modifying .smali files

问题

I reverse engineered some android apks to add some instrumentation for functional testing. I want to know given an smali as following how can I add something like

Log.e(TAG, "some descritpion", e);

to each method in the .smali files.

.class public Ld;
.super Landroid/view/View;
.source "SourceFile"


# instance fields
.field a:Z

.field b:Lcom/rovio/ka3d/App;


# direct methods
.method public constructor <init>(Lcom/rovio/ka3d/App;)V
    .locals 2
    .parameter

    .prologue
    const/4 v1, 0x1

    .line 317
    invoke-direct {p0, p1}, Landroid/view/View;-><init>(Landroid/content/Context;)V

    .line 313
    const/4 v0, 0x0

    iput-boolean v0, p0, Ld;->a:Z

    .line 314
    const/4 v0, 0x0

    iput-object v0, p0, Ld;->b:Lcom/rovio/ka3d/App;

    .line 318
    iput-object p1, p0, Ld;->b:Lcom/rovio/ka3d/App;

    .line 319
    invoke-virtual {p0, v1}, Ld;->setFocusable(Z)V

    .line 320
    invoke-virtual {p0, v1}, Ld;->setFocusableInTouchMode(Z)V

    .line 321
    return-void
.end method


# virtual methods
.method public a(Z)V
    .locals 4
    .parameter

    .prologue
    const/4 v3, 0x0

    .line 325
    invoke-virtual {p0}, Ld;->getContext()Landroid/content/Context;

    move-result-object v0

    const-string v1, "input_method"

    invoke-virtual {v0, v1}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/view/inputmethod/InputMethodManager;

    .line 326
    invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;

    move-result-object v1

    invoke-virtual {v0, v1, v3}, Landroid/view/inputmethod/InputMethodManager;->hideSoftInputFromWindow(Landroid/os/IBinder;I)Z

    .line 327
    if-eqz p1, :cond_0

    .line 329
    invoke-virtual {p0}, Ld;->getWindowToken()Landroid/os/IBinder;

    move-result-object v1

    const/4 v2, 0x2

    invoke-virtual {v0, v1, v2, v3}, Landroid/view/inputmethod/InputMethodManager;->toggleSoftInputFromWindow(Landroid/os/IBinder;II)V

    .line 330
    invoke-virtual {p0}, Ld;->requestFocus()Z

    .line 333
    :cond_0
    iput-boolean p1, p0, Ld;->a:Z

    .line 334
    return-void
.end method

.method public onCreateInputConnection(Landroid/view/inputmethod/EditorInfo;)Landroid/view/inputmethod/InputConnection;
    .locals 3
    .parameter

    .prologue
    .line 343
    new-instance v0, La;

    iget-object v1, p0, Ld;->b:Lcom/rovio/ka3d/App;

    const/4 v2, 0x0

    invoke-direct {v0, v1, p0, v2}, La;-><init>(Lcom/rovio/ka3d/App;Landroid/view/View;Z)V

    .line 345
    const/4 v1, 0x0

    iput-object v1, p1, Landroid/view/inputmethod/EditorInfo;->actionLabel:Ljava/lang/CharSequence;

    .line 350
    const v1, 0x80090

    iput v1, p1, Landroid/view/inputmethod/EditorInfo;->inputType:I

    .line 351
    const/high16 v1, 0x1000

    iput v1, p1, Landroid/view/inputmethod/EditorInfo;->imeOptions:I

    .line 352
    return-object v0
.end method

回答1:

The actual code to call Log.e() is fairly simple. It would involve something like:

const-string v0, "MyTag"
const-string v1, "Something to print"
# assuming you have an exception in v2...
invoke-static {v0, v1, v2}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I

However, You have to be careful with what registers you use. You don't want to clobber a register that has a value that will be used later.

So you have 2 options:

1. Find "safe" unused registers, and use those (can be tricky)
2. Increase the register count of the method, and use the newly created registers

For number 2, the only gotcha is that the new registers aren't at the end of the register range - they're actually just before the parameter registers.

For example, let's take a method that has 5 registers total (.registers 5), 3 of which are parameter registers. So you have v0 and v1 which are non-param registers, and p0-p2 which are the 3 parameter registers, and are aliases for v2-v4.

If you need to add an additional 2 registers, you would bump it up to .registers 7. The parameter registers stay at the end of the register range, so p0-p2 are now aliased to v4-v6, and v2 and v3 are the new registers that are safe to use.

回答2:

A comment on registers that was too large for a comment to JesusFreke's answer. It is worth mentioning that if you have .local directives instead of .register directives, the number scheme will be different. Roughly speaking, the directives relate in the following manner:

.registers = .locals + NUMBER_OF_PARAMETERS

So if you have a function that has 4 parameters and uses 3 more registers the directives that could show up are .registers 7 or .locals 3.

And you will get the registers setup as follows:

v0
v1
v2
v3 <==> p0
v4 <==> p1
v5 <==> p2
v6 <==> p3

Source: https://github.com/JesusFreke/smali/wiki/Registers

回答3:

One of the simpler ways to add smali code, is to write the java code in a test android app. Disassemble using apktool. Look at the smali files to identify the smali code and use it for injecting into other apps that you have disassembled.

Download apktool here : http://ibotpeaches.github.io/Apktool/

来源：https://stackoverflow.com/questions/12648196/modifying-smali-files