modifying .smali files

拈花ヽ惹草 提交于 2019-11-29 22:38:13

The actual code to call Log.e() is fairly simple. It would involve something like:

const-string v0, "MyTag"
const-string v1, "Something to print"
# assuming you have an exception in v2...
invoke-static {v0, v1, v2}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I

However, You have to be careful with what registers you use. You don't want to clobber a register that has a value that will be used later.

So you have 2 options:

  1. Find "safe" unused registers, and use those (can be tricky)
  2. Increase the register count of the method, and use the newly created registers

For number 2, the only gotcha is that the new registers aren't at the end of the register range - they're actually just before the parameter registers.

For example, let's take a method that has 5 registers total (.registers 5), 3 of which are parameter registers. So you have v0 and v1 which are non-param registers, and p0-p2 which are the 3 parameter registers, and are aliases for v2-v4.

If you need to add an additional 2 registers, you would bump it up to .registers 7. The parameter registers stay at the end of the register range, so p0-p2 are now aliased to v4-v6, and v2 and v3 are the new registers that are safe to use.

CatShoes

A comment on registers that was too large for a comment to JesusFreke's answer. It is worth mentioning that if you have .local directives instead of .register directives, the number scheme will be different. Roughly speaking, the directives relate in the following manner:

.registers = .locals + NUMBER_OF_PARAMETERS

So if you have a function that has 4 parameters and uses 3 more registers the directives that could show up are .registers 7 or .locals 3.

And you will get the registers setup as follows:

v0
v1
v2
v3 <==> p0
v4 <==> p1
v5 <==> p2
v6 <==> p3

Source: https://github.com/JesusFreke/smali/wiki/Registers

TheGT

One of the simpler ways to add smali code, is to write the java code in a test android app. Disassemble using apktool. Look at the smali files to identify the smali code and use it for injecting into other apps that you have disassembled.

Download apktool here : http://ibotpeaches.github.io/Apktool/

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!