Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "smali complex class case analysis in Android reverse". The editor shows you the operation process through the actual case, and the operation method is simple, fast and practical. I hope this article "smali complex class case analysis in Android reverse" can help you solve the problem.

1.java complex class

If there is anything you don't understand, please see: JAVA outline or construction method

The code is posted here, it is very simple and not difficult.

2.smali code

To convert java code to smali code, you can refer to java to smali.

Let's look at it in modules.

2.1 the first module-information module

This module is the basic information, explaining the class name and so on. Knowing it is not very helpful to the analysis.

2.2 second module-construction method

Let's parse one sentence at a time. If there is a repetition of the previous parsing, it will not be repeated. But a link will be provided.

.method public constructor (Ljava/lang/String;I) V

This sentence is divided into

.methodpublicconstructor (Ljava/lang/String;I) v2.2.1 .method

It means method.

2.2.2 public

Decorating methods, public properties

2.2.3 constructor

The constructor here means that this method is a construction method.

2.2.4

After compilation, Java generates a method in a bytecode file, called an instance constructor, which converges statement blocks, variable initialization, and calling the constructor of the parent class into the method. The convergence order (only non-static variables and statement blocks are discussed here) is:

Parent class variable initialization

Parent class statement block

Parent class constructor

Subclass variable initialization

Subclass statement block

Subclass constructor

Converging to a method means putting these operations into a method to perform.

2.2.5 (Ljava/lang/String;I)

The first thing in parentheses is Ljava/lang/String, which means that the first parameter is of type String.

; followed by an I, that is to say, which also belongs to Ljava/lang, there is an int parameter here.

2.2.6 v

Finally, the meaning of a v is void. That is, there is no return value type.

Let's look at the meaning of the second sentence.

.registers 6

6 registers. The register here starts with v0-v5. This is easy to understand.

The third sentence.

.prologue

Opening, which means the beginning of the program.

The fourth sentence.

.line 10

The meaning of line 10.

The fifth sentence is:

Invoke-direct {p0}, Ljava/lang/Object;- > () V

First of all, break down this sentence.

Invoke-direct {p0} Ljava/lang/Object;- > () Vinvoke-direct

It means method call.

{p0}

P0 is the first parameter. But there is no first parameter here, the default here is this, and the parameters we pass in are counted from p1.

Ljava/lang/Object;- >

Call method

There is no content in (), which means no parameters. V is equivalent to void, so I won't repeat it here.

The sixth sentence is

Iput-object p1, p0, LPerson;- > name:Ljava/lang/String

Break it down.

Iput-object p1Magna p0LPersonism-> name:Ljava/lang/String

Iput-object p1 Magi p0 means to give the contents of p1 to p0.

LPerson;- > name:Ljava/lang/String

The meaning of this sentence is to bring over an attribute in the Person class named name with type String, which is used to modify p0. In fact, it is this.name.

The seventh sentence

Iput p2, p0, LPerson;- > age:I

This is also divided into two parts.

Iput p2, p0LPersonism-> age:I

Iput p2, p0, here is to give the value of p2 to p0

LPerson;- > age:I

It shows that the data type of age is int.

You may find that the two properties of the call are different here because String is not a basic data type. So iput-object is used, if the basic data type is iput.

The eighth sentence

Sget-object v0, Ljava/lang/System;- > out:Ljava/io/PrintStream

Decomposition

Sget-object v0 Ljava/lang/System;- > out: Ljava/io/PrintStream

Sget-object v0 is to give v0 what you meet after you get it.

The meaning of "Ljava/io/PrintStream;" means that it is composed of a Ljava/lang/System;- > out: this method in this class.

The ninth sentence

New-instance v1, Ljava/lang/StringBuilder

Create a new class for StringBuilder to v1.

The tenth sentence

Invoke-direct {v1}, Ljava/lang/StringBuilder;- > () V

Similar to the previous one, call v1 from the constructor.

The eleventh sentence

Const-string v2, "name:"

Const-string constant string. V2, the content is name:

The twelfth sentence

Invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;- > append (Ljava/lang/String;) Ljava/lang/StringBuilder

Just break it down.

Invoke-virtual {v1, v2} Ljava/lang/StringBuilder;- > append (Ljava/lang/String;) Ljava/lang/StringBuilder

Invoke-virtual {v1, v2} calls virtual methods

-> append (Ljava/lang/String;) Ljava/lang/StringBuilder; calls a parameter named append with the parameter of type String and the return value of type StringBuilder.

The thirteenth sentence

Move-result-object v1

Is to give the result of the previous sentence to the v1 register.

After that, the content is similar.

If you are interested, you can continue to analyze it yourself.

2.3 method module

This module has been mentioned in a previous article, so it is no longer verbose here.

2.4 activity

For this exercise, we will add a constructor ourselves.

.method public constructor () V .registers 1 invoke-direct {p0}, Ljava/lang/Object;- > () V return-void.end method

This is a construction method written by ourselves. No parameter, no return value.

Compiled into a jar file to view.

0x02 smali classes call each other 1. Java code

Let's write another call demo on the premise of 0x01.

Public class Demo {public static void main (String [] args) {Person p=new Person ("zhuzhu", 14);}}

The code is simple.

2.smali code

Here we're going to use

Javac-source 1.6-target 1.6 * .java

Compile all .java files

And then use the

Dx-- dex-- output=demo.dex * .class

Compile all .class files into dex files.

Let's mainly look at the main function.

.method public static main ([Ljava/lang/String;) V .registers 4 .prologue .line 4 new-instance v0, LPerson; const-string v1, "zhuzhu" const/16 v2, 0xe invoke-direct {v0, v1, v2}, LPerson;- > (Ljava/lang/String;I) V. line 5 return-void.end methodnew-instance v0, LPerson

Create a new class, v0

Const-string v1, "zhuzhu"

Then define a constant v1.

Const/16 v2, 0xe

Define a 16-bit constant

Invoke-direct {v0, v1, v2}, LPerson;- > (Ljava/lang/String;I) V

Call the constructor of the Person class, and then pass v0MagneV1JEI v2 as a parameter.

In fact, the interactive invocation before the class is not difficult.

3. Summary

When we call other classes.

1.new-instance instantiates an object

2.invoke-direct calls the constructor

0x03 exercise (dessert)

First, let's take a look at the program we wrote.

Then there is the handwritten smali code.

.class public LPd;.super Ljava/lang/Object;.source "Pd.java" # direct methods.method public constructor () V .registers 1 .prologue invoke-direct {p0}, Ljava/lang/Object;- > () V return-void.end method.method public static main ([Ljava/lang/String;) V .registers 4 .prologue new-instance v0 LPerson; invoke-direct {v0}, LPerson -> () V return-void.end method's content on "instance Analysis of smali complex classes in Android inverse" is introduced here. Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.