Xposed Hook & Anti-hook

Posted gm-201705

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Xposed Hook & Anti-hook相关的知识,希望对你有一定的参考价值。

一点简单记录。

xposed原理包括将hook的method转为Native。因此可检测如下:

for (ApplicationInfo applicationInfo : applicationInfoList) {
    if (applicationInfo.processName.equals("com.example.hookdetection")) {        
        Set classes = new HashSet();
        DexFile dex;
        try {
            dex = new DexFile(applicationInfo.sourceDir);
            Enumeration entries = dex.entries();
            while(entries.hasMoreElements()) {
                String entry = entries.nextElement();
                classes.add(entry);
            }
            dex.close();
        } 
        catch (IOException e) {
            Log.e("HookDetection", e.toString());
        }
        for(String className : classes) {
            if(className.startsWith("com.example.hookdetection")) {
                try {
                    Class clazz = HookDetection.class.forName(className);
                    for(Method method : clazz.getDeclaredMethods()) {
                        if(Modifier.isNative(method.getModifiers())){
                            Log.wtf("HookDetection", "Native function found (could be hooked by Substrate or Xposed): " 
+ clazz.getCanonicalName() + "->" + method.getName()); } } } catch(ClassNotFoundException e) { Log.wtf("HookDetection", e.toString()); } } } } }

 

所有xposed插件中,Hook isNative. 由于Hook在先,调用在后,可绕过。



以上是关于Xposed Hook & Anti-hook的主要内容,如果未能解决你的问题,请参考以下文章

app被加固了,该怎么用xposed模块hook

Android检测获取MAC权限--基于Xposed的方法检测

Xposed框架与Drozer测试框架学习-Hook篇

Xposed MultiDex Hook

Android基础项目 Xposed HOOK MAC地址与详细的hook入门

Android基础项目 Xposed HOOK MAC地址与详细的hook入门