修改 .smali 文件 [英] modifying .smali files
问题描述
我对一些 android apk 进行了逆向工程,以添加一些用于功能测试的工具.我想知道给定一个 smali 如下如何添加类似
I reverse engineered some android apks to add some instrumentation for functional testing. I want to know given an smali as following how can I add something like
Log.e(TAG, "some descritpion", e);
.smali 文件中的每个方法.
to each method in the .smali files.
.class public Ld;
.super Landroid/view/View;
.source "SourceFile"
# instance fields
.field a:Z
.field b:Lcom/rovio/ka3d/App;
# direct methods
.method public constructor <init>(Lcom/rovio/ka3d/App;)V
.locals 2
.parameter
.prologue
const/4 v1, 0x1
.line 317
invoke-direct {p0, p1}, Landroid/view/View;-><init>(Landroid/content/Context;)V
.line 313
const/4 v0, 0x0
iput-boolean v0, p0, Ld;->a:Z
.line 314
const/4 v0, 0x0
iput-object v0, p0, Ld;->b:Lcom/rovio/ka3d/App;
.line 318
iput-object p1, p0, Ld;->b:Lcom/rovio/ka3d/App;
.line 319
invoke-virtual {p0, v1}, Ld;->setFocusable(Z)V
.line 320
invoke-virtual {p0, v1}, Ld;->setFocusableInTouchMode(Z)V
.line 321
return-void
.end method
# virtual methods
.method public a(Z)V
.locals 4
.parameter
.prologue
const/4 v3, 0x0
.line 325
invoke-virtual {p0}, Ld;->getContext()Landroid/content/Context;
move-result-object v0
const-string v1, "input_method"
invoke-virtual {v0, v1}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;
move-result-object v0
check-cast v0, Landroid/view/inputmethod/InputMethodManager;
.line 326
invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;
move-result-object v1
invoke-virtual {v0, v1, v3}, Landroid/view/inputmethod/InputMethodManager;->hideSoftInputFromWindow(Landroid/os/IBinder;I)Z
.line 327
if-eqz p1, :cond_0
.line 329
invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;
move-result-object v1
const/4 v2, 0x2
invoke-virtual {v0, v1, v2, v3}, Landroid/view/inputmethod/InputMethodManager;->toggleSoftInputFromWindow(Landroid/os/IBinder;II)V
.line 330
invoke-virtual {p0}, Ld;->requestFocus()Z
.line 333
:cond_0
iput-boolean p1, p0, Ld;->a:Z
.line 334
return-void
.end method
.method public onCreateInputConnection(Landroid/view/inputmethod/EditorInfo;)Landroid/view/inputmethod/InputConnection;
.locals 3
.parameter
.prologue
.line 343
new-instance v0, La;
iget-object v1, p0, Ld;->b:Lcom/rovio/ka3d/App;
const/4 v2, 0x0
invoke-direct {v0, v1, p0, v2}, La;-><init>(Lcom/rovio/ka3d/App;Landroid/view/View;Z)V
.line 345
const/4 v1, 0x0
iput-object v1, p1, Landroid/view/inputmethod/EditorInfo;->actionLabel:Ljava/lang/CharSequence;
.line 350
const v1, 0x80090
iput v1, p1, Landroid/view/inputmethod/EditorInfo;->inputType:I
.line 351
const/high16 v1, 0x1000
iput v1, p1, Landroid/view/inputmethod/EditorInfo;->imeOptions:I
.line 352
return-object v0
.end method
推荐答案
调用 Log.e() 的实际代码相当简单.这将涉及以下内容:
The actual code to call Log.e() is fairly simple. It would involve something like:
const-string v0, "MyTag"
const-string v1, "Something to print"
# assuming you have an exception in v2...
invoke-static {v0, v1, v2}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I
但是,您必须小心使用的寄存器.您不想破坏具有稍后将使用的值的寄存器.
However, You have to be careful with what registers you use. You don't want to clobber a register that has a value that will be used later.
所以你有两个选择:
- 找到安全"未使用的寄存器,并使用它们(可能很棘手)
- 增加方法的寄存器数量,并使用新创建的寄存器
对于第 2 点,唯一的问题是新寄存器不在寄存器范围的末尾——它们实际上就在参数寄存器之前.
For number 2, the only gotcha is that the new registers aren't at the end of the register range - they're actually just before the parameter registers.
以一个方法为例,它总共有5个寄存器(.registers 5),其中3个是参数寄存器.所以你有 v0 和 v1 是非参数寄存器,p0-p2 是 3 个参数寄存器,是 v2-v4 的别名.
For example, let's take a method that has 5 registers total (.registers 5), 3 of which are parameter registers. So you have v0 and v1 which are non-param registers, and p0-p2 which are the 3 parameter registers, and are aliases for v2-v4.
如果您需要添加额外的 2 个寄存器,您可以将其提升到 .registers 7.参数寄存器保持在寄存器范围的末尾,因此 p0-p2 现在别名为 v4-v6,v2 和 v3 是可以安全使用的新寄存器.
If you need to add an additional 2 registers, you would bump it up to .registers 7. The parameter registers stay at the end of the register range, so p0-p2 are now aliased to v4-v6, and v2 and v3 are the new registers that are safe to use.
这篇关于修改 .smali 文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
