working on ART runtime

[hwjump]

Dexpose AOP hook on ART runtime is in early beta stage, Current now it can hook the Java Method wrote in your dex, didn't inline compiled. You can see the sample code. It can't hook some system api(Such like Log.d) . And also it will native crash when call AlertDialog.showDialog() in com_taobao_android_dexposed_DexposedBridge_invokeOriginalMethodNative(). I guess it was caused by some mistake in stack transfer.

Now I was testing a different hook method for these case. Hope it will work!

[libfetion]

加油， Dexposed 是一个好东西，必将造福程序猿界！

[hwjump]

Thank you very much！ These suggestions are valuable. I will improve after evaluation.

[hwjump]

There was some obstacle on uploading snapshot version to JCenter, so I upload 0.2.2 version for android 5.0 test. Can anybody help me to test this version, thank you!. Notice, 0.2.2 is still a snapshot version!

dependencies {
compile( 'com.taobao.android:dexposed:0.1.2@aar')
}

[frank-fan]

@hwjump I found a problem when use dexposed on Android 5.1 System.
I found a 0.1.17 version of Dexposed in Maven Central, it support 5.1 system by default.
It seems that dexposed did not automatically load system api classes, like Toast.
First, I writed a test Patch, which hoke a ToastUtil, which code is below:

public class ToastUtil {
    private static Handler sMainHandler = new Handler(Looper.getMainLooper());

    public static void showMessage(final String text, final int duration) {
        if (Thread.currentThread().getId() != 1) {
            sMainHandler.post(new Runnable() {
                @Override
                public void run() {
                    showMessage(text, duration);
                }
            });
            return;
        }
        if (TextUtil.isEmptyOrNull(text)) {
            showMessage(R.string.action_error);
            return;
        }

        Toast t = Toast.makeText(APP.getInstance(), text, duration);
        t.setGravity(Gravity.CENTER, 0, 0);
        TextView tv = (TextView) t.getView().findViewById(android.R.id.message);
        if (tv != null) tv.setTextColor(APP.getInstance().getResources().getColor(R.color.white_light));

        t.getView().setBackgroundResource(R.drawable.progress_hud_bg);
        t.show();
    }
}

It's easy, just some utils code for Toast.

The patch code is like this:

public class TestPatch implements IPatch {

    private Handler mHandler = new Handler(Looper.getMainLooper());

    @Override
    public void handlePatch(PatchParam patchParam) throws Throwable {
        DexposedBridge.findAndHookMethod(
                Class.forName("cn.app.meiya.aa.util.ToastUtil"),
                "showMessage",
                String.class, int.class,
                new XC_MethodReplacement() {
                    @Override
                    protected Object replaceHookedMethod(final MethodHookParam methodHookParam) throws Throwable {
                        if (Thread.currentThread().getId() != 1) {
                            mHandler.post(new Runnable() {
                                @Override
                                public void run() {
                                    showFakeMessage(methodHookParam);
                                }
                            });
                        } else {
                            showFakeMessage(methodHookParam);
                        }
                        return null;
                    }
                }
        );
    }

    private void showFakeMessage(XC_MethodHook.MethodHookParam methodHookParam) {
        try {
            Context app = (Context) XposedHelpers.callStaticMethod(
                    Class.forName("com.meiyaapp.meiya.APP"), "getInstance");
            String text = (String) methodHookParam.args[0];
            int duration = (int) methodHookParam.args[1];

            Toast.makeText(app, "FAKE: \n" + text, Toast.LENGTH_LONG).show();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Then, I package a "Test-Patch" apk and load it on main app, but it crashed when Call "ToastUtil.showMessage".

The crash only print this, can not find any stacktrace.

10-08 09:43:55.422  17987-17987/com.meiyaapp.meiya A/libc﹕ Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbe98e2f4 in tid 17987 (.meiyaapp.meiya)

And I found strange that when I CALL this before a next ToastUtil.showMessage, the patch code WORK!

Toast.makeText(context, "Load success", Toast.LENGTH_LONG).show();

So I think, maybe Dexposed DID NOT automatically load system api classes.

I know currently Dexposed only support dalvik runtime for now, I post this just want to help to test ART Runtime.

[frank-fan]

@hwjump
update:
I try to load classes in patch apk, but still NOT work.

 private void showFakeMessage(ClassLoader loader, XC_MethodHook.MethodHookParam methodHookParam) {
        try {
            Context app = (Context) XposedHelpers.callStaticMethod(
                    Class.forName("com.meiyaapp.meiya.APP"), "getInstance");
            String text = (String) methodHookParam.args[0];
            int duration = (int) methodHookParam.args[1];
            Log.d(TAG, "showFakeMessage: " + "before");
            Object toast = XposedHelpers.callStaticMethod(loader.loadClass("android.widget.Toast"), "makeText", "FAKE: \n" + text, 1);
            Log.d(TAG, "showFakeMessage: " + "Toast.makeText");
            XposedHelpers.callMethod(toast, "show");
            Log.d(TAG, "showFakeMessage: " + "Toast.show");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

It crashed on this line:
Object toast = XposedHelpers.callStaticMethod(loader.loadClass("android.widget.Toast"), "makeText", "FAKE: \n" + text, 1);

[hwjump]

@fanxu123 could you tell me your phone type and android version, 5.0 or 5.1?

[frank-fan]

@hwjump Nexus 5, Android 5.1, Stock

[hwjump]

thank you! dexposed 0.1.7 was still a snapshot for art. I found it cann't do some system ui relative class in XC_MethodReplacement.

[frank-fan]

@hwjump Btw, if I want use it on my product version only for pre-5.0, arm device, which version should I use, 0.1.1? 0.1.7?

[hwjump]

@fanxu123 sorry，If I support art， I will change the README.md. for pre-5.0, you can use 0.1.1

[frank-fan]

@hwjump Thanks!

[owenchow]

我想问下，dexposed支持混淆后的包么？混淆后类名方法名会被修改了，怎么hook呢？

[hwjump]

@owenchow You should keep the proguard mapping. Then hook the method with proguarded name.
Plz refer this #5

[owenchow]

再问下，怎么修改重载函数，findAndHookMethod只能找到方法名，如果是重载了，怎么区分？

[jhdxr]

@owenchow findAndHookMethod的函数原型是findAndHookMethod(类名, 方法名, 参数1的class, 参数2的class, ... , Hook func)
所以是可以区分重载的。。。

[hwjump]

Now I rewriter the hook core for Art, it may still have some crash, it need test, you can get it on "dev_art" branch.

[deadlineOvO]

问题来了，在一年多后的今天
dexposed还会有更新吗？