xposed.hookparam;import Com.xiaobai.viptools.xposed.methodhookcallback;import Java.io.ioexception;import Java.lang.reflect.method;import De.robv.android.xposed.xposedbridge;import de.robv.android.xposed.callbacks.xc_loadpackage;/** * * Created by Xiaobai on 2017/2/3. */public class Unicompay implements Payorderhook {private Xc_loadpackage.loadpackageparam lpparam; Public Unicompay (Xc_loadpackage.loadpackageparam loadpackageparam) {this.lpparam = Loadpackageparam; } @Override public void Hookpay (Class clazz) throws ClassNotFoundException {method[] Methods=clazz.getmethod S (); for (int i = 0; I <methods.length; i++) {String name=methods[i].getname (); if (Name.equalsignorecase ("pay")) {Method paymethod=methods[i]; Hookpaymethond (Paymethod); }}} private void HOokpaymethond (method) {Hookhelper.hookmethod (method, new Methodhookcallback () {@Override public void Beforehookedmethod (Hookparam param) throws IOException {XposedBridge.log ("Paymethod arg si Ze: "+param.args.length); Class clazz= Param.args[param.args.length-1].getclass (); Hookpayresult (Clazz); } @Override public void Afterhookedmethod (Hookparam param) throws IOException, Classnotfoundexceptio N, Nosuchfieldexception, illegalaccessexception {}}); } private void Hookpayresult (Class clazz) {method[] methods=clazz.getmethods (); for (int i = 0; i < methods.length; i++) {if (Methods[i].getname (). Equalsignorecase ("Payresult")) { Hookhelper.hookmethod (Methods[i], new Methodhookcallback () {@Override public void Beforehookedmethod (Hookparam param) throws IOException { XposedBridge.log ("Arg[1]:code" +param.args[1]); Param.args[1]=1; XposedBridge.log ("Payhook success"); } @Override public void Afterhookedmethod (Hookparam param) throws IOException, Class Notfoundexception, Nosuchfieldexception, illegalaccessexception {}}); } } }}
Hookpaymethod.java
Package Com.xiaobai.viptools.xposedmodule;import Android.content.context;import Com.xiaobai.viptools.helper.jsonhelper;import Com.xiaobai.viptools.impl.hookhelperinterface;import Com.xiaobai.viptools.util.contextholder;import Com.xiaobai.viptools.xposed.hookhelperfacktory;import Com.xiaobai.viptools.xposed.hookparam;import Com.xiaobai.viptools.xposed.methodhookcallback;import de.robv.android.xposed.callbacks.xc_loadpackage;/** * Created by Xiaobai on 2017/2/3. */public class Hookpaymethod {private Xc_loadpackage.loadpackageparam loadpackageparam; Private Hookhelperinterface Hookhelper = Hookhelperfacktory.gethookhelper (); Public Hookpaymethod (Xc_loadpackage.loadpackageparam loadpackageparam) {this.loadpackageparam = LoadPackageParam; }/* For Packers app Hook defineclass filter app*/public void Hookdefineclass () {try {* * get dexfile class*/ Class clazz = LoadPackageParam.classLoader.loadClass ("Dalvik.system.DexFile"); Method[] Methods = clazz.getdeclaredmethods (); for (int i = 0; i < methods.length; i++) {String name = Methods[i].getname (); if (Name.equalsignorecase ("DefineClass")) {Hookhelper.hookmethod (methods[i], new Methodhookcallback () {@Override public void Beforehookedmethod (Hookparam param) throws Ioexcepti On, ClassNotFoundException {} @Override public void Afterhookedmethod (Hookparam param) throws IOException, ClassNotFoundException, Nosuchfieldexception, Illegalaccessexception, jsonexception {selectpaymethod (param); } }); }}} catch (ClassNotFoundException e) {e.printstacktrace (); }} private void Selectpaymethoddebug (Hookparam param) throws classnotfoundexception {String ClassName = (St Ring) Param.args[0]; System.out.println (ClassName); if (Unicompay && classname.equalsignorecase ("Com.unicom.dcLoader.Utils")) {Class Payclass = (Class) PA Ram.getresult (); Unicompay Unicompay = new Unicompay (Loadpackageparam); Unicompay.hookpay (Payclass); } }}
OK: Have any questions contact: [Email protected]
How to xposed hook with "shell" app
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
