yujincheng08
commented
3 years ago can u try calling this function by reflection immediately after hook?
Open fOmey opened 3 years ago
yujincheng08
commented
3 years ago can u try calling this function by reflection immediately after hook?
fOmey
commented
3 years ago can u try calling this function by reflection immediately after hook?
Thanks for the reply.
Excuse my ignorance, but can you give me an example?
kotori2
commented
3 years ago The code you provided looks working. Please use debug build and post logs here.
Excuse my ignorance, but can you give me an example?
fOmey
commented
3 years ago The code you provided looks working. Please use debug build and post logs here.
Excuse my ignorance, but can you give me an example?
Here are the logs:
EdXposed_Verbose_20210105_090733.txt
EDIT: I've tried to hook the com.android.server.LocationManagerService constructor and it doesn't seem to be found which is interesting: https://github.com/aosp-mirror/platform_frameworks_base/blob/26b768d9f86633e4a3c23444b662ae66e4e6ffa4/services/core/java/com/android/server/LocationManagerService.java#L276
XposedHelpers.findAndHookConstructor("com.android.server.LocationManagerService", classLoader, Context.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
locationManagerService = param.thisObject;
}
});
if (locationManagerService != null) {
Log.d("section80", "section80 :: locationManagerService found.");
}
XspeedPL
commented
3 years ago Since you didn't specify and the snippet you posted is incomplete, let me ask a common mistake question: where did you put the hooking code? Zygote init, system load or app load?
fOmey
commented
3 years ago Since you didn't specify and the snippet you posted is incomplete, let me ask a common mistake question: where did you put the hooking code? Zygote init, system load or app load?
Hooks are being initialized from handleLoadPackage.
yujincheng08
commented
3 years ago Did you try what I said? Call this method by reflection and see if your hook is called.
fOmey
commented
3 years ago Did you try what I said? Call this method by reflection and see if your hook is called.
I did try, I was unsuccessful tho. Contains no default constructor & the only available constructor requires params (context). I haven't been able to initialize an object instance to invoke the method with.. keeps failing.
Am I missing something here?
XspeedPL
commented
3 years ago You can try to use hook all constructors helper method
fOmey
commented
3 years ago You can try to use hook all constructors helper method
Hooking all constructors does seem to work, odd that its having trouble finding that specific constructor when specified tho..
This doesn't solve my initial problem being that the specified hook doesn't seem to be applied.. I'll try using the helper method to hook that method, see if that works I guess.
kotori2
commented
3 years ago This doesn't solve my initial problem being that the specified hook doesn't seem to be applied
I'm not sure wdym about if hooking constructor works. If it works then you should manually deoptimize target app.
fOmey
commented
3 years ago This doesn't solve my initial problem being that the specified hook doesn't seem to be applied
I'm not sure wdym about if hooking constructor works.
What I mean is if I specify I want to hook the constructor with a context param, edxposed fails to find it.
If I specify I want to hook the "canCallerAccessMockLocation" method, edxposed supposedly reports that it finds & hooks the method.. however the hook is not applied, I have tested this thoroughly.
Something obviously isn't working as intended..
If it works then you should manually deoptimize target app.
Not sure what you mean by this.
If what you mean is deodex and verify that the methods/constructors exist, I have done this already. This was the first thing I did..
XspeedPL
commented
3 years ago Well, lol. Write some debug code: reflect all constructors from the class and check what arguments they have. If your device has OEM-modified framework code, then such scenarios can happen. Other than that I'd say just hook all constructors and bye. It's a service class, so no matter what constructors it has, only one will be called only once, since they are singletons. No need to dwell on it.
On a related note: when I need to get multiple service instances, usually I just hook BootCompleted and get them all at once there using getSystemService. It's way easier and more reliable.
fOmey
commented
3 years ago Well, lol. Write some debug code: reflect all constructors from the class and check what arguments they have. If your device has OEM-modified framework code, then such scenarios can happen. Other than that I'd say just hook all constructors and bye. It's a service class, so no matter what constructors it has, only one will be called only once, since they are singletons. No need to dwell on it.
On a related note: when I need to get multiple service instances, usually I just hook
BootCompletedand get them all at once there usinggetSystemService. It's way easier and more reliable.
I have no desire to hook the constructor.. only attempted to hook the constructor for the sake of testing if edxposed can in fact find & hook the target class.
My end goal is to simply hook the method I mentioned above in my first post.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
tianyah
commented
3 years ago I'm trying to hook: https://github.com/aosp-mirror/platform_frameworks_base/blob/26b768d9f86633e4a3c23444b662ae66e4e6ffa4/services/core/java/com/android/server/LocationManagerService.java#L3515
private boolean canCallerAccessMockLocation(String opPackageName) { return mAppOps.checkOp(AppOpsManager.OP_MOCK_LOCATION, Binder.getCallingUid(), opPackageName) == AppOpsManager.MODE_ALLOWED; }try { XC_MethodHook.Unhook mockProviderUnhooks; mockProviderUnhooks = findAndHookMethod("com.android.server.LocationManagerService", classLoader, "canCallerAccessMockLocation", String.class, new XC_MethodReplacement() { @Override protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { //SharedPreferences pref = getPref("preferences"); //if (pref.getBoolean("mockProvider", false)) { XposedBridge.log("section80 :: canCallerAccessMockLocation"); return true; //} } }); if (mockProviderUnhooks != null) { XposedBridge.log("section80 :: mock provider hook: " + mockProviderUnhooks.getHookedMethod().getName() + " :: " + mockProviderUnhooks.getHookedMethod().getDeclaringClass().getCanonicalName()); //XposedBridge.log("section80 :: packageName: " + loadPackageParam.packageName + " :: processName: " + loadPackageParam.processName); } } catch (Throwable t) { XposedBridge.log("section80 :: mock provider hook failed"); }Everything seems to be reporting back fine, xposed supposedly has successfully hooked the method.. however the hook definitely is not working.
It's driving me nuts!
I'm running:
- Android: 10
- Magisk: 20.4 (20400)
- EdXposed: v5.1.4 (4655) SandHook.
- Riru: v23.1
Not sure if I've been staring at this for too long and missing something obvious here, but yeah.. no success.
I've also noticed that all service classes in Android 10 can't be hooked
tianyah
commented
3 years ago I've also noticed that all service classes in Android 10 can't be hooked
tianyah
commented
3 years ago This doesn't solve my initial problem being that the specified hook doesn't seem to be applied
I'm not sure wdym about if hooking constructor works. If it works then you should manually deoptimize target app.
I've also noticed that all service classes in Android 10 can't be hooked
I'm trying to hook: https://github.com/aosp-mirror/platform_frameworks_base/blob/26b768d9f86633e4a3c23444b662ae66e4e6ffa4/services/core/java/com/android/server/LocationManagerService.java#L3515
Everything seems to be reporting back fine, xposed supposedly has successfully hooked the method.. however the hook definitely is not working.
It's driving me nuts!
I'm running:
Not sure if I've been staring at this for too long and missing something obvious here, but yeah.. no success.