这是一个创建于 563 天前的主题,其中的信息可能已经有所发展或是发生改变。
public class HookInit implements IXposedHookLoadPackage { @Override public void handleLoadPackage ( final XC_LoadPackageLoadPackageParam lpparam ) throws Throwable { XposedHelpers.findAndHookMethod ( "android.app.ContextImpl", lpparam.classLoader, "checkCallingOrSelfPermission", String.class, new XC_MethodReplacement ( ){ @Override protected Object replaceHookedMethod ( XC_MethodHook.MethodHookParam p1 ) throws Throwable { int i=0; return i; } } ); XposedHelpers.findAndHookMethod ( "android.app.Application", lpparam.classLoader, "attach", Context.class, new XC_MethodHook ( ){ @Override protected void afterHookedMethod ( MethodHookParam param ) throws Throwable { Class <?>wmg=XposedHelpers.findClass ( "android.view.WindowManagerGlobal", lpparam.classLoader ); final Object wm=XposedHelpers.callStaticMethod ( wmg, "getWindowManagerService" ); Method setForcedDisplayDensityForUser=XposedHelpers.findMethodBestMatch ( wm.getClass ( ), "setForcedDisplayDensityForUser", int.class, int.class, int.class ); setForcedDisplayDensityForUser.invoke ( wm, 160, Display.DEFAULT_DISPLAY, AndroidAppHelper.currentApplicationInfo ( ).uid ); } } ); } } 目的是想通过 WindowManagerGlobal 获取 WindowManagerService ,然后调用 setForcedDisplayDensityForUser 方法,因为这个方法会用 checkCallingOrSelfPermission 方法检查是否有权限,所以我修改了他的返回值为 0 。 setForcedDisplayDensityForUser 的源码:
@Override public void setForcedDisplayDensityForUser(int displayId, int density, int userId) { if (mContext.checkCallingOrSelfPermission( android.Manifest.permission.WRITE_SECURE_SETTINGS) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Must hold permission " + android.Manifest.permission.WRITE_SECURE_SETTINGS); 但这样修改后还是抛出异常"Must hold permission…" 大佬们有没有什么建议
14 条回复 2024-06-26 10:11:48 +08:00
 | 1 gzldc 2024-06-17 13:45:52 +08:00 试试 gp_t |
 | 2 ColoThor 2024-06-17 15:09:31 +08:00 试试我的方法,在 initZygote 方法内添加代码 ```language AndroidActivityManagerHook.getInstance().start(); ``` AndroidActivityManagerHook 类,把其中的 xxx.xxx.xxx.xxx,替换为实际的引用包名 ```language public class AndroidActivityManagerHook { public static String TAG = AndroidActivityManagerHook.class.getSimpleName(); public static AndroidActivityManagerHook getInstance() { return InstanceUtils.instance; } private AndroidActivityManagerHook() { } private static class InstanceUtils { private static final AndroidActivityManagerHook instance = new AndroidActivityManagerHook(); } public void start() { hookActivityManager(null); } private void hookActivityManager(ClassLoader classLoader) { try { String activityManagerClassName = "android.app.ActivityManager"; Class activityManagerClass = XposedHelpers.findClassIfExists(activityManagerClassName, classLoader); if (activityManagerClass != null) { XposedBridge.hookAllMethods(activityManagerClass, "checkComponentPermission", new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { super.beforeHookedMethod(param); try { String permission = (String) param.args[0]; if (TextUtils.isEmpty(permission)) { return; } if (!Manifest.permission.WRITE_SECURE_SETTINGS.equals(permission)) { return; } int uid = (int) param.args[1]; if (uid == 0) { return; } Context cOntext= AndroidAppHelper.currentApplication().getApplicationContext(); if (cOntext== null) { return; } String packageName = context.getPackageManager().getNameForUid(uid); if ("xxx.xxx.xxx.xxx".equals(packageName)) { param.setResult(PackageManager.PERMISSION_GRANTED); Log.w(TAG, "access " + permission + " to " + packageName); } } catch (Exception e) { e.printStackTrace(); Log.e(TAG, param.method.getName() + " error\n" + Log.getStackTraceString(e)); } } }); } else { Log.e(TAG, "class not find: " + activityManagerClassName); } } catch (Exception e) { Log.e(TAG, "hookActivityManager error:\n" + Log.getStackTraceString(e)); } } } ``` 最后别忘了添加作用域 系统框架 |
 | 5 eyeshuaji OP 来个大佬提点建议啊 |
 | 6 Nitsuya 2024-06-19 11:49:27 +08:00 不知道你的需求是怎样的, 代码看上去是改默认屏幕的 dpi, 按理说应该注入 System Server. 孵化应用的时候, 判断包名, 修改全局 Dpi. |
| 8 Nitsuya 2024-06-19 18:20:29 +08:00 @eyeshuaji 1.如果你只想全局修改 开发者模式里面直接改. 2.如果你想 打开某应用触发影响全局 dpi, 注入域 [android] 系统框架, 然后去看 aosp 应用启动流程,卡在 call 应用前调用. 3.如果只想改某个 app 的 dpi, github 去找项目. 不知道你的需求是怎样的. |
| 9 Nitsuya 2024-06-19 18:32:58 +08:00 针对你提出的问题, 我猜测你注入的是应用, 应用调用这类的 Api, 是 RPC 调用 system server 即 android(系统框架). 权限验证在 server 侧. 我想你可能大概不知道 域 跟 代码跑在哪个进程下的. |
Select Language