I can't hook View.OnClickListener in my Demo.

DexposedBridge.findAndHookMethod(View.OnClickListener.class, "onClick", View.class,
                    new XC_MethodHook() {

                        @Override
                        protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                        }

                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.d("dexposed", "onClick trigger");
                        }
                    });

Does dexposed have any real usage in alibaba's android client?

compile 'com.taobao.android:dexposed:0.1.1@aar'
minSdkVersion 14
targetSdkVersion 23

gradle编译报错：
Suggestion: use tools:overrideLibrary="com.taobao.android.dexposed" to force usage
Error:Execution failed for task ':app:processDebugManifest'.

Manifest merger failed with multiple errors, see logs

In MultiDex env, when call System.loadLibrary("dexposed").
throw Couldn't load dexposed from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/xxxx-1.apk" Exception。
I judge that the dexposed class is in the secondary dex。so before call MutilDex.install() ,will cause this case。
I want to know how to use dexposed suitablely in multiDex env.

I found that XposedBridge not support for multidex, what about dexposed?

您好：
我这里测试的时候发现三星GI9001(Android 2.3.6)调用canDexposed()方法时，返回false 测试的时候发现一些Android4.4.4版本的也有hook失败的情况
我跟踪了一下代码发现,canDexposed()方法在加载loadDexposedLib的时候的源码是这样的。
private static boolean loadDexposedLib(Context context) {
// load dexposed lib for hook.
try {
if (android.os.Build.VERSION.SDK_INT > 19
&& android.os.Build.VERSION.SDK_INT < 21) {
System.loadLibrary("dexposed_l");
} else if (android.os.Build.VERSION.SDK_INT > 14) {
System.loadLibrary("dexposed");
} else {
return false;
}
return true;
} catch (Throwable e) {
return false;
}
}
也就是说如果API级别在14以下，就直接返回false？那该框架是怎么支持的Android2.3呢？我想请您解答一下，您这个加载.so的方法，对14以下的都不做处理？谢谢

Then we may failed to hook mobiles running on YunOS, is there any explanation?

    public static synchronized boolean isDeviceSupport(Context context) {
        // return memory checked value.
        try {
            if (isCheckedDeviceSupport)
                return isDeviceSupportable;

            if (!isX86CPU() && !isYunOS()) {
                isDeviceSupportable = true;
            } else {
                isDeviceSupportable = false;
            }
        } finally {
            Log.d("hotpatch", "device support is " + isDeviceSupportable + "checked" + isCheckedDeviceSupport);
            isCheckedDeviceSupport = true;
        }
        return isDeviceSupportable;
    }

加了 compile 'com.taobao.android:dexposed:0.1.1@aar' 之后

PatchMain L:137 loadAllCallbacks
try {
entryClass = mcl.loadClass(entry);
} catch (ClassNotFoundException e) {
e.printStackTrace();
break;
}
为什么这里要break?用continue会不会更合适？

0.1.1版本的aar 支持2.3，但是aar的AndroidManifest.xml里面配置minsdk=15 能否保持代码一致呢？

项目支持2.3，但是导入aar后 由于版本较低 build失败
虽然可以从aar里面把jar和so拿出来
但是希望能修改下 方便大家~

use：

native_dependencies {
    artifact 'com.taobao.dexposed:dexposed_l:0.2+:armeabi'
    artifact 'com.taobao.dexposed:dexposed:0.2+:armeabi'
}

get this url 404
https://repo1.maven.org/maven2/com/taobao/dexposed/dexposed_l/

Use which repositories?

Thanks for creating the awesome dexposed framework!

Recently I have developed XLog module based on dexposed. XLog can easily log method calls and print arguments, return values, and the execute time. After using XLog in our own project for a while, we found that it is very useful in debugging and performance monitoring and want to share this tool with more developers.

I wonder if it is appropriate to add one section in README introducing dexposed-based tools such as Xlog, so that the benefits brought by dexposed framework could be enjoyed by more developers.

I try the sample app on samsund S5 device (Android 5.1).
I got error :

I/art﹕ dexposed: >>> hookMethodNative 0x7739e610
void   com.taobao.dexposed.MainActivity.showLog(java.lang.String, java.lang.String)
10-03 17:22:06.186    3720-3720/com.taobao.android.dexposed I/art﹕ dexposed: >>> 
EnableXposedHook0x7739e610 void com.taobao.dexposed.MainActivity.showLog(java.lang.String, java.lang.String)
10-03 17:22:06.186    3720-3720/com.taobao.android.dexposed I/art﹕ 
dexposed:   artQuickDexposedInvokeHandler 0
10-03 17:22:06.186    2081-2081/? E/audit﹕ type=1701 msg=audit(1443885726.186:504): auid=4294967295 uid=10386 gid=10386 ses=4294967295 subj=u:r:s_untrusted_app:s0 pid=3720 comm="ndroid.dexposed" reason="memory violation" sig=11

你好:

我打算用这个东西来做个插件, 并且希望它支持x86, 所以自己fork了一个做了修改
主要是整个项目换成android studio的工程, dalvik, bridge, art分别作为library model

dalvik和art模块都可以直接在android studio中编译成功, 应该会方便修改和调试

另外, 我已经把dalvik的部分完成了了x86的支持
art的因为有个关联armeabi-v7a的汇编, 暂时不知道怎么弄

我的分支地址: https://github.com/pangliang/dexposed/tree/android_studio
你们看是否能接受, 可以的话我就推个PR

Error:Execution failed for task ':app:resolveNativeDependencies'.

Could not resolve all dependencies for configuration 'detachedConfiguration1'.
Could not find any matches for com.taobao.dexposed:dexposed_l:0.2+ as no versions of com.taobao.dexposed:dexposed_l are available.
Searched in the following locations:
https://jcenter.bintray.com/com/taobao/dexposed/dexposed_l/maven-metadata.xml
https://jcenter.bintray.com/com/taobao/dexposed/dexposed_l/

hey,

I don't see the reason why you enfore the AOSP source prebuild to compile dexposed. I managed to get rid of that dependency and resolved all necessary address and objects at runtime using some quite simple heuristics and scanning techniques. Especially for Dalvik this is no problem at all considering that the development ( at least for dalvik ) is stopped. The source is not changing much anymore.

Haven't tried it but once you have a working strategy for art as well, I think it can be done here also.

Building AOSP is s pain in the a..., not talking about the time which is wasted for setup, fixing issues and so on....

It is really not too hard to remove that dependency. Sure it is additional work and will require some restructuring of the project, but it is doable for sure.

Please think about it.

Thank you!

Best regards,
mitp0sh

PS: I really love dexposed!!!!! Once of the best projects on github!! ;D

There are two "if"s in line 323 of DexposedBridge.java. Do you even compile before you commit?

private static boolean loadDexposedLib(Context context) {
// load xposed lib for hook.
try {
if (android.os.Build.VERSION.SDK_INT == 10
|| android.os.Build.VERSION.SDK_INT == 9) {
System.loadLibrary("dexposed2.3");
} else if (android.os.Build.VERSION.SDK_INT > 19){
System.loadLibrary("dexposed_l");
} else {
System.loadLibrary("dexposed");
}
return true;
} catch (Throwable e) {
return false;
}
}

we could see there is three kind of so file，but there is nowhere to find dexposed2.3

I read your source, I found System.loadLibrary("dexposed2.3") in your code, but there is no libdexposed2.3.so in your repo and there is no source related.

Dexpose AOP hook on ART runtime is in early beta stage, Current now it can hook the Java Method wrote in your dex, didn't inline compiled. You can see the sample code. It can't hook some system api(Such like Log.d) . And also it will native crash when call AlertDialog.showDialog() in com_taobao_android_dexposed_DexposedBridge_invokeOriginalMethodNative(). I guess it was caused by some mistake in stack transfer.

Now I was testing a different hook method for these case. Hope it will work!

感觉没有必要使用native_dependencies 啊，直接使用aar不就可以把so包含进来了么

遇到这个错误，java.lang.IllegalArgumentException: Optimized data directory /storage/sdcard0 is not owned by the current user. Shared storage cannot protect your application from code injection attacks。
请问如何解决

UI&service & message bus 总线，这个是不是跟业务耦合了？没有开源？ 只开源了runtime 东东?bus 总线解决什么问题？

是否可以提供完整可编译版本?项目中缺少一下文件没有提交无法完成编译，如quick_argument_visitor.cpp中的

include "callee_save_frame.h"

From the code headers it's Apache 2.0 but it would be nice to have a license file at the repo root.

DexposedBridge.findAndHookMethod(Fragment.class, "onCreate", Bundle.class, onCreateHook);
DexposedBridge.findAndHookMethod(Fragment.class, "onDestroy", onDestroyHook);
不起作用

Great works!

Could you add description for support status(eg. fair/tested/unsure/unsupported) of each android version in your actual application.

请问一下，dexposedbridge.jar里面的源码怎么获取，我想在产品上写一些service类，然后把所有的jar包合并成一个，通过AndroidStudio自动解析得到的.class文件中，在xposedbridge.class中有
public static Unhook hookMethod(Member hookMethod, XC_MethodHook callback) {
.......
DexposedBridge.AdditionalHookInfo additionalInfo = new DexposedBridge.AdditionalHookInfo(callbacks, parameterTypes, returnType, (DexposedBridge.AdditionalHookInfo)null);
.........................
return new Unhook(callback, hookMethod);
}
其中(DexposedBridge.AdditionalHookInfo)null)这种写法是什么意思，还有 new Unhook(callback, hookMethod);其中Unhook的构造函数只有hookMethod一个参数啊，这怎么可以传递两个参数呢？
public class Unhook implements IXUnhook {
private final Member hookMethod;

    public Unhook(Member hookMethod) {
        this.hookMethod = hookMethod;
    }

.....................
}
我不确定这种写法是什么意思，是反编译的问题吗？不知道可以不可以提供dexposebridge.jar里面的源码？我现在是自己反编译后，想和其他的代码一起打包，一直报错，求帮助，我水平比较有限，但是很感兴趣，谢谢

哈哈，过来和白老师问好

在使用5.0.1手机测试时发现load的是libdexposed_l.so成功
PatchResult result = PatchMain.load(context, apkPath, null);也返回true
但运行时程序崩溃，请问下现在还不支持5.0(API 21)以上的系统吗？
如果支持该怎么配置？谢谢

ios 平台容器架构开源了吗？谢谢！

单独新建一个项目的时候可以在该小米机型上hook成功。

作为一个library之后无论如何都不能注入成功。
放到library相关的app项目内还是无法注入成功。

错误如下
java.lang.UnsatisfiedLinkError: Couldn't load dexposed from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com..apk"],nativeLibraryDirectories=[/data/app-lib/com.app-1, /vendor/lib, /system/lib]]]: findLibrary returned null

另外请问如何启用5.0和5.1下的注入，我看有5.0和5.1的Lib文件了。但是测试不成功。

另外dexposed 0.1.7也试过了，还是不行。将文件解包考到jniLibs目录下还是一样的错误。

环境 AS 1.4.1 手机 小米4c 4.4.4
build.gradle:

buildscript {
    repositories {
        jcenter()
    }
    dependencies {
        classpath 'com.android.tools.build:gradle:1.3.0'
    }
}
apply plugin: 'com.android.application'

repositories {
    jcenter()
}

android {
    compileSdkVersion 23
    buildToolsVersion "23.0.1"

    defaultConfig {
        applicationId "com..app"
        minSdkVersion 15
        targetSdkVersion 23
        versionCode 1
        versionName "1.0"
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }

    packagingOptions {
        exclude 'META-INF/DEPENDENCIES.txt'
        exclude 'META-INF/LICENSE.txt'
        exclude 'META-INF/NOTICE.txt'
        exclude 'META-INF/NOTICE'
        exclude 'META-INF/LICENSE'
        exclude 'META-INF/DEPENDENCIES'
        exclude 'META-INF/notice.txt'
        exclude 'META-INF/license.txt'
        exclude 'META-INF/dependencies.txt'
        exclude 'META-INF/LGPL2.1'
    }
}


repositories {
    maven { url "https://jitpack.io" }
}


dependencies {

    compile "com.mixpanel.android:mixpanel-android:4.6.4"
    compile "com.android.support:appcompat-v7:23.1.0"
    compile "com.android.support:design:23.1.0"
    compile 'com.android.support:cardview-v7:23.1.0'
    compile "com.android.support:recyclerview-v7:23.1.0"
    compile 'com.github.PhilJay:MPAndroidChart:v2.1.3'
    compile 'joda-time:joda-time:2.8.2'
    compile 'com.facebook.fresco:fresco:0.7.0+'
    compile 'com.taobao.android:dexposed:0.1.8@aar'
    compile 'com.squareup.retrofit:converter-jackson:2.0.0-beta2'
    compile 'com.squareup.retrofit:retrofit:2.0.0-beta2'
}

Hello, I just read the source code and want to know what art_quick_dexposed_invoke_handler does.
And how do hook ArtMethod ?

demo例子中patch是apk包，如果在patch中引用了第三方的库（这个库在程序中已经引用了），是不是必须将第三方的库也要打包到patch包内呢？如果不关联，大不了patch apk包。

单独新建一个项目的时候可以在该小米机型上hook成功。

作为一个library之后无论如何都不能注入成功。
放到library相关的app项目内还是无法注入成功。

错误如下
java.lang.UnsatisfiedLinkError: Couldn't load dexposed from loader dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.app-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.app-1, /vendor/lib, /system/lib]]]: findLibrary returned null

另外请问如何启用5.0和5.1下的注入，我看有5.0和5.1的Lib文件了。但是测试不成功。

另外dexposed 0.1.7也试过了，还是不行。将文件解包考到jniLibs目录下还是一样的错误。

环境 AS 1.4.1 手机 小米4c 4.4.4
build.gradle:

buildscript {
    repositories {
        jcenter()
    }
    dependencies {
        classpath 'com.android.tools.build:gradle:1.3.0'
    }
}
apply plugin: 'com.android.application'

repositories {
    jcenter()
}

android {
    compileSdkVersion 23
    buildToolsVersion "23.0.1"

    defaultConfig {
        applicationId "com..app"
        minSdkVersion 15
        targetSdkVersion 23
        versionCode 1
        versionName "1.0"
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }

    packagingOptions {
        exclude 'META-INF/DEPENDENCIES.txt'
        exclude 'META-INF/LICENSE.txt'
        exclude 'META-INF/NOTICE.txt'
        exclude 'META-INF/NOTICE'
        exclude 'META-INF/LICENSE'
        exclude 'META-INF/DEPENDENCIES'
        exclude 'META-INF/notice.txt'
        exclude 'META-INF/license.txt'
        exclude 'META-INF/dependencies.txt'
        exclude 'META-INF/LGPL2.1'
    }
}


repositories {
    maven { url "https://jitpack.io" }
}


dependencies {

    compile "com.mixpanel.android:mixpanel-android:4.6.4"
    compile "com.android.support:appcompat-v7:23.1.0"
    compile "com.android.support:design:23.1.0"
    compile 'com.android.support:cardview-v7:23.1.0'
    compile "com.android.support:recyclerview-v7:23.1.0"
    compile 'com.github.PhilJay:MPAndroidChart:v2.1.3'
    compile 'joda-time:joda-time:2.8.2'
    compile 'com.facebook.fresco:fresco:0.7.0+'
    compile 'com.taobao.android:dexposed:0.1.8@aar'
    compile 'com.squareup.retrofit:converter-jackson:2.0.0-beta2'
    compile 'com.squareup.retrofit:retrofit:2.0.0-beta2'
}

1.when i hook a method which inside has try-catch blocked,when catch blocked raise will lead app directly crash.
2. if inside call back method beforeHookMethod we create a exception object (new Exception()) also will cause app directly crash.it's any way to avoid or fixed it ?

白老师，在release下，好像加载不了patch啊，即使我把
-keep class com.taobao.android.dexposed.** { ; }
-keep class com.taobao.patch.* { *; }
这几个添加了，也还是不行？

请教一个问题。
任何一个method在art上都有2个入口，一个解释器，一个本地机器指令。我想hook一个method。
我看了您的源码，art_method->SetEntryPointFromQuickCompiledCode，这样是hook住一个本地机器指令执行的method。
我看您注释掉art_method->SetEntryPointFromInterpreter。
我想问的是，如果是解释执行的话，是不是必须SetEntryPointFromInterpreter才能hook住？
谢谢！！

1. 此接口名为检测是否 支持 Hook。但是其实 加载 so 文件的任务也是在此方法中进行的。
   可能存在的使用问题：
   如果我们在写一个Demo 时通过查看文档了解到自己的 Target Device 是支持的。于是没有调用上面的检测方法，便会导致 hook 失败。

建议在类加载时，判断并进行 System.loadLibrary()

1.对ART的支持现在是否还有人在继续开发？

2.手淘是否使用了其他的方案来代替dexposed？

3.我测试了ART下自定义函数的可以hook，但是对于View的方法比如performClick不可以hook，
dexposed/dexposed_so/dexposed_art/dexposed.cpp里的EnableXposedHook

static void EnableXposedHook(JNIEnv* env, ArtMethod* art_method, jobject additional_info)
      // Create a backup of the ArtMethod object
      ArtMethod* backup_method = down_cast<ArtMethod*>(art_method->Clone(soa.Self()));
      // Set private flag to avoid virtual table lookups during invocation
      backup_method->SetAccessFlags(backup_method->GetAccessFlags() /*| kAccXposedOriginalMethod*/);
      // Create a Method/Constructor object for the backup ArtMethod object
      jobject reflect_method;
      if (art_method->IsConstructor()) {
        reflect_method = env->AllocObject(WellKnownClasses::java_lang_reflect_Constructor);
      } else {
        reflect_method = env->AllocObject(WellKnownClasses::java_lang_reflect_Method);
      }
      env->SetObjectField(reflect_method, WellKnownClasses::java_lang_reflect_AbstractMethod_artMethod,
          env->NewGlobalRef(soa.AddLocalReference<jobject>(backup_method)));
      // Save extra information in a separate structure, stored instead of the native method
      DexposedHookInfo* hookInfo = reinterpret_cast<DexposedHookInfo*>(calloc(1, sizeof(DexposedHookInfo)));
      hookInfo->reflectedMethod = env->NewGlobalRef(reflect_method);
      hookInfo->additionalInfo = env->NewGlobalRef(additional_info);
      hookInfo->originalMethod = backup_method;

      jstring shorty = (jstring)env->GetObjectField(additional_info,additionalhookinfo_shorty_field);
      hookInfo->shorty = env->GetStringUTFChars(shorty, 0);
      LOG(INFO) << "dexposed: >>> EnableXposedHook shorty:" << hookInfo->shorty;

    #if PLATFORM_SDK_VERSION < 22
        art_method->SetNativeMethod(reinterpret_cast<uint8_t *>(hookInfo));
    #else
        art_method->SetEntryPointFromJni(reinterpret_cast<void *>(hookInfo));
    #endif

      art_method->SetEntryPointFromQuickCompiledCode(GetQuickDexposedInvokeHandler());
      //art_method->SetEntryPointFromInterpreter(art::artInterpreterToCompiledCodeBridge);
      // Adjust access flags
      art_method->SetAccessFlags((art_method->GetAccessFlags() & ~kAccNative) /*| kAccXposedHookedMethod*/);

是什么原因导致的这个问题呢？
另外xposed也支持了6.0的hook，在android_art/runtime/art_method.cc里的

void ArtMethod::EnableXposedHook(ScopedObjectAccess& soa, jobject additional_info) {

  // Create a backup of the ArtMethod object
  auto* cl = Runtime::Current()->GetClassLinker();
  ArtMethod* backup_method = cl->AllocArtMethodArray(soa.Self(), 1);
  backup_method->CopyFrom(this, cl->GetImagePointerSize());
  backup_method->SetAccessFlags(backup_method->GetAccessFlags() | kAccXposedOriginalMethod);

  // Create a Method/Constructor object for the backup ArtMethod object
  mirror::AbstractMethod* reflect_method;
  if (IsConstructor()) {
    reflect_method = mirror::Constructor::CreateFromArtMethod(soa.Self(), backup_method);
  } else {
    reflect_method = mirror::Method::CreateFromArtMethod(soa.Self(), backup_method);
  }
  reflect_method->SetAccessible<false>(true);

  // Save extra information in a separate structure, stored instead of the native method
  XposedHookInfo* hookInfo = reinterpret_cast<XposedHookInfo*>(calloc(1, sizeof(XposedHookInfo)));
  hookInfo->reflectedMethod = soa.Vm()->AddGlobalRef(soa.Self(), reflect_method);
  hookInfo->additionalInfo = soa.Env()->NewGlobalRef(additional_info);
  hookInfo->originalMethod = backup_method;
  SetEntryPointFromJni(reinterpret_cast<uint8_t*>(hookInfo));

  ThreadList* tl = Runtime::Current()->GetThreadList();
  soa.Self()->TransitionFromRunnableToSuspended(kSuspended);
  tl->SuspendAll("Hooking method");
  {
    MutexLock mu(soa.Self(), *Locks::thread_list_lock_);
    tl->ForEach(StackReplaceMethod, this);
  }
  tl->ResumeAll();
  soa.Self()->TransitionFromSuspendedToRunnable();

  SetEntryPointFromQuickCompiledCode(GetQuickProxyInvokeHandler());
  SetEntryPointFromInterpreter(artInterpreterToCompiledCodeBridge);

  // Adjust access flags
  SetAccessFlags((GetAccessFlags() & ~kAccNative & ~kAccSynchronized) | kAccXposedHookedMethod);

是否可以借鉴一下？

在genymotion上跑会报错
java.lang.UnsatisfiedLinkError: Native method not found: com.taobao.android.dexposed.DexposedBridge.hookMethodNative:(Ljava/lang/reflect/Member;Ljava/lang/Class;ILjava/lang/Object;)V

什么问题？patch.apk 与宿主apk ，必须用同一个key 来打包吗 ，两者还有什么特殊规定？

原方法如果是基本数据类型，则无法调用，必须使用包装类

what's different with Xposed?