How Does Andfix Patch Methods?

I learned recently of an Android library AndFix which allows for live method patching. Now, as far as I know, Dalvik does not allow runtime manipulation of bytecode or dex. Can som

Solution 1:

Looking at the sources, you can see the patch mechanism for Dalvik here. The dalvik_replaceMethod() function is modifying the internal Dalvik state, changing the Method struct to point to a replacement method.

It doesn't modify the DEX on disk or in memory, just routes the method calls to a replacement method. This approach is highly version-dependent, as changes to Method or the way methods work will break things. Dalvik hasn't changed much since mid-2011, which makes it easy, but if you look at the nearby "art" directory you can see different implementations for each major version of Android.