Android插件化之startActivity hook实现登录拦截

Android 26及以上:startActivity -> startActivityForResult -> mInstrumentation.execStartActivity -> ActivityManagerNative.getDefault().startActivity
Android 26以下:startActivity -> startActivityForResult -> mInstrumentation.execStartActivity -> ActivityManager.getService().startActivity

startActivity hook

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
public class AuthHookHelper {
private static AuthHookHelper mAuthHookHelper;
private Context context;

private AuthHookHelper(Context context) {
this.context = context;
}

public static AuthHookHelper getInstance(Context context) {
if (mAuthHookHelper == null) {
synchronized (AuthHookHelper.class) {
if (mAuthHookHelper == null) {
mAuthHookHelper = new AuthHookHelper(context.getApplicationContext());
}
}
}
return mAuthHookHelper;
}

public void hookAms() {
try {
Class<?> activityManagerClass;
Field iActivityManagerSingleton;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
activityManagerClass = Class.forName("android.app.ActivityManager");
iActivityManagerSingleton = activityManagerClass.getDeclaredField("IActivityManagerSingleton");
} else {
activityManagerClass = Class.forName("android.app.ActivityManagerNative");
iActivityManagerSingleton = activityManagerClass.getDeclaredField("gDefault");
}
iActivityManagerSingleton.setAccessible(true);
Object defaultValue = iActivityManagerSingleton.get(null);

Class<?> singletonClass = Class.forName("android.util.Singleton");
Field mInstance = singletonClass.getDeclaredField("mInstance");
mInstance.setAccessible(true);
Object iActivityManagerObject = mInstance.get(defaultValue);

Class<?> IActivityManager = Class.forName("android.app.IActivityManager");
Object proxy = Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(),
new Class[] {IActivityManager},
new AmsInvocationHandler(iActivityManagerObject));
mInstance.set(defaultValue, proxy);

} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (NoSuchFieldException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
}
}

class AmsInvocationHandler implements InvocationHandler {
private Object iActivityManagerObject;

public AmsInvocationHandler(Object iActivityManagerObject) {
this.iActivityManagerObject = iActivityManagerObject;
}

@Override
public Object invoke(Object proxy, Method method, Object[] args) throws InvocationTargetException, IllegalAccessException {
if ("startActivity".contains(method.getName())) {
Log.i("yezhou", "invoke: startActivity");
Intent intent = null;
int index = 0;
for (int i = 0; i < args.length; i++) {
Object arg = args[i];
if (arg instanceof Intent) {
intent = (Intent) args[i];
index = i;
break;
}
}
if (!Constants.inLogin) {
Intent proxyIntent = new Intent();
ComponentName componentName = new ComponentName(context, LoginActivity.class);
proxyIntent.setComponent(componentName);
proxyIntent.putExtra("extraIntent", intent.getComponent().getClassName());
args[index] = proxyIntent;
}
}
return method.invoke(iActivityManagerObject, args);
}
}

}

登录拦截测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
public class MainActivity extends AppCompatActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
AuthHookHelper.getInstance(this).hookAms();
}

public void firstActivity(View view) {
Intent intent = new Intent(this, FirstActivity.class);
startActivity(intent);
}
}
1
2
3
4
5
6
7
8
9
public class FirstActivity extends AppCompatActivity {

@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_first);
}

}
1
2
3
4
5
6
7
8
9
10
public class LoginActivity extends AppCompatActivity {

@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
Constants.inLogin = true;
}

}

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :