android root hook微信,[原创]如何使用FastHook免root Hook微信

private void bindApplicationNoCheck(String packageName, String processName, ConditionVariable lock) {

VDeviceInfo deviceInfo = getDeviceInfo();

if (processName == null) {

processName = packageName;

}

mTempLock = lock;

try {

setupUncaughtHandler();

} catch (Throwable e) {

e.printStackTrace();

}

try {

fixInstalledProviders();

} catch (Throwable e) {

e.printStackTrace();

}

mirror.android.os.Build.SERIAL.set(deviceInfo.serial);

mirror.android.os.Build.DEVICE.set(Build.DEVICE.replace(" ", "_"));

ActivityThread.mInitialApplication.set(

VirtualCore.mainThread(),

null

);

AppBindData data = new AppBindData();

InstalledAppInfo info = VirtualCore.get().getInstalledAppInfo(packageName, 0);

if (info == null) {

new Exception("App not exist!").printStackTrace();

Process.killProcess(0);

System.exit(0);

}

data.appInfo = VPackageManager.get().getApplicationInfo(packageName, 0, getUserId(vuid));

data.processName = processName;

data.providers = VPackageManager.get().queryContentProviders(processName, getVUid(), PackageManager.GET_META_DATA);

Log.i(TAG, "Binding application " + data.appInfo.packageName + " (" + data.processName + ")");

mBoundApplication = data;

VirtualRuntime.setupRuntime(data.processName, data.appInfo);

int targetSdkVersion = data.appInfo.targetSdkVersion;

if (targetSdkVersion 

StrictMode.ThreadPolicy newPolicy = new StrictMode.ThreadPolicy.Builder(StrictMode.getThreadPolicy()).permitNetwork().build();

StrictMode.setThreadPolicy(newPolicy);

}

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && targetSdkVersion 

mirror.android.os.Message.updateCheckRecycle.call(targetSdkVersion);

}

if (VASettings.ENABLE_IO_REDIRECT) {

startIOUniformer();

}

NativeEngine.launchEngine();

Object mainThread = VirtualCore.mainThread();

NativeEngine.startDexOverride();

Context context = createPackageContext(data.appInfo.packageName);

System.setProperty("java.io.tmpdir", context.getCacheDir().getAbsolutePath());

File codeCacheDir;

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {

codeCacheDir = context.getCodeCacheDir();

} else {

codeCacheDir = context.getCacheDir();

}

if (Build.VERSION.SDK_INT 

if (HardwareRenderer.setupDiskCache != null) {

HardwareRenderer.setupDiskCache.call(codeCacheDir);

}

} else {

if (ThreadedRenderer.setupDiskCache != null) {

ThreadedRenderer.setupDiskCache.call(codeCacheDir);

}

}

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {

if (RenderScriptCacheDir.setupDiskCache != null) {

RenderScriptCacheDir.setupDiskCache.call(codeCacheDir);

}

} else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {

if (RenderScript.setupDiskCache != null) {

RenderScript.setupDiskCache.call(codeCacheDir);

}

}

Object boundApp = fixBoundApp(mBoundApplication);

mBoundApplication.info = ContextImpl.mPackageInfo.get(context);

mirror.android.app.ActivityThread.AppBindData.info.set(boundApp, data.info);

VMRuntime.setTargetSdkVersion.call(VMRuntime.getRuntime.call(), data.appInfo.targetSdkVersion);

//进行Hook

try {

tryHook(processName,context.getClassLoader());

}catch (Exception e) {

e.printStackTrace();

}

Configuration configuration = context.getResources().getConfiguration();

Object compatInfo = CompatibilityInfo.ctor.newInstance(data.appInfo, configuration.screenLayout, configuration.smallestScreenWidthDp, false);

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {

if (Build.VERSION.SDK_INT 

DisplayAdjustments.setCompatibilityInfo.call(ContextImplKitkat.mDisplayAdjustments.get(context), compatInfo);

}

DisplayAdjustments.setCompatibilityInfo.call(LoadedApkKitkat.mDisplayAdjustments.get(mBoundApplication.info), compatInfo);

} else {

CompatibilityInfoHolder.set.call(LoadedApkICS.mCompatibilityInfo.get(mBoundApplication.info), compatInfo);

}

boolean conflict = SpecialComponentList.isConflictingInstrumentation(packageName);

if (!conflict) {

InvocationStubManager.getInstance().checkEnv(AppInstrumentation.class);

}

mInitialApplication = LoadedApk.makeApplication.call(data.info, false, null);

mirror.android.app.ActivityThread.mInitialApplication.set(mainThread, mInitialApplication);

ContextFixer.fixContext(mInitialApplication);

if (Build.VERSION.SDK_INT >= 24 && "com.tencent.mm:recovery".equals(processName)) {

fixWeChatRecovery(mInitialApplication);

}

if (data.providers != null) {

installContentProviders(mInitialApplication, data.providers);

}

if (lock != null) {

lock.open();

mTempLock = null;

}

VirtualCore.get().getComponentDelegate().beforeApplicationCreate(mInitialApplication);

try {

mInstrumentation.callApplicationOnCreate(mInitialApplication);

InvocationStubManager.getInstance().checkEnv(HCallbackStub.class);

if (conflict) {

InvocationStubManager.getInstance().checkEnv(AppInstrumentation.class);

}

Application createdApp = ActivityThread.mInitialApplication.get(mainThread);

if (createdApp != null) {

mInitialApplication = createdApp;

}

} catch (Exception e) {

if (!mInstrumentation.onException(mInitialApplication, e)) {

throw new RuntimeException(

"Unable to create application " + mInitialApplication.getClass().getName()

+ ": " + e.toString(), e);

}

}

VActivityManager.get().appDoneExecuting();

VirtualCore.get().getComponentDelegate().afterApplicationCreate(mInitialApplication);

}

//根据进程名获取Hook插件并Hook

private void tryHook(String process, ClassLoader apkClassLoader) {

String[] infos = VPackageManager.get().getInstalledHookPlugins(process);

if(infos != null) {

for(String info : infos) {

int size = info.charAt(0);

String pluginName = info.substring(1,1 + size);

String hookInfoName = info.substring(1 + size);

DexClassLoader hookClassLoader = new DexClassLoader(VEnvironment.getPackageResourcePath(pluginName).getAbsolutePath(),

VEnvironment.getDalvikCacheDirectory().getAbsolutePath(),

VEnvironment.getPackageLibPath(pluginName).getAbsolutePath(),

apkClassLoader);

FastHookManager.doHook(hookInfoName,hookClassLoader,apkClassLoader,hookClassLoader,hookClassLoader,false);

}

}

}