[nneonneo]

I've had great success using Frida (https://frida.re/) to do stuff like this recently. Frida injects a V8 runtime into the target process, enabling you to use JavaScript to dynamically patch/inspect/modify code and data, with all of the JavaScript running inside the target process so there's minimal impact on performance. They provide a nice Python API for remotely controlling the process.

It works on rooted devices, debuggable apps, and can also be added to an existing APK with minimal effort (just patch a single Java class and add a native library - there are scripts to do it for you).

[franga2000]

Just a year or two ago I would've laughed at the idea of using an injected JavaScript engine to do dynamic instrumentation, but now I rarely go a week without using Frida for either work or personal projects and enjoy every moment of it.

It's one of those tools that is clearly made by someone who completely gets how it's going to be used. Every time you want it to do something "new", it turns out there's already a short paragraph in the docs that you skimmed over explaining either how to do it or pointing you at an "extension" that can.