Hi,
I have an Xposed module that listens for certain events and then notify the main application/Activity that contains this module about the events. I tried to put the events into a static buffer class that's accessible from both the module and Activity. But the buffer is always empty. Right now, I have to use Broadcast to achieve the notification. Is it impossible to share data between the module and Activity via static in-memory objects? Thank you!
AFAIK, you can't do it like that when xposed module runs in a different process than your app.
Xposed module hooking on one package and your app package are isolated processes that cannot share memory.
One way is to use broadcast, as you mentioned.
Another way is to create a service within your app and use ServiceConnection to bind to it and execute actions on it
Example of such service: https://github.com/GravityBox/Gravi...o/kitkat/gravitybox/KeyguardImageService.java
Example how that service is called from system context (different process): https://github.com/GravityBox/Gravi...m/ceco/kitkat/gravitybox/ModDisplay.java#L521
Related
[Q]How to resolved hidden class ItemInfo in xposed module development, thanks!
I want to develop an xposed module to hide some shortcut in the launcher workspace,
but i can't resolve the hidden class ItemInfo, because i need remove specific item from ArrayList<ItemInfo>,
how to deal with it, thanks!
You can cast it to ArrayList<?>
C3C076 said:
You can cast it to ArrayList<?>
Click to expand...
Click to collapse
sure, i think i can, but how to change the single items in the ArrayList?
because i need to iterate every element in ArrayList to check if someone need to be blocked,
but the element is ItemInfo class type, so....
is there any solution to resolve it, thanks!
is there anybody has good experience on it, thanks!
If you can't use ItemInfo directly at design time simply use xposed functions on its instances to check for property values and call its methods.
E.g. you can iterate through array list and cast items to Object. Then use xposed functions on those objects like getIntField/getFloatField/... to get property or callMethod to call function.
C3C076 said:
If you can't use ItemInfo directly at design time simply use xposed functions on its instances to check for property values and call its methods.
E.g. you can iterate through array list and cast items to Object. Then use xposed functions on those objects like getIntField/getFloatField/... to get property or callMethod to call function.
Click to expand...
Click to collapse
thanks, C3C076, it's good idea, i will try
Hook is in PhoneWindowManager class, I need to put a value to Settings.System. ContentResolver from the available mContext variable is used.
I get the following:
Code:
InvocationTargetError: java.lang.SecurityException: Package android does not belong to 10036
10036 is UID of my module.
- Which context did you use to get content resolver?
- Depends on where your hook is.
Although your hook is in phone window manager, it still depends from where method you are hooking was called from. If it was called from different package that has different permissions (such as your module app), you will have to clear an identity of calling package while using system settings.
Something like:
Code:
long ident = Binder.clearCallingIdentity();
try {
// store to system settings or whatever
} finally {
Binder.restoreCallingIdentity(ident);
}
- Another option is to add necessary permission to your module's manifest
My module already has WRITE_SETTINGS permission. I use mContext variable that is available in PhoneWindowManager, never had a problem with it. Calling from a separate thread that is created in screenTurnedOff() method.
PhoneWindowManager has a lot of similar code involving Settings.System:
Code:
android.provider.Settings.System.putIntForUser(mContext.getContentResolver(), "screen_brightness_mode", 0, -3);
I tried ...ForUser methods with -2, -3 and 1000 UIDs - still the same error. Regular methods should use current process UID, so it's 1000 anyway.
No idea how it still knows that Xposed module is involved, code is supposed to be executed as if it's a part of a hooked app.
But I guess it knows) so clearing calling identity works perfectly, thanks.
I assume thread in screenTurnedOff you mentioned is your own you created? If yes, then for some reason thread in which runs phone window manager is thinking it's some kind of a foreign thread although created within phone window manager. Question is where screenTurnedOff was called from. If it's an IPC call then it's clear it has different identity. If it's not that case then it's definitely strange.
C3C076 said:
Question is where screenTurnedOff was called from. If it's an IPC call then it's clear it has different identity. If it's not that case then it's definitely strange.
Click to expand...
Click to collapse
screenTurnedOff is a stock method, it's called whenever it's called Definitely not from my module. I bet there is an explanation, something complicated)
I tried to use some function from a jnilibs library and it doesn't work with XPosed.
(to be specific,the qualcomm module. I tried it's sample app and it works great on my LG G3 device.)
I heard there is some modifications you need to do when using jni libs with xposed, but I don't know what are these modifications in specific...
Any hint on what I could be doing wrong?
update:
I have written all jni related code in the xposed setting activity and tested it via clicking at the module name in xposed module list. The vuforia init process worked fine....
Now I can only doubt that if it's the JNI call, or the "activity" argument I passed to Vuforia.setInitParameters is not working....
below are what I tried and not working:
pass null;
pass "param.thisObject" from a method in the activity.
pass the context object which is actually the activity
pass a new unrelated activity.
by the way, I looked at the iOS version of the setInitParameters. Which doesn't need an activity argument. So sad..
Here's what I think XPosed does:
1. Before zygote_init, hook all apis and insert xposed_before_xxx and xposed_after_xxx method (where xxx is the name of the api).
2. Load modules. Load hook class, realize it and keep it in memory of zygote. For each injecting method, add it to the private list of xposed_before/after_xxx.
3. When an new app loads (forks from zygote), it also forked the hook class and the hooked method.
4. When an app calls xxx, it actually runs xposed_before_xxx first, and the latter calls every inject method in its private list. Then the original api is called. Then xposed_after_xxx is called, and deals with itself's list.
So for each app, hook class is individual after forking from zygote. So, static members are not shared. Cause each hook class has only one instance in an app, static members act the same as non-static members. Am I right?
And by the way, how does a xposed module to communicate between processes? I've seen a post realizing its own rpc by getting context and creating a service. Any simpler ways for just single direction transferring? Currently I'm using XSharedPreference and SharedPreference, but then then the hook method can't write back anything (such as logging). Any ideas to solve this?
Thanks for reading my long & poor English...
Hello!
I am sorry if this may be confusing as I am quite sure I don't use the right terms. What I want to do is hook native library calls/syscalls made from native code within an app. I want to use xposed to launch the code that hooks the library/system call - but I do not know how to do and how the android system will complicate things for me.
Also, it seems to me that this has not been done. So my main thought with this thread is to get some input that can help me avoid some obvious pitfalls before I start trial and error.
What would my options be if I want to modify/interact with native code from a xposed module?
If it was a normal program I could simply use ptrace or LD_PRELOAD to get the kind of access I need. But as I want to do this from an xposed module I get worried by the android system.
If I for example hook the startup of the app, and then from the xposed hook use jni to ptrace myself - would that be possible, would I need to give the original app sudo permissions, and would my ptrace survive hiding/opening the app again?
Another thought was to, as previously at the startup of the app launch jni code. But in this case find the local symbol table and modify it to jump to my hook - but I am not sure if different jni code run in the same memory space and have access to mess with each other. [And also, how often would I need to redo this modification, would android reload/restart of the app destroy my changes]
Hopefully I didn't come off as too confusing. Thanks for the help!
I think you asked me this in my thread but Ill answer it here.
Also, it seems to me that this has not been done. So my main thought with this thread is to get some input that can help me avoid some obvious pitfalls before I start trial and error.
I have hooked native code with xposed and LD_PRELOAD, you can manipulate the data via your LD_PRELOAD lib. I do not know if its been linked to public code yet. LD_PRELOAD does not require Xposed to work(just makes it easier to manage imo). Also note that i have not tested this using the newer Android OS'es(>4.4). Not (yet)necessary for my use case. I would recommend getting LD_PRELOAD to work without Xposed first. Then add the Xposed integration
What would my options be if I want to modify/interact with native code from a xposed module?
If it was a normal program I could simply use ptrace or LD_PRELOAD to get the kind of access I need. But as I want to do this from an xposed module I get worried by the android system.
I have not tried via ptrace, also note that some apps will ptrace itself for protection against reversing. LD_PRELOAD works fine for me. Personally I use LD_PRELOAD to modify the arguments and the return values but most of the time just for logging information.
If I for example hook the startup of the app, and then from the xposed hook use jni to ptrace myself - would that be possible, would I need to give the original app sudo permissions, and would my ptrace survive hiding/opening the app again?
Ptrace to me sounds more complex but it does sound cool to attempt. No sudo is needed for the app that you are hooking using LD_PRELOAD.
t436h05t said:
I think you asked me this in my thread but Ill answer it here.
Also, it seems to me that this has not been done. So my main thought with this thread is to get some input that can help me avoid some obvious pitfalls before I start trial and error.
I have hooked native code with xposed and LD_PRELOAD, you can manipulate the data via your LD_PRELOAD lib. I do not know if its been linked to public code yet. LD_PRELOAD does not require Xposed to work(just makes it easier to manage imo). Also note that i have not tested this using the newer Android OS'es(>4.4). Not (yet)necessary for my use case. I would recommend getting LD_PRELOAD to work without Xposed first. Then add the Xposed integration
What would my options be if I want to modify/interact with native code from a xposed module?
If it was a normal program I could simply use ptrace or LD_PRELOAD to get the kind of access I need. But as I want to do this from an xposed module I get worried by the android system.
I have not tried via ptrace, also note that some apps will ptrace itself for protection against reversing. LD_PRELOAD works fine for me. Personally I use LD_PRELOAD to modify the arguments and the return values but most of the time just for logging information.
If I for example hook the startup of the app, and then from the xposed hook use jni to ptrace myself - would that be possible, would I need to give the original app sudo permissions, and would my ptrace survive hiding/opening the app again?
Ptrace to me sounds more complex but it does sound cool to attempt. No sudo is needed for the app that you are hooking using LD_PRELOAD.
Click to expand...
Click to collapse
Thanks! Is there a nice way to set LD_PRELOAD on app startup using Xposed or do you simply run the shell command when configuring which apps to hook?
Wropzter said:
Thanks! Is there a nice way to set LD_PRELOAD on app startup using Xposed or do you simply run the shell command when configuring which apps to hook?
Click to expand...
Click to collapse
Hooking the app and setting your native hooks is easy in Xposed, after you hook your package just load your lib with your hooks.
System.load("/data/data/org.xxx.app/lib/xxx.so");
The application will default use the preloaded lib you injected(same as LD_PRELOAD without the mess of bash).
It took more time to write code that would enable and disable the hooks inside the hook lib.
Now I have got it working with LD_PRELOAD manually, but using Xposed I do not seem to be able to load the library before libc - that is my replacement function is never called as the symbol was already loaded. Are you using the deprecated IXposedHookCmdInit to be able to load the package earlier? [If I remember correctly you were also hooking libc]
This is my code for the Xposed App.
if (lpparam.packageName.equals("app.to.hook")) {
System.load("/data/data/app.to.hook/lib/hook.so");
XposedBridge.log("Loaded native hook");
}