字节码插桩发生时机
首先需要编写gradle插件
- 直接在.gralde文件。可以在这个文件中 以脚本文件的方式 实现字节码插桩
- 使用buildSrc目录 或 创建java模块。可以使用这种 代码的方式 实现字节码插桩
ASM操作大致
实现目标
-
下面两种实现,都是对MainActivity中的setText方法进行插桩。将txt改成“修改后的内容”(即添加 txt="修改后的内容")
方式一:直接在.gralde文件进行插桩编写
-
原理: gradle构建时会经过各种语言编译成class文件,然后使用一个统一任务将class文件编译成各个dex文件。
-
字节码插桩实现基本流程
- 实现了插桩的gradle脚本文件。我对文件的命名为classinsert.gradle。所以是在app的build.gralde通过
apply from: 'classinsert.gradle'使用
import org.objectweb.asm.ClassReader
import org.objectweb.asm.ClassVisitor
import org.objectweb.asm.ClassWriter
import org.objectweb.asm.MethodVisitor
import org.objectweb.asm.Opcodes
import java.util.jar.JarEntry
import java.util.jar.JarFile
import java.util.jar.JarOutputStream
afterEvaluate {
android.getApplicationVariants().all {
variant ->
//获取当前是Debug还是Release
String name = variant.getName()
//将首字母大写
String capitalizeName = name.capitalize()
//获取class转成dex的Task
Task task = project.getTasks().findByName("dexBuilder" + capitalizeName)
//定义 task 运行之前的操作
System.out.println("定义 task 运行之前的操作")
if (task != null) {
task.doFirst {
System.out.println("获取输入的所有文件")
//获取输入的所有文件
Set<File> fileSet = task.getInputs().getFiles().getFiles()
//遍历所有文件
System.out.println("遍历所有文件")
for (File file : fileSet) {
String filePath = file.getAbsolutePath()
if (filePath.endsWith("jar")) { // jar或class
//System.out.println("处理jar文件")
//inteceptorJar(file)
} else {
System.out.println("处理class文件")
inteceptorClass(file)
}
}
}
}
}
}
//处理Class文件
static void inteceptorClass(File dir) {
if (dir.isDirectory()) {
System.out.println("class文件是目录")
List<File> classFileLsit = new ArrayList<>();
listAllFile(dir, classFileLsit);
for (File file : classFileLsit) {
String name = file.getName();
System.out.println("directoryInput:::" + name);
if (name.contains("MainActivity")) {
FileInputStream fileInputStream = null;
FileOutputStream fileOutputStream = null;
try {
fileInputStream = new FileInputStream(file);
byte[] bytes = inserData(fileInputStream);
//将修改写回文件
fileOutputStream = new FileOutputStream(file)
fileOutputStream.write(bytes);
fileOutputStream.flush()
} finally {
try {
if (fileInputStream != null)
fileInputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
try {
if (fileOutputStream != null)
fileOutputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
}
//处理jar包
static void inteceptorJar(File file) {
FileOutputStream fileOutputStream = null
JarOutputStream jarOutputStream = null
InputStream inputStream = null;
try {
//任务输出后,输出前的jar包 以 .bak 后缀存在
File bakJar = new File(file.getParent(), file.getName() + ".bak")
fileOutputStream = new FileOutputStream(bakJar)
jarOutputStream = new JarOutputStream(fileOutputStream)
JarFile jarFile = new JarFile(file)
Enumeration<JarEntry> entries = jarFile.entries()
while (entries.hasMoreElements()) {
JarEntry jarEntry = entries.nextElement()
inputStream = jarFile.getInputStream(jarEntry)
String className = jarEntry.getName()
if (className.endsWith(".class") && !className.contains("Application") && !isSystemClass(className)) {
byte[] bytes = read(inputStream)
//做处理
jarOutputStream.write(bytes)
} else { //不做处理
jarOutputStream.write(read(inputStream))
}
jarOutputStream.closeEntry()
}
} finally {
if (inputStream != null) {
inputStream.close()
}
if (jarOutputStream != null) {
jarOutputStream.close()
}
if (fileOutputStream != null) {
fileOutputStream.close()
}
}
}
//对byte[]进行ASM操作
static byte[] inserData(InputStream inputStream) throws IOException {
ClassReader cr = new ClassReader(inputStream)
ClassWriter cw = new ClassWriter(cr, 0)
ClassVisitor cv = new ClassVisitor(Opcodes.ASM4, cw) {
@Override
MethodVisitor visitMethod(int access, String name, String descriptor, String signature, String[] exceptions) {
MethodVisitor mv = super.visitMethod(access, name, descriptor, signature, exceptions)
if (name == "setText" && descriptor == "(Landroid/widget/TextView;Ljava/lang/String;)V") {
mv = new MethodVisitor(Opcodes.ASM4, mv) {
@Override
void visitCode() {
super.visitCode();
System.out.println("visitCode visitCode visitCode visitCode");
mv.visitLdcInsn("修改后的内容")
mv.visitVarInsn(Opcodes.ASTORE, 2);
}
}
}
return mv
}
}
cr.accept(cv, 0)
cw.toByteArray()
}
/*************************** 下面都是工具方法而已 ****************************/
//是否属于系统类
static boolean isSystemClass(String className) {
return className.startsWith("java/") || className.startsWith("javax/") || className.startsWith("android/") || className.startsWith("androidx/")
}
//将InputStream转成byte[]
static byte[] read(InputStream inputStream) {
if (inputStream == null) {
return new byte[0];
}
ByteArrayOutputStream byteArrayOutputStream = null;
try {
byteArrayOutputStream = new ByteArrayOutputStream();
int len;
byte[] buffer = new byte[4096];
while ((len = inputStream.read(buffer)) != -1) {
byteArrayOutputStream.write(buffer, 0, len);
}
return byteArrayOutputStream.toByteArray();
} catch (IOException e) {
e.printStackTrace();
} finally {
if (byteArrayOutputStream != null) {
try {
byteArrayOutputStream.close();
} catch (IOException e) {
e.printStackTrace();
byteArrayOutputStream = null;
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException e) {
e.printStackTrace();
inputStream = null;
}
}
}
return new byte[0];
}
//将目录dir内(包括子级目录)的所有的文件放入reslutList中。(是递归不能过深,不过文件应该没人能放那么深)
static void listAllFile(File dir, List<File> reslutList) {
if (dir == null) {
return;
}
if (!dir.isDirectory()) {
return
}
File[] fileArray = dir.listFiles();
for (File file : fileArray) {
if (file.isDirectory()) {
listAllFile(file, reslutList);
} else {
reslutList.add(file);
}
}
}
方式二:使用buildSrc目录 或 创建java模块,实现字节码插桩
-
由于使用buildSrc目录和创建java模块。编码上是一致的,所以使用buildSrc目录举例说明。
- build.gralde
repositories {
google()
jcenter()
}
dependencies {
// 由于代码中需要获取依赖中的AppExtension对象,所以下面要添加这个依赖
implementation 'com.android.tools.build:gradle:3.6.1'
}
tasks.withType(JavaCompile) {
options.encoding = 'UTF-8'
}
import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.plugins.ExtensionContainer;
public class PKPlugin implements Plugin<Project> {
@Override
public void apply(Project project) {
ExtensionContainer extensionContainer = project.getExtensions();
//获取谷歌提供的android配置项的Bean:AppExtension
AppExtension appExtension = (AppExtension) extensionContainer.getByName("android");
if (appExtension == null) {
System.out.println("AppExtension 为空");
return;
}
//注册了谷歌提供的监听class文件转成dex文件的方法。传入PKTransform去处理
appExtension.registerTransform(new PKTransform());
}
}
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.ClassWriter;
public class PKTransform extends Transform { // 注册 Transform
@Override
public String getName() { // 保证返回的唯一性就行,相当于ID
return "PK_CLASS_CODE_INSERT_PK";
}
@Override
public Set<QualifiedContent.ContentType> getInputTypes() { // 要接收的种类,只有CLASS和RESOURCES两种有效
return TransformManager.CONTENT_CLASS;//这里接收CLASS
}
@Override
public Set<? super QualifiedContent.Scope> getScopes() { // 指定获取的范围:可以鼠标点进QualifiedContent.Scope看种类说明
return TransformManager.SCOPE_FULL_PROJECT;
}
@Override
public boolean isIncremental() { // 是否增量构建
return false;
}
//将inputs的内容转换到outputProvider中
@Override
public void transform(TransformInvocation transformInvocation) throws TransformException, InterruptedException, IOException { //获取接收到的各个数据
super.transform(transformInvocation);
TransformOutputProvider outputProvider = transformInvocation.getOutputProvider(); //转换后的数据存储对象
outputProvider.deleteAll(); //先清空 转换后的数据存储对象
System.out.println("transform");
Collection<TransformInput> inputs = transformInvocation.getInputs();
for (TransformInput input : inputs) {
System.out.println("转换 DirectoryInput");
Collection<DirectoryInput> directoryInputs = input.getDirectoryInputs(); //自己写的代码
for (DirectoryInput directoryInput : directoryInputs) {
interceptorDirectory(directoryInput);//做处理的方法,下面会写入处理后的内容
String dirName = directoryInput.getName();
File src = directoryInput.getFile();
String md5 = DigestUtils.md2Hex(src.getAbsolutePath());
File dest = outputProvider.getContentLocation(dirName + md5, directoryInput.getContentTypes(), directoryInput.getScopes(), Format.DIRECTORY);
FileUtils.copyDirectory(src, dest); //将src文件复制到dest文件
}
System.out.println("转换 JarInput");
Collection<JarInput> jarInputs = input.getJarInputs(); //依赖模块(jar包)
for (JarInput jarInput : jarInputs) {
interceptorJar(jarInput);//做处理的方法,下面会写入处理后的内容
String newJarName = jarInput.getName();
File src = jarInput.getFile();
String md5 = DigestUtils.md2Hex(src.getAbsolutePath());
File dest = outputProvider.getContentLocation(newJarName + md5, jarInput.getContentTypes(), jarInput.getScopes(), Format.JAR);
FileUtils.copyFile(src, dest); //将src文件复制到dest文件
}
}
}
private void interceptorDirectory(DirectoryInput directoryInput) {
File dir = directoryInput.getFile();
if (dir.isDirectory()) {
List<File> classFileLsit = new ArrayList<>();
listAllFile(dir, classFileLsit);
for (File file : classFileLsit) {
String name = file.getName();
System.out.println("directoryInput:::" + name);
if (name.contains("MainActivity")) {
FileInputStream fileInputStream = null;
FileOutputStream fileOutputStream = null;
try {
fileInputStream = new FileInputStream(file);
byte[] bytes = IOUtils.read(fileInputStream);
//使用ASM修改 bytes
ClassReader cr = new ClassReader(bytes);
ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES);
cr.accept(new MyClassVisitor(cw), 0);//使用访问者处理
byte[] newBytes = cw.toByteArray();//获取处理后的字节数组
fileOutputStream = new FileOutputStream(file);
fileOutputStream.write(newBytes);
fileOutputStream.flush();
} catch (Exception e) {
} finally {
try {
if (fileInputStream != null)
fileInputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
try {
if (fileOutputStream != null)
fileOutputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
}
//在转换前做字节码插桩处理
private void interceptorJar(JarInput jarInput) {
String jarName = jarInput.getName();
if (jarName.contains("")) {
File file = jarInput.getFile();
try {
JarFile jarFile = new JarFile(file);
Enumeration<JarEntry> entries = jarFile.entries();
while (entries.hasMoreElements()) {
JarEntry jarEntry = entries.nextElement();
if (jarEntry.getName().equals("com/pk/a.class")) {
InputStream inputStream = jarFile.getInputStream(jarEntry);
byte[] bytes = IOUtils.read(inputStream);
//使用ASM修改 bytes
ClassReader cr = new ClassReader(bytes);
ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES);
cr.accept(new MyClassVisitor(cw), 0);//使用访问者处理
byte[] newBytes = cw.toByteArray();//获取处理后的字节数组
//测试输出的class文件是否改动成功
// FileOutputStream fileOutputStream = new FileOutputStream(jarEntry.getAbsolutePath());
// fileOutputStream.write(newBytes);
// fileOutputStream.close();
jarEntry.setExtra(newBytes);
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
private void listAllFile(File dir, List<File> reslutList) {
if (dir == null) {
return;
}
if (!dir.isDirectory()) {
return;
}
File[] fileArray = dir.listFiles();
for (File file : fileArray) {
if (file.isDirectory()) {
listAllFile(file, reslutList);
} else {
reslutList.add(file);
}
}
}
}
