Analysis of smali complex class examples in Android reverse engineering

1.java Complex Class

If you don’t understand anything, please see: JAVA General Outline or Construction Method

Post the code here, it is very simple and not difficult.

2.smali code

We need to convert java code to smali code, you can refer to java to smali

Let’s look at it in modules.

2.1 The first module - information module

This module is the basic information, indicating the class name, etc., just know it Good doesn't help much with analysis.

2.2 The second module - construction method

# Let’s analyze it sentence by sentence. If there are duplicates in the previous analysis, we will not repeat them. . But a link will be provided.

.method public constructor <init>(Ljava/lang/String;I)V</init>

This sentence is divided into

.methodpublicconstructor<init>(Ljava/lang/String;I)v</init>

2.2.1 .method

means method

2.2.2 public

Modification method, public properties

2.2.3 constructor

Constructor here means that this method is a constructor method

2.2.4 <init> </init>

After compilation, Java will generate an method in the bytecode file, called an instance constructor. This instance constructor will initialize statement blocks, variables, and call the parent class's Constructor and other operations converge into the method, and the order of convergence (only non-static variables and statement blocks are discussed here) is:

1. Parent class variable initialization

2. Parent class statement block

3. Parent class constructor

4. Subclass variable initialization

5. Subclass statement block

6. Subclass constructor

The so-called convergence into the method means that These operations are put into for execution

2.2.5 (Ljava/lang/String;I)

The content in the brackets is first Ljava/lang/String, here it is Say the first parameter is of type String.
; There is an I at the end, which means there is an int type parameter that also belongs to Ljava/lang.

2.2.6 v

There is a v at the end, which means void. That is, there is no return value type.

---

Let’s look at the meaning of the second sentence.

.registers 6

Register 6. The registers here start from v0-v5. This is easy to understand.

---

The third sentence.

.prologue

Opening means the beginning of the program.

---

The fourth sentence.

.line 10

The meaning of the 10th line of code.

---

The fifth sentence is:

invoke-direct {p0}, Ljava/lang/Object;-><init>()V</init>

First break down this sentence.

invoke-direct{p0}Ljava/lang/Object;-><init>
()
V</init>

invoke-direct

means method call.

{p0}

p0 means the first parameter. But there is no first parameter here. The default here is this. The parameters we pass in start counting from p1.

Ljava/lang/Object;-><init></init>

Call<init></init>There is no content in the method

(), which means there are no parameters. v is equivalent to void and will not be repeated here.

---

The sixth sentence is

iput-object p1, p0, LPerson;->name:Ljava/lang/String;

Break it down

iput-object p1,p0LPerson;->name:Ljava/lang/String;

iput-object p1, p0 means to give the content of p1 to p0.

LPerson;->name:Ljava/lang/String;

The meaning of this sentence is to take an attribute named name and type String from the Person class. These are to modify p0. In fact, it is this.name.

---

The seventh sentence

iput p2, p0, LPerson;->age:I

is also broken down into two parts.

iput p2, p0LPerson;->age:I

iput p2, p0, here is to give the value of p2 to p0

LPerson;->age:I

It shows that the data type of age is int.

You may find that calling the two properties is different. This is because String is not a basic data type. So iput-object is used, if the basic data type is iput.

---

The eighth sentence

 sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;

Decomposition

 sget-object v0
 Ljava/lang/System;->out:
 Ljava/io/PrintStream;

sget-object v0 is to give v0 the things that will be met after getting them.

Ljava/io/PrintStream;This means that there is a Ljava/lang/System;->out: method in this class.

---

The ninth sentence

new-instance v1, Ljava/lang/StringBuilder;

Create a new StringBuilder class for v1.

---

The tenth sentence

invoke-direct {v1}, Ljava/lang/StringBuilder;-><init>()V</init>

is similar to the previous one, calling v1 from the constructor.

---

The eleventh sentence

const-string v2, "name:"

const-string constant string. v2, the content is name:

---

The twelfth sentence

 invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

Broken it down is

invoke-virtual {v1, v2}Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

invoke-virtual {v1, v2} calls the virtual method,
->append(Ljava/lang/String;)Ljava/lang/StringBuilder;Call a function named append, the parameter is String type, and the return value is StringBuilder type.

---

The thirteenth sentence

move-result-object v1

is to give the result of the previous sentence to the v1 register.

之后的内容就是相似的了。

有兴趣可以自己继续向下分析。

2.3 方法模块

这个模块在之前的一篇文章里已经说过了，这里就不再啰嗦了。

2.4 练习

这个练习我们就自己添加一个构造方法。

.method public constructor <init>()V    .registers 1
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V
    return-void
.end method</init></init>

这个是我们自己写的一个构造方法。无参无返回值。

编译成jar文件进行查看。

0x02 smali类相互调用

1. java代码

在0x01的前提上我们再写一个调用demo。

public class Demo{
    public static void main(String[]args)    {
        Person p=new Person("zhuzhu",14);
    }
}

代码很简单。

2.smali代码

这里我们要使用

javac -source 1.6 -target 1.6 *.java

编译所有.java文件

然后使用

dx --dex --output=demo.dex *.class

把所有的.class文件编译成dex文件。

我们来主要看看main函数。

.method public static main([Ljava/lang/String;)V
    .registers 4

    .prologue
    .line 4
    new-instance v0, LPerson;

    const-string v1, "zhuzhu"    const/16 v2, 0xe    invoke-direct {v0, v1, v2}, LPerson;-><init>(Ljava/lang/String;I)V

    .line 5    return-void.end method</init>

new-instance v0, LPerson;

新建一个类，v0

const-string v1, "zhuzhu"

然后定义一个常量 v1。

const/16 v2, 0xe

定义一个16位的常量

invoke-direct {v0, v1, v2}, LPerson;-><init>(Ljava/lang/String;I)V</init>

调用Person类的构造方法，然后把v0,v1,v2当做参数传进去。

其实类之前的交互调用其实并不难。

3.总结

我们调用其他类的时候。

1.new-instance 实例化一个对象
2.invoke-direct 调用构造方法

0x03 小练习（甜点）

首先来看看我们写的程序。

然后是手写的smali代码。

.class public LPd;
.super Ljava/lang/Object;
.source "Pd.java"# direct methods
.method public constructor <init>()V
    .registers 1    .prologue
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void.end method

.method public static main([Ljava/lang/String;)V

    .registers 4    .prologue

    new-instance v0,LPerson;

    invoke-direct {v0}, LPerson;-><init>()V

    return-void.end method</init></init></init>

The above is the detailed content of Analysis of smali complex class examples in Android reverse engineering. For more information, please follow other related articles on the PHP Chinese website!