alibaba
working on ART runtime
Dexpose AOP hook on ART runtime is in early beta stage, Current now it can hook the Java Method wrote in your dex, didn't inline compiled. You can see the sample code. It can't hook some system api(Such like Log.d) . And also it will native crash when call AlertDialog.showDialog() in com_taobao_android_dexposed_DexposedBridge_invokeOriginalMethodNative(). I guess it was caused by some mistake in stack transfer.
Now I was testing a different hook method for these case. Hope it will work!
Thank you very much! These suggestions are valuable. I will improve after evaluation.
There was some obstacle on uploading snapshot version to JCenter, so I upload 0.2.2 version for android 5.0 test. Can anybody help me to test this version, thank you!. Notice, 0.2.2 is still a snapshot version!
dependencies { compile( 'com.taobao.android:dexposed:0.1.2@aar') }
@hwjump I found a problem when use dexposed on Android 5.1 System. I found a 0.1.17 version of Dexposed in Maven Central, it support 5.1 system by default. It seems that dexposed did not automatically load system api classes, like Toast. First, I writed a test Patch, which hoke a ToastUtil, which code is below:
public class ToastUtil {
private static Handler sMainHandler = new Handler(Looper.getMainLooper());
public static void showMessage(final String text, final int duration) {
if (Thread.currentThread().getId() != 1) {
sMainHandler.post(new Runnable() {
@Override
public void run() {
showMessage(text, duration);
}
});
return;
}
if (TextUtil.isEmptyOrNull(text)) {
showMessage(R.string.action_error);
return;
}
Toast t = Toast.makeText(APP.getInstance(), text, duration);
t.setGravity(Gravity.CENTER, 0, 0);
TextView tv = (TextView) t.getView().findViewById(android.R.id.message);
if (tv != null) tv.setTextColor(APP.getInstance().getResources().getColor(R.color.white_light));
t.getView().setBackgroundResource(R.drawable.progress_hud_bg);
t.show();
}
}
It's easy, just some utils code for Toast.
The patch code is like this:
public class TestPatch implements IPatch {
private Handler mHandler = new Handler(Looper.getMainLooper());
@Override
public void handlePatch(PatchParam patchParam) throws Throwable {
DexposedBridge.findAndHookMethod(
Class.forName("cn.app.meiya.aa.util.ToastUtil"),
"showMessage",
String.class, int.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(final MethodHookParam methodHookParam) throws Throwable {
if (Thread.currentThread().getId() != 1) {
mHandler.post(new Runnable() {
@Override
public void run() {
showFakeMessage(methodHookParam);
}
});
} else {
showFakeMessage(methodHookParam);
}
return null;
}
}
);
}
private void showFakeMessage(XC_MethodHook.MethodHookParam methodHookParam) {
try {
Context app = (Context) XposedHelpers.callStaticMethod(
Class.forName("com.meiyaapp.meiya.APP"), "getInstance");
String text = (String) methodHookParam.args[0];
int duration = (int) methodHookParam.args[1];
Toast.makeText(app, "FAKE: \n" + text, Toast.LENGTH_LONG).show();
} catch (Exception e) {
e.printStackTrace();
}
}
}
Then, I package a "Test-Patch" apk and load it on main app, but it crashed when Call "ToastUtil.showMessage".
The crash only print this, can not find any stacktrace.
10-08 09:43:55.422 17987-17987/com.meiyaapp.meiya A/libc﹕ Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbe98e2f4 in tid 17987 (.meiyaapp.meiya)
And I found strange that when I CALL this before a next ToastUtil.showMessage, the patch code WORK!
Toast.makeText(context, "Load success", Toast.LENGTH_LONG).show();
So I think, maybe Dexposed DID NOT automatically load system api classes.
I know currently Dexposed only support dalvik runtime for now, I post this just want to help to test ART Runtime.
@hwjump update: I try to load classes in patch apk, but still NOT work.
private void showFakeMessage(ClassLoader loader, XC_MethodHook.MethodHookParam methodHookParam) {
try {
Context app = (Context) XposedHelpers.callStaticMethod(
Class.forName("com.meiyaapp.meiya.APP"), "getInstance");
String text = (String) methodHookParam.args[0];
int duration = (int) methodHookParam.args[1];
Log.d(TAG, "showFakeMessage: " + "before");
Object toast = XposedHelpers.callStaticMethod(loader.loadClass("android.widget.Toast"), "makeText", "FAKE: \n" + text, 1);
Log.d(TAG, "showFakeMessage: " + "Toast.makeText");
XposedHelpers.callMethod(toast, "show");
Log.d(TAG, "showFakeMessage: " + "Toast.show");
} catch (Exception e) {
e.printStackTrace();
}
}
It crashed on this line: Object toast = XposedHelpers.callStaticMethod(loader.loadClass("android.widget.Toast"), "makeText", "FAKE: \n" + text, 1);
@fanxu123 could you tell me your phone type and android version, 5.0 or 5.1?
thank you! dexposed 0.1.7 was still a snapshot for art. I found it cann't do some system ui relative class in XC_MethodReplacement.
@hwjump Btw, if I want use it on my product version only for pre-5.0, arm device, which version should I use, 0.1.1? 0.1.7?
@fanxu123 sorry,If I support art, I will change the README.md. for pre-5.0, you can use 0.1.1
@owenchow You should keep the proguard mapping. Then hook the method with proguarded name. Plz refer this https://github.com/alibaba/dexposed/issues/5
@owenchow findAndHookMethod的函数原型是findAndHookMethod(类名, 方法名, 参数1的class, 参数2的class, ... , Hook func)
所以是可以区分重载的。。。
Now I rewriter the hook core for Art, it may still have some crash, it need test, you can get it on "dev_art" branch.
