I'm a noob when it comes to both java and xposed, although I can more or less "read" java. I'm trying to create my first xposed plugin.
This is in the source (via jadx) from my original apk:
Code:
private void onHandle(byte[] data, int start, int length) {
byte b = data[start];
I wrote in my plugin:
Code:
findAndHookMethod("com.syu.ms.dev.ReceiverMcu", lpparam.classLoader, "onHandle", byte[].class, int.class, int.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
[B]byte[] data = assetAsByteArray(param.thisObject, "byte[].class");[/B]
int start = getIntField(param.thisObject, "start");
int length = getIntField(param.thisObject, "length");
byte b = data[start];
....... etcetera .................
The bold part is what I need. I know that this line of code is wrong, but I'm already trying (monkey like) all kinds of constructions, but I always get an error.
How can I access that "byte[] data" from my original apk in my plugin?
The arguments are in 'param.args'. Since you want to access the first one, what you need is 'byte[] data = (byte[]) param.args[0];'
JoseRebelo said:
The arguments are in 'param.args'. Since you want to access the first one, what you need is 'byte[] data = (byte[]) param.args[0];'
Click to expand...
Click to collapse
Thanks a lot. It compiles fine now.
Now see if it really works
Related
I just got my Treo and noting the lack of a software reset (the need to use the stylus on the reset button really annoys me), I decided to build my own.
The Reset and Suspend part of my little program works like a charm and then I decided to improve a little more and add a Hard Reset feature, which would restore the device to its factory settings.
Searching high and low on the net I found two possible ways. The first one involved calling SetCleanRebootFlag() and then reset the device.
Code:
[DllImport("coredll.dll", SetLastError=true)]
public static extern void SetCleanRebootFlag();
[DllImport("coredll.dll", SetLastError=true)]
private static extern int SetSystemPowerState(IntPtr psState, PowerStateFlags flags, uint Options);
[DllImport("coredll.dll", SetLastError=true)]
private static extern bool KernelIoControl(int dwIoControlCode, IntPtr inBuf, int inBufSize, IntPtr outBuf, int outBufSize, ref int bytesReturned);
public static void SoftReset()
{
if (SetSystemPowerState(IntPtr.Zero, PowerStateFlags.Reset, 0x1000) != 0)
{
int bytesReturned = 0;
if (!KernelIoControl(0x101003c, IntPtr.Zero, 0, IntPtr.Zero, 0, ref bytesReturned))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
}
public static void HardReset()
{
SetCleanRebootFlag();
SoftReset();
}
The other involved using the ConfigurationManager to process a XML that would perform a "RemoteWipe".
Code:
public static void HardReset()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml("<wap-provisioningdoc><characteristic type='RemoteWipe'><parm name='doWipe' value='1'/></characteristic></wap-provisioningdoc>");
ConfigurationManager.ProcessConfiguration(doc, true);
}
The first method didn't work because after Windows Mobile 5 it ignores the CleanBootFlag; the second method worked... too much.
It corrupted the microSD on the device to the point that it needed to be reformatted in order to be recognized again.
Does anyone had any experience with that?
I'm looking for a way to turn off the data (GRPS)
Search didn't brought me anything usefull, I'm sure there is somwhere the data but can't find it.
I'm especially need it for WM 6.5 (HD2)
Search around for Modaco's NoData program. It's late and I'm too tired to search it up for you right now.
kekkle said:
Search around for Modaco's NoData program. It's late and I'm too tired to search it up for you right now.
Click to expand...
Click to collapse
Thanks for the replay but it’s not what I meant, sorry for not be clarify.
I know the NoData app and actually i just finish writing something similar but more user friendly, hope to release it asap (Now I have problem with the icon )
What I’m looking is a way to turn off programmatically the data connection of the device, what the CommManager in the HTC sense do.
I tried to use the RAS api but it didn't work
look for jmlcomm.exe here at xda and use it in your app.simple command line call.and free to use.
MichelDiamond said:
look for jmlcomm.exe here at xda and use it in your app.simple command line call.and free to use.
Click to expand...
Click to collapse
Thanks for the idea, I'll try it.
But I prefer to do it directly from my app. without calling external tool.
I found a solution!
Its from few posts in the net, don't remember where exactly with some modification of me.
here is the code I use, if someone else will need it:
Code:
using System;
using System.Text;
using System.Runtime.InteropServices;
namespace RasHelper
{
class RasHelper
{
private const int SUCCESS = 0;
private const int ERROR_NOT_ENOUGH_MEMORY = 8;
private const int RASBASE = 600;
private const int ERROR_BUFFER_TOO_SMALL = RASBASE + 3;
private const int ERROR_INVALID_SIZE = RASBASE + 32;
// --- RASCONN data structure definition (refer to ras.h) --
private const int RAS_MaxEntryName = 20;
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RASCONN
{
public int dwSize;
public IntPtr hrasconn;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = RAS_MaxEntryName + 1)]
public string szEntryName;
}
// --------------------------------------------
[DllImport("coredll.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern uint RasEnumConnections(
[In, Out] RASCONN[] rasconn,
[In, Out] ref int cb,
[Out] out int connections);
[DllImport("coredll.dll")]
private static extern uint RasHangUp(IntPtr pRasConn);
/// <summary>
/// Returns all active RAS connections as an array of data structure RASCONN
/// </summary>
/// <returns></returns>
public static RASCONN[] GetAllConnections()
{
RASCONN[] tempConn = new RASCONN[1];
RASCONN[] allConnections = tempConn;
tempConn[0].dwSize = Marshal.SizeOf(typeof(RASCONN));
int lpcb = tempConn[0].dwSize;
int lpcConnections = 0;
uint ret = RasEnumConnections(tempConn, ref lpcb, out lpcConnections);
if (ret == ERROR_INVALID_SIZE)
{
throw new Exception("RAS: RASCONN data structure has invalid format");
}
else if (ret == ERROR_BUFFER_TOO_SMALL && lpcb != 0)
{
// first call returned that there are more than one connections
// and more memory is required
allConnections = new RASCONN[lpcb / Marshal.SizeOf(typeof(RASCONN))];
allConnections[0] = tempConn[0];
ret = RasEnumConnections(allConnections, ref lpcb, out lpcConnections);
}
// Check errors
if (ret != SUCCESS)
{
throw new Exception("RAS returns error: " + ret);
}
if (lpcConnections > allConnections.Length)
{
throw new Exception("RAS: error retrieving correct connection count");
}
else if (lpcConnections == 0)
{
// if there are no connections resize the data structure
allConnections = new RASCONN[0];
}
return allConnections;
}
/// <summary>
/// Closes all active RAS connections
/// </summary>
/// <returns></returns>
public static void CloseAllConnections()
{
RASCONN[] connections = GetAllConnections();
for (int i = 0; i < connections.Length; ++i)
{
//MessageBox.Show(connections[i].ToString());
RasHangUp(connections[i].hrasconn);
}
}
/// <summary>
/// Check if there are open data connections
/// </summary>
/// <returns></returns>
public static bool IsConnectionsOpen()
{
RASCONN[] connections = GetAllConnections();
if (connections.Length > 0)
return true;
else
return false;
}
}
}
I need to turn off the phone (radio?) in my application
The only thing I found is by using lineSetEquipmentState but I couldn't find how to work with it.
Another option is with the openNetCf.tapi but this dll isn't free.
Any ides?
Someone? something?
Other option will be if possible to call flight mode
You can do this via RIL:
Code:
RIL_SetEquipmentState(FHandle,RIL_EQSTATE_MINIMUM);
Here FHandle is handle to opened RIL.
TrashKalmar said:
You can do this via RIL:
Code:
RIL_SetEquipmentState(FHandle,RIL_EQSTATE_MINIMUM);
Here FHandle is handle to opened RIL.
Click to expand...
Click to collapse
Thanks for the info, seems the right way.
However something doesn't work, every thing looks ok, the hRes is 0 but nothing happens.
Any ideas?
Code:
[DllImport("ril.dll")]
private static extern IntPtr RIL_SetEquipmentState(IntPtr hRil);
public static bool SetAirplaneState()
{
IntPtr hRil = IntPtr.Zero;
IntPtr hRes = IntPtr.Zero;
hRes = RIL_Initialize(1, // RIL port 1
new RILRESULTCALLBACK(SetEquipmentStateCallback), // function to call with result
null, // function to call with notify
0, // classes of notification to enable
0x00000001, // RIL parameters
out hRil); // RIL handle returned
if (hRes != IntPtr.Zero)
{
return false;
}
hRes = RIL_GetCellTowerInfo(hRil);
waithandle.WaitOne();
RIL_Deinitialize(hRil);
return true;
}
private static void SetEquipmentStateCallback(uint dwCode, IntPtr hrCmdID, IntPtr lpData, uint cbData, uint dwParam)
{
waithandle.Set();
}
private static AutoResetEvent waithandle = new AutoResetEvent(false);
public delegate void RILNOTIFYCALLBACK(uint dwCode,
IntPtr lpData,
uint cbData,
uint dwParam);
public delegate void RILRESULTCALLBACK(uint dwCode,
IntPtr hrCmdID,
IntPtr lpData,
uint cbData,
uint dwParam);
alto said:
Code:
...
hRes = RIL_Initialize(1, // RIL port 1
new RILRESULTCALLBACK(SetEquipmentStateCallback), // function to call with result
null, // function to call with notify
0, // classes of notification to enable
0x00000001, // RIL parameters
out hRil); // RIL handle returned
if (hRes != IntPtr.Zero)
{
return false;
}
hRes = RIL_GetCellTowerInfo(hRil);
...
Click to expand...
Click to collapse
What do you want to achieve? If you want to turn off the phone, you should use RIL_SetEquipmentState. But in your code you obtain Cell Tower info via RIL_GetCellTowerInfo.
Also, if I remember rightly, you must specify RILNOTIFYCALLBACK in RIL_Initialize.
TrashKalmar said:
What do you want to achieve? If you want to turn off the phone, you should use RIL_SetEquipmentState. But in your code you obtain Cell Tower info via RIL_GetCellTowerInfo.
Also, if I remember rightly, you must specify RILNOTIFYCALLBACK in RIL_Initialize.
Click to expand...
Click to collapse
Correct, sorry I made mish-mash in the code I copied here.
My error was that I forgot to pass the second parameter to the SetEquipmentState function.
Works great now, Thanks!
Any chance of publishing this code?
Am I right in that it takes some time for the application to quit?
Thanks,
ajhvdb, this code works quite fine. And yes, it may take a while to quit app.
TrashKalmar said:
ajhvdb, this code works quite fine. And yes, it may take a while to quit app.
Click to expand...
Click to collapse
If I past your code into my code I'm missing RIL_Initialize, RIL_GetCellTowerInfo.
Sorry for being slow with this but I never used delegates and RIL before
If I past your code into my code I'm missing RIL_Initialize, RIL_GetCellTowerInfo.
Sorry for being slow with this but I never used delegates and RIL before
Bump
Hello, I am trying to hook a method and use the hooked app's resources in it, but I keep getting an error. Can you please have a look?
Code:
public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
if ((Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) && (lpparam.packageName.contains("android.keyguard") || lpparam.packageName.contains("com.android.systemui"))) {
Class<?> KeyguardHostView = XposedHelpers.findClass("com.android.keyguard.KeyguardSecurityContainer",lpparam.classLoader);
findAndHookMethod(KeyguardHostView, "showSecurityScreen", "com.android.keyguard.KeyguardSecurityModel$SecurityMode", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Context ctx = ((FrameLayout) param.thisObject).getContext();
mStartTranslation = ctx.getResources().getDimensionPixelOffset(R.dimen.appear_y_translation_start) * translationScaleFactor;
}); }}
The relevant source for the hooked method is here https://github.com/temasek/android_...droid/keyguard/KeyguardSecurityContainer.java
Thank you for your time.
Rijul.A said:
Hello, I am trying to hook a method and use the hooked app's resources in it, but I keep getting an error. Can you please have a look?
Code:
public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable {
if ((Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) && (lpparam.packageName.contains("android.keyguard") || lpparam.packageName.contains("com.android.systemui"))) {
Class<?> KeyguardHostView = XposedHelpers.findClass("com.android.keyguard.KeyguardSecurityContainer",lpparam.classLoader);
findAndHookMethod(KeyguardHostView, "showSecurityScreen", "com.android.keyguard.KeyguardSecurityModel$SecurityMode", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Context ctx = ((FrameLayout) param.thisObject).getContext();
mStartTranslation = ctx.getResources().getDimensionPixelOffset(R.dimen.appear_y_translation_start) * translationScaleFactor;
}); }}
The relevant source for the hooked method is here https://github.com/temasek/android_...droid/keyguard/KeyguardSecurityContainer.java
Thank you for your time.
Click to expand...
Click to collapse
Depends on whether R.dimen.appear_y_translation_start is part of your module, or part of hooked package.
If it is part of hooked package resources you need to get it within hooked package context using proper identifier;
you cannot use identifier of resource you put in your module resources because it's completely different resource with different ID.
Example:
Code:
int resId = ctx.getResources().getIdentifier("appear_y_translation_start", "dimen", lpparam.packageName);
mStartTranslation = ctx.getResources().getDimensionPixelOffset(resId) * translationScaleFactor;
If this resource is part of your xposed module package, then you have to create package context using original context so you can get your module resources
which inherit proper display metrics from original package resources.
Code:
Context moduleContext = ctx.createPackageContext(myModulePackageName, Context.CONTEXT_IGNORE_SECURITY);
mStartTranslation = moduleContext.getResources().getDimensionPixelOffset(R.dimen.appear_y_translation_start) * translationScaleFactor;
C3C076 said:
Depends on whether R.dimen.appear_y_translation_start is part of your module, or part of hooked package.
If it is part of hooked package resources you need to get it within hooked package context using proper identifier;
you cannot use identifier of resource you put in your module resources because it's completely different resource with different ID.
Example:
Code:
int resId = ctx.getResources().getIdentifier("appear_y_translation_start", "dimen", lpparam.packageName);
mStartTranslation = ctx.getResources().getDimensionPixelOffset(resId) * translationScaleFactor;
If this resource is part of your xposed module package, then you have to create package context using original context so you can get your module resources
which inherit proper display metrics from original package resources.
Code:
Context moduleContext = ctx.createPackageContext(myModulePackageName, Context.CONTEXT_IGNORE_SECURITY);
mStartTranslation = moduleContext.getResources().getDimensionPixelOffset(R.dimen.appear_y_translation_start) * translationScaleFactor;
Click to expand...
Click to collapse
Thanks, that works very well. Can you please also explain to me how I can retrieve value of attribute resources (I think that's what they are called) from the hooked package resources?
Code:
android:textColor="?android:attr/textColorSecondary"
I want to get this colour (as used in XML) so that I can do it in code
Code:
mEmergencyButton.setTextColor(color)
In case someone is looking for a solution to this
Code:
TypedValue outValue = new TypedValue();
mContext.getTheme().resolveAttribute(android.R.attr.textColorSecondary, outValue, true);
int[] textSizeAttr = new int[] {android.R.attr.textColorSecondary};
TypedArray a = context.obtainStyledAttributes(outValue.data, textSizeAttr);
int textColor = a.getColor(0, -1);
a.recycle();
mEmergencyButton.setTextColor(textColor);
mContext.getTheme().resolveAttribute(android.R.attr.selectableItemBackground, outValue, true);
mEmergencyButton.setBackgroundResource(outValue.resourceId);
Hello,
Iam working on a XposedModule and I need to get a variable from an other class. I have access to this class and I can access the global variables from this class but I can not access a variable which is only available in a method.
using:
Code:
Class<?> ProfileInfoClass = XposedHelpers.findClass("com.hi",lpparam.classLoader);
XposedBridge.hookAllMethods(ProfileInfoClass,"hie",new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
String s = (String)XposedHelpers.getObjectField(param.thisObject,"hello2"); //not found
}
});
with this class:
Code:
public class hi(){
String hello = "hello"; //This variable I can get
public void hie(){
String hello2 = "hi"; //This Variable I can not get using XposedHelpers.getObjectField(param.thisObject,"hello2");
}
}
Is there an other way to access variables inner Mehtods?
Thanks. Jojii
Nope, you can't.