Xposed Hook & Anti-hook
Posted gm-201705
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Xposed Hook & Anti-hook相关的知识,希望对你有一定的参考价值。
一点简单记录。
xposed原理包括将hook的method转为Native。因此可检测如下:
for (ApplicationInfo applicationInfo : applicationInfoList) { if (applicationInfo.processName.equals("com.example.hookdetection")) { Set classes = new HashSet(); DexFile dex; try { dex = new DexFile(applicationInfo.sourceDir); Enumeration entries = dex.entries(); while(entries.hasMoreElements()) { String entry = entries.nextElement(); classes.add(entry); } dex.close(); } catch (IOException e) { Log.e("HookDetection", e.toString()); } for(String className : classes) { if(className.startsWith("com.example.hookdetection")) { try { Class clazz = HookDetection.class.forName(className); for(Method method : clazz.getDeclaredMethods()) { if(Modifier.isNative(method.getModifiers())){ Log.wtf("HookDetection", "Native function found (could be hooked by Substrate or Xposed): "
+ clazz.getCanonicalName() + "->" + method.getName()); } } } catch(ClassNotFoundException e) { Log.wtf("HookDetection", e.toString()); } } } } }
所有xposed插件中,Hook isNative. 由于Hook在先,调用在后,可绕过。
以上是关于Xposed Hook & Anti-hook的主要内容,如果未能解决你的问题,请参考以下文章
Android检测获取MAC权限--基于Xposed的方法检测