Smali 类型转换为原始类型
Smali type cast to primitive type
我收到以下 dalvikvm 验证程序错误:
Line 1041: W/dalvikvm( 2610): VFY: register1 v5 type 13, wanted 5
Line 1042: W/dalvikvm( 2610): VFY: rejecting opcode 0x70 at 0x0032
Line 1043: W/dalvikvm( 2610): VFY: rejected Lcom/cleanmaster/notification/aj;.b
smali代码:
.method private b(Lcom/cleanmaster/notification/normal/NotificationSetting;Lcom/cleanmaster/notification/normal/o;Landroid/widget/RemoteViews;)V
.registers 11
.prologue
const/4 v5, 0x1
.line 126
iget-object v0, p2, Lcom/cleanmaster/notification/normal/o;->s:Landroid/content/Intent;
if-eqz v0, :cond_c
.line 127
iget-object v0, p2, Lcom/cleanmaster/notification/normal/o;->s:Landroid/content/Intent;
.line 128
const-string v1, "notify_style_type"
.line 129
invoke-static {v5}, Ljava/lang/Byte;->valueOf(B)Ljava/lang/Byte;
move-result-object v5
const-string v6, "putExtra(Ljava/lang/String;B)Landroid/content/Intent;"
invoke-static {v6, v0, v1, v5}, La;->c(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
invoke-virtual {v5}, Ljava/lang/Byte;->byteValue()B
move-result v5
:cond_c
.line 130
invoke-static {}, Lcom/keniu/security/c;->a()Landroid/content/Context;
move-result-object v1
.line 131
const-string v0, "notification"
.line 132
const-string v6, "getSystemService(Ljava/lang/String;)Ljava/lang/Object;"
invoke-static {v6, v1, v0}, Lb;->a(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v6
check-cast v6, Ljava/lang/Object;
move-object v0, v6
check-cast v0, Landroid/app/NotificationManager;
iget-boolean v2, p1, Lcom/cleanmaster/notification/normal/NotificationSetting;->i:Z
iget-boolean v3, p1, Lcom/cleanmaster/notification/normal/NotificationSetting;->o:Z
.line 133
invoke-direct {p0, v1, p2, v2, v3}, Lcom/cleanmaster/notification/aj;->a(Landroid/content/Context;Lcom/cleanmaster/notification/normal/o;ZZ)Landroid/app/Notification;
move-result-object v2
iget v3, p2, Lcom/cleanmaster/notification/normal/o;->d:I
const/4 v4, 0x0
.line 134
invoke-direct {p0, v3, v4, v5}, Lcom/cleanmaster/notification/aj;->a(IZZ)I
在我看来,最后一个 invoke-direct 参数 v5 有问题。不知何故,dalvik 不是原始类型,因此不能转换为布尔值。尽管有一个:
invoke-virtual {v5}, Ljava/lang/Byte;->byteValue()B
move-result v5
是否缺少检查演员表?
操作码 0x70 是直接调用。唯一引用 v5 的 invoke-direct 指令是最后一条:invoke-direct {p0, v3, v4, v5}, Lcom/cleanmaster/notification/aj;->a(IZZ)I。看起来 v5 是根据您提到的方法设置的,但它是一个字节 (B),而此方法需要一个布尔值 (Z)
为了自己诊断此类问题,您可以 运行 baksmali 在有问题的 dex 文件上使用 -r 选项,这会在任何给定点的反汇编中添加与寄存器类型相关的注释.
另一个有用的选项是 -f,它会添加带有指令偏移量的注释,因此您可以准确识别 dalvik 验证错误针对的是哪条指令。
例如rejecting opcode 0x70 at 0x0032 - 所以你会在偏移量 0x32
处寻找指令
baksmali classes.dex -o out -f -r
最后,为了确定错误提到的实际类型,您可以查看 https://android.googlesource.com/platform/dalvik/+/kitkat-mr2.2-release/vm/analysis/CodeVerify.h#59
处的枚举
例如for W/dalvikvm( 2610): VFY: register1 v5 type 13, wanted 5: 类型 13 是字节,而类型 5 是布尔值。
我收到以下 dalvikvm 验证程序错误:
Line 1041: W/dalvikvm( 2610): VFY: register1 v5 type 13, wanted 5
Line 1042: W/dalvikvm( 2610): VFY: rejecting opcode 0x70 at 0x0032
Line 1043: W/dalvikvm( 2610): VFY: rejected Lcom/cleanmaster/notification/aj;.b
smali代码:
.method private b(Lcom/cleanmaster/notification/normal/NotificationSetting;Lcom/cleanmaster/notification/normal/o;Landroid/widget/RemoteViews;)V
.registers 11
.prologue
const/4 v5, 0x1
.line 126
iget-object v0, p2, Lcom/cleanmaster/notification/normal/o;->s:Landroid/content/Intent;
if-eqz v0, :cond_c
.line 127
iget-object v0, p2, Lcom/cleanmaster/notification/normal/o;->s:Landroid/content/Intent;
.line 128
const-string v1, "notify_style_type"
.line 129
invoke-static {v5}, Ljava/lang/Byte;->valueOf(B)Ljava/lang/Byte;
move-result-object v5
const-string v6, "putExtra(Ljava/lang/String;B)Landroid/content/Intent;"
invoke-static {v6, v0, v1, v5}, La;->c(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
invoke-virtual {v5}, Ljava/lang/Byte;->byteValue()B
move-result v5
:cond_c
.line 130
invoke-static {}, Lcom/keniu/security/c;->a()Landroid/content/Context;
move-result-object v1
.line 131
const-string v0, "notification"
.line 132
const-string v6, "getSystemService(Ljava/lang/String;)Ljava/lang/Object;"
invoke-static {v6, v1, v0}, Lb;->a(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
move-result-object v6
check-cast v6, Ljava/lang/Object;
move-object v0, v6
check-cast v0, Landroid/app/NotificationManager;
iget-boolean v2, p1, Lcom/cleanmaster/notification/normal/NotificationSetting;->i:Z
iget-boolean v3, p1, Lcom/cleanmaster/notification/normal/NotificationSetting;->o:Z
.line 133
invoke-direct {p0, v1, p2, v2, v3}, Lcom/cleanmaster/notification/aj;->a(Landroid/content/Context;Lcom/cleanmaster/notification/normal/o;ZZ)Landroid/app/Notification;
move-result-object v2
iget v3, p2, Lcom/cleanmaster/notification/normal/o;->d:I
const/4 v4, 0x0
.line 134
invoke-direct {p0, v3, v4, v5}, Lcom/cleanmaster/notification/aj;->a(IZZ)I
在我看来,最后一个 invoke-direct 参数 v5 有问题。不知何故,dalvik 不是原始类型,因此不能转换为布尔值。尽管有一个:
invoke-virtual {v5}, Ljava/lang/Byte;->byteValue()B
move-result v5
是否缺少检查演员表?
操作码 0x70 是直接调用。唯一引用 v5 的 invoke-direct 指令是最后一条:invoke-direct {p0, v3, v4, v5}, Lcom/cleanmaster/notification/aj;->a(IZZ)I。看起来 v5 是根据您提到的方法设置的,但它是一个字节 (B),而此方法需要一个布尔值 (Z)
为了自己诊断此类问题,您可以 运行 baksmali 在有问题的 dex 文件上使用 -r 选项,这会在任何给定点的反汇编中添加与寄存器类型相关的注释.
另一个有用的选项是 -f,它会添加带有指令偏移量的注释,因此您可以准确识别 dalvik 验证错误针对的是哪条指令。
例如rejecting opcode 0x70 at 0x0032 - 所以你会在偏移量 0x32
baksmali classes.dex -o out -f -r
最后,为了确定错误提到的实际类型,您可以查看 https://android.googlesource.com/platform/dalvik/+/kitkat-mr2.2-release/vm/analysis/CodeVerify.h#59
处的枚举例如for W/dalvikvm( 2610): VFY: register1 v5 type 13, wanted 5: 类型 13 是字节,而类型 5 是布尔值。