Xposed环境安装

一、Xposed 框架实现 Hook 的原理介绍

Zygote是Android的核心，每运行一个app，Zygote就会fork一个虚拟机实例来运行app，
Xposed Framework深入到了Android核心机制中，通过改造Zygote来实现一些很牛逼的
功能。Zygote的启动配置在init.rc 脚本中，由系统启动的时候开启此进程，对应的
执行文件是/system/bin/app_process，这个文件完成类库加载及一些函数调用的工作。
当系统中安装了Xposed Framework之后，会对app_process进行扩展，也就是说，Xposed
Framework 会拿自己实现的app_process覆盖掉Android原生提供的app_process文件，
当系统启动的时候，就会加载由 Xposed Framework 替换过的进程文件，并且，Xposed
Framework 还定义了一个 jar 包，系统启动的时候，也会加载这个包：
/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar

二、Xposed框架运行的条件

1.Rooted Device / Emulator （已root的手机或者模拟器）
2.Xposed Installer (Xposed安装程序下载)
3.Hooking Android App （要被Hook的目标 App）

三、安装过程

1. 推荐下载 Xposed3.1.5 版本，XposedInstaller_3.1.5.zip。

下载安装后，若科学上网可以直接激活，之前http改为https需要搭梯子。

2.离线激活方式：

https://dl-xda.xposed.info/framework/ 从该网址找到自己的手机API - sdk对应的版本（arm|x86）（32 | 64位）

eg: 雷电模拟器 4.0.43 版本 - 》（X86 api 25）

-> 下载25版本https://dl-xda.xposed.info/framework/sdk25

3.下载后将压缩包中的 system 解压到一个新建文件夹中，再将以下 script.sh shell脚本放置该文件中：

##########################################################################################
#
# Xposed framework installer zip.
#
# This script installs the Xposed framework files to the system partition.
# The Xposed Installer app is needed as well to manage the installed modules.
#
##########################################################################################grep_prop() {REGEX="s/^$1=//p"shiftFILES=$@if [ -z "$FILES" ]; thenFILES='/system/build.prop'ficat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
}android_version() {case $1 in15) echo '4.0 / SDK'$1;;16) echo '4.1 / SDK'$1;;17) echo '4.2 / SDK'$1;;18) echo '4.3 / SDK'$1;;19) echo '4.4 / SDK'$1;;21) echo '5.0 / SDK'$1;;22) echo '5.1 / SDK'$1;;23) echo '6.0 / SDK'$1;;24) echo '7.0 / SDK'$1;;25) echo '7.1 / SDK'$1;;26) echo '8.0 / SDK'$1;;27) echo '8.1 / SDK'$1;;*)  echo 'SDK'$1;;esac
}cp_perm() {cp -f $1 $2 || exit 1set_perm $2 $3 $4 $5 $6
}set_perm() {chown $2:$3 $1 || exit 1chmod $4 $1 || exit 1if [ "$5" ]; thenchcon $5 $1 2>/dev/nullelsechcon 'u:object_r:system_file:s0' $1 2>/dev/nullfi
}install_nobackup() {cp_perm ./$1 $1 $2 $3 $4 $5
}install_and_link() {TARGET=$1XPOSED="${1}_xposed"BACKUP="${1}_original"if [ ! -f ./$XPOSED ]; thenreturnficp_perm ./$XPOSED $XPOSED $2 $3 $4 $5if [ ! -f $BACKUP ]; thenmv $TARGET $BACKUP || exit 1ln -s $XPOSED $TARGET || exit 1chcon -h 'u:object_r:system_file:s0' $TARGET 2>/dev/nullfi
}install_overwrite() {TARGET=$1if [ ! -f ./$TARGET ]; thenreturnfiBACKUP="${1}.orig"NO_ORIG="${1}.no_orig"if [ ! -f $TARGET ]; thentouch $NO_ORIG || exit 1set_perm $NO_ORIG 0 0 600elif [ -f $BACKUP ]; thenrm -f $TARGETgzip $BACKUP || exit 1set_perm "${BACKUP}.gz" 0 0 600elif [ ! -f "${BACKUP}.gz" -a ! -f $NO_ORIG ]; thenmv $TARGET $BACKUP || exit 1gzip $BACKUP || exit 1set_perm "${BACKUP}.gz" 0 0 600ficp_perm ./$TARGET $TARGET $2 $3 $4 $5
}##########################################################################################echo "**************************"
echo "Xposed framework installer"
echo "**************************"if [ ! -f "system/xposed.prop" ]; thenecho "! Failed: Extracted file system/xposed.prop not found!"exit 1
fiecho "- Checking environment"
API=$(grep_prop ro.build.version.sdk)
APINAME=$(android_version $API)
ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
ABILONG=$(grep_prop ro.product.cpu.abi)XVERSION=$(grep_prop version system/xposed.prop)
XARCH=$(grep_prop arch system/xposed.prop)
XMINSDK=$(grep_prop minsdk system/xposed.prop)
XMAXSDK=$(grep_prop maxsdk system/xposed.prop)XEXPECTEDSDK=$(android_version $XMINSDK)
if [ "$XMINSDK" != "$XMAXSDK" ]; thenXEXPECTEDSDK=$XEXPECTEDSDK' - '$(android_version $XMAXSDK)
fiARCH=arm
IS64BIT=
if [ "$ABI" = "x86" ]; then ARCH=x86; fi;
if [ "$ABI2" = "x86" ]; then ARCH=x86; fi;
if [ "$API" -ge "21" ]; thenif [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=1; fi;if [ "$ABILONG" = "x86_64" ]; then ARCH=x86_64; IS64BIT=1; fi;
fi# echo "DBG [$API] [$ABI] [$ABI2] [$ABILONG] [$ARCH] [$XARCH] [$XMINSDK] [$XMAXSDK] [$XVERSION]"echo "  Xposed version: $XVERSION"XVALID=
if [ "$ARCH" = "$XARCH" ]; thenif [ "$API" -ge "$XMINSDK" ]; thenif [ "$API" -le "$XMAXSDK" ]; thenXVALID=1elseecho "! Wrong Android version: $APINAME"echo "! This file is for: $XEXPECTEDSDK"fielseecho "! Wrong Android version: $APINAME"echo "! This file is for: $XEXPECTEDSDK"fi
elseecho "! Wrong platform: $ARCH"echo "! This file is for: $XARCH"
fiif [ -z $XVALID ]; thenecho "! Please download the correct package"echo "! for your platform/ROM!"exit 1
fiecho "- Placing files"
install_nobackup /system/xposed.prop                      0    0 0644
install_nobackup /system/framework/XposedBridge.jar       0    0 0644install_and_link  /system/bin/app_process32               0 2000 0755 u:object_r:zygote_exec:s0
install_overwrite /system/bin/dex2oat                     0 2000 0755 u:object_r:dex2oat_exec:s0
install_overwrite /system/bin/oatdump                     0 2000 0755
install_overwrite /system/bin/patchoat                    0 2000 0755 u:object_r:dex2oat_exec:s0
install_overwrite /system/lib/libart.so                   0    0 0644
install_overwrite /system/lib/libart-compiler.so          0    0 0644
install_overwrite /system/lib/libsigchain.so              0    0 0644
install_nobackup  /system/lib/libxposed_art.so            0    0 0644
if [ $IS64BIT ]; theninstall_and_link  /system/bin/app_process64             0 2000 0755 u:object_r:zygote_exec:s0install_overwrite /system/lib64/libart.so               0    0 0644install_overwrite /system/lib64/libart-compiler.so      0    0 0644install_overwrite /system/lib64/libart-disassembler.so  0    0 0644install_overwrite /system/lib64/libsigchain.so          0    0 0644install_nobackup  /system/lib64/libxposed_art.so        0    0 0644
fimkdir -p /system/priv-app/XposedInstaller
chmod 0755 /system/priv-app/XposedInstaller
chcon -h u:object_r:system_file:s0 /system/priv-app/XposedInstaller
cp system/priv-app/XposedInstaller/XposedInstaller.apk /system/priv-app/XposedInstaller/XposedInstaller.apk
chmod 0644 /system/priv-app/XposedInstaller/XposedInstaller.apk
chcon -h u:object_r:system_file:s0 /system/priv-app/XposedInstaller/XposedInstaller.apkif [ "$API" -ge "22" ]; thenfind /system /vendor -type f -name '*.odex.gz' 2>/dev/null | while read f; do mv "$f" "$f.xposed"; done
fiecho "- Done"
exit 0

4.将该文件夹push进手机 system 中：

adb remountadb push 刚刚创建的文件夹 /systemadb shell chmod 777  文件夹名 chmod 777  文件夹名 /shell脚本chmod 777  文件夹名 /system

5.运行script.sh脚本：

chmod 777  script.sh ./script.sh

6.重新手机，再打开xposed框架，成功激活：