-
-
[原创]安卓日记_修改smali代码插入log
-
发表于: 2022-10-18 07:29
-
前言
业余时间写的,有些乱这篇其实。纯兴趣更新!
MainActivity.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | package com.example.day4_logcat;import android.support.v7.app.AppCompatActivity;import android.os.Bundle;import android.util.Log;public class MainActivity extends AppCompatActivity { String name; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); name = "路飞"; switch (name){ case "路飞": Log.d("hello", "onCreate: 路飞"); break; case "索隆": Log.d("hello", "onCreate: 索隆"); break; case "山治": Log.d("hello", "onCreate: 山治"); break; default: Log.d("hello", "onCreate: 娜美"); break; } }} |
运行下看logcat
AK修改Smali
目的,插入一条log。
反编译day4_logcat后打开MainActivity.class
可以找到Log.d("hello", "onCreate: 路飞");对应的Smali代码
而v1在上面的一些位置进行了赋值
拼在一起
1 2 3 | const-string v1, "hello"const-string v0, "onCreate: \u8def\u98de" #路飞invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I |
我们把在第124行添加
1 2 | const-string v0, "onCreate: \u6d77\u8d3c\u738b" #海贼王invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I |
然后编译及安装运行
发现成功打印了新添加的log(用AS看的,自带的logcat太好用了)
day4_variable.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | package com.example.day4_variable;import android.support.v7.app.AppCompatActivity;import android.os.Bundle;import android.util.Log;public class MainActivity extends AppCompatActivity { @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); func1(); func2(); func3(); Log.d("return: ",String.valueOf(func1())); } private String func3() { String Str = "1"; String Str2 = "2"; String Str3 = Str+Str2; return Str3; } private int func2() { int variable2 = 2; return variable2; } private int func1() { int variable1 = 1; return variable1; }} |
运行打印func1的返回值
打印func2和func3的返回值
我们将apk放到AK中进行反编译,可以看到调用func1函数后是怎么打印它的返回值
1 2 3 4 5 6 7 8 9 | move-result v0invoke-static {v0}, Ljava/lang/String;->valueOf(I)Ljava/lang/String;move-result-object v0const-string v1, "return: "invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I |
如果要打印func2返回值,可以把调用func2的函数对应的smali代码给写到第103行然后再把上面的红框框处的smali代码给赋值到下面的红框框处,因为
func1和func2的参数个数即返回值类中都是一致的,所以可以直接搬运smlai代码。
再去打印func3返回值
这里要注意两点
1.func3函数返回的本来就是string类型的数据,所以在框框中的Smali代码(String.valueOf(v0)不用复制。
2.func3返回值的类型是字符串类型,要使用move-result-object v0,用move-result v0会程序运行会报错。
发现成功打印出来了
贴一个修改后的总Smali代码吧
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | .class public Lcom/example/day4_variable/MainActivity;.super Landroid/support/v7/app/AppCompatActivity;.source "MainActivity.java"# direct methods.method public constructor <init>()V .locals 0 .line 7 invoke-direct {p0}, Landroid/support/v7/app/AppCompatActivity;-><init>()V return-void.end method.method private func1()I .locals 1 .line 31 const/4 v0, 0x1 .line 32 .local v0, "variable1":I return v0.end method.method private func2()I .locals 1 .line 26 const/4 v0, 0x2 .line 27 .local v0, "variable2":I return v0.end method.method private func3()Ljava/lang/String; .locals 3 .line 19 const-string v0, "1" .line 20 .local v0, "Str":Ljava/lang/String; const-string v1, "2" .line 21 .local v1, "Str2":Ljava/lang/String; new-instance v2, Ljava/lang/StringBuilder; invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; invoke-virtual {v2, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v2 .line 22 .local v2, "Str3":Ljava/lang/String; return-object v2.end method# virtual methods.method protected onCreate(Landroid/os/Bundle;)V .locals 2 .param p1, "savedInstanceState" # Landroid/os/Bundle; .line 11 invoke-super {p0, p1}, Landroid/support/v7/app/AppCompatActivity;->onCreate(Landroid/os/Bundle;)V .line 12 const v0, 0x7f09001c invoke-virtual {p0, v0}, Lcom/example/day4_variable/MainActivity;->setContentView(I)V .line 13 invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func1()I .line 14 invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func2()I .line 15 invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func3()Ljava/lang/String; #打印func1的返回值 需要将int->string .line 16 invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func1()I move-result v0 invoke-static {v0}, Ljava/lang/String;->valueOf(I)Ljava/lang/String; move-result-object v0 const-string v1, "return: " invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I #打印func2的返回值 需要将int->string invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func2()I move-result v0 invoke-static {v0}, Ljava/lang/String;->valueOf(I)Ljava/lang/String; move-result-object v0 const-string v1, "return: " invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I #打印func3的返回值 invoke-direct {p0}, Lcom/example/day4_variable/MainActivity;->func3()Ljava/lang/String; move-result-object v0 const-string v1, "return: " invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I .line 17 return-void.end method |
另外补个链接可以看下
smali插入log,打印变量 - 寻步 - 博客园 (cnblogs.com)
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2022-10-18 07:41
被陌上恋静编辑
,原因: 标题打错了
