如何调试android应用程序的smali代码?

时间:2021-09-09 00:23:59

I have a working android application. of which i dont have a source code. I would like to debug a functionality of this application. I could successfully reverse engineer this application apk file using apktool - https://code.google.com/p/android-apktool/ This tool generates class files in smali format.

我有一个运行正常的android应用程序。其中我没有源代码。我想调试这个应用程序的一个功能。我可以使用apktool成功地反向工程这个应用程序apk文件——https://code.google.com/p/android-apktool/这个工具生成smali格式的类文件。

My requirement is :

我的要求是:

  1. To be able to debug a method by adding debug logs.
  2. 可以通过添加调试日志来调试方法。
  3. To be able to debug method calls by printing a stack trace.
  4. 可以通过打印堆栈跟踪来调试方法调用。

To achieve this I need to inject/insert smali equivalent of a debug log or stack trace. I tried adding some smali instruction at the start of one of the method but it crashed with ClassVerifyError.

为了实现这一点,我需要注入/插入相当于调试日志或堆栈跟踪的smali。我尝试在其中一个方法的开头添加一些smali指令,但是它在ClassVerifyError中崩溃了。

Example smali code -

smali示例代码,

.method public declared-synchronized b()V
    .locals 2

    .prologue

    .line 87
    monitor-enter p0

    :try_start_0
    iget-object v0, p0, Lcom/example/viewerlib/t/d;->a:Ljava/lang/Thread;

    invoke-virtual {v0}, Ljava/lang/Thread;->isAlive()Z

               :
               :

Could someone help me out in adding smali debug logs. Thnx in advance.

有人能帮我添加smali调试日志吗?提前感谢。

6 个解决方案

#1

24  

1. Debug log in smali

1。调试smali登录

Debug log in smali. Say for example inside method test() you want to print "Inside Test()" debug log. At the start of method in smali add following instructions :

调试smali登录。例如,要打印“inside test()”调试日志。在smali的方法开始时添加以下说明:

sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;

const-string v1, "Inside Test()"

invoke-virtual {v0, v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

Note - You need to be careful while using registers v0,v1 here. In code execution flow, you have to check that you are not using one of the register which is used later in the flow. Or you may get Exception.

注意——在使用寄存器v0和v1时要小心。在代码执行流中,您必须检查是否没有使用流稍后使用的寄存器之一。或者你可能会有例外。

2. StackTrace

2。加亮

Here is the code of smali to print stacktrace of a method

这里是smali的代码打印方法的stacktrace。

Java code

Java代码

public static void printStackTraces() {
    StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace(); 
    for (StackTraceElement element : stackTraceElements) {
        System.out.println("Class name :: " + element.getClassName() + "  || method name :: " + element.getMethodName());
    }
}

And equivalent smali code is

而等效的smali代码是

.method public static printStackTraces()V
    .locals 7

    .prologue
    .line 74
    invoke-static {}, Ljava/lang/Thread;->currentThread()Ljava/lang/Thread;

    move-result-object v2

    invoke-virtual {v2}, Ljava/lang/Thread;->getStackTrace()[Ljava/lang/StackTraceElement;

    move-result-object v1

    .line 75
    .local v1, stackTraceElements:[Ljava/lang/StackTraceElement;
    array-length v3, v1

    const/4 v2, 0x0

    :goto_0
    if-lt v2, v3, :cond_0

    .line 78
    return-void

    .line 75
    :cond_0
    aget-object v0, v1, v2

    .line 76
    .local v0, element:Ljava/lang/StackTraceElement;
    sget-object v4, Ljava/lang/System;->out:Ljava/io/PrintStream;

    new-instance v5, Ljava/lang/StringBuilder;

    const-string v6, "Class name :: " 

    invoke-direct {v5, v6}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V

    invoke-virtual {v0}, Ljava/lang/StackTraceElement;->getClassName()Ljava/lang/String;

    move-result-object v6

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    const-string v6, "  || method name :: " 

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    invoke-virtual {v0}, Ljava/lang/StackTraceElement;->getMethodName()Ljava/lang/String;

    move-result-object v6

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v5

    invoke-virtual {v4, v5}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

    .line 75
    add-int/lit8 v2, v2, 0x1

    goto :goto_0
.end method

Add this method into any smali file. And call as

将此方法添加到任何smali文件中。和电话

(Assuming you added above smali code into com.example.pakagename.ClassName)

(假设您在com.example. pakagame . classname中添加了上述smali代码)

invoke-static {}, Lcom/example/packagename/ClassName;->printStackTraces()V

Hope this helps .....

希望这有助于.....

#2

5  

Now you can use the great plugin for Android Studio or Intellij IDEA - Smalidea. Furthermore, I have described the installation process and debugging in my blog post.

现在你可以使用伟大的插件为Android Studio或Intellij创意- Smalidea。此外,我在我的博客中描述了安装过程和调试。

#3

3  

If you like IntellijIdea, give smalidea a chance!

如果你喜欢IntellijIdea,给smalidea一个机会吧!

#4

2  

I suggest using apkanalyzer from sony:

我建议使用索尼的apkanalyzer:

https://github.com/sonyxperiadev/ApkAnalyser

https://github.com/sonyxperiadev/ApkAnalyser

it allows you to decompile apk-s and read smali code, insert print statements into various places. There is menu option: "Print custom log", you can also print stacktrace, and do lots of other things. After all the changes you just press Device->Install and start apk. All from GUI.

它允许您分解ap -s并读取smali代码,将打印语句插入到不同的位置。有菜单选项:“打印自定义日志”,你也可以打印stacktrace,并做很多其他的事情。在所有的更改之后,您只需按下设备->安装并启动apk。所有的GUI。

#5

2  

hey I was thinking that You might find this tool helpful

嘿,我想你会发现这个工具很有用

it decompiles any apk file to a java written code classes

它将所有apk文件分解为java编写的代码类

check this link and give it a try

检查这个链接并尝试一下

http://forum.xda-developers.com/showthread.php?t=2430413

http://forum.xda-developers.com/showthread.php?t=2430413

#6

1  

Sorry to point out that apkanalyzer is a ststic analyser For understanding and editing smali code, try the following

抱歉地指出,apkanalyzer是理解和编辑smali代码的ststic分析器,请尝试以下操作

http://themasterofmagik.wordpress.com/2014/03/08/decompilerecompile-an-apk-basic-editing/

http://themasterofmagik.wordpress.com/2014/03/08/decompilerecompile-an-apk-basic-editing/

It explains editing in various scenarios. What tool to use and when.

它解释了各种场景中的编辑。使用什么工具,何时使用。

Different approaches to Decompile/Recompile an apk

分解/重新编译apk的不同方法

a. apk
    1. apktool + Notepad++
    2. Virtuous Ten Studio
    3. AndroChef Java Decompiler
b. classes.dex
    1. smali/baksmali
    2. dex2jar + JD-GUI

#1

24  

1. Debug log in smali

1。调试smali登录

Debug log in smali. Say for example inside method test() you want to print "Inside Test()" debug log. At the start of method in smali add following instructions :

调试smali登录。例如,要打印“inside test()”调试日志。在smali的方法开始时添加以下说明:

sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;

const-string v1, "Inside Test()"

invoke-virtual {v0, v1}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

Note - You need to be careful while using registers v0,v1 here. In code execution flow, you have to check that you are not using one of the register which is used later in the flow. Or you may get Exception.

注意——在使用寄存器v0和v1时要小心。在代码执行流中,您必须检查是否没有使用流稍后使用的寄存器之一。或者你可能会有例外。

2. StackTrace

2。加亮

Here is the code of smali to print stacktrace of a method

这里是smali的代码打印方法的stacktrace。

Java code

Java代码

public static void printStackTraces() {
    StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace(); 
    for (StackTraceElement element : stackTraceElements) {
        System.out.println("Class name :: " + element.getClassName() + "  || method name :: " + element.getMethodName());
    }
}

And equivalent smali code is

而等效的smali代码是

.method public static printStackTraces()V
    .locals 7

    .prologue
    .line 74
    invoke-static {}, Ljava/lang/Thread;->currentThread()Ljava/lang/Thread;

    move-result-object v2

    invoke-virtual {v2}, Ljava/lang/Thread;->getStackTrace()[Ljava/lang/StackTraceElement;

    move-result-object v1

    .line 75
    .local v1, stackTraceElements:[Ljava/lang/StackTraceElement;
    array-length v3, v1

    const/4 v2, 0x0

    :goto_0
    if-lt v2, v3, :cond_0

    .line 78
    return-void

    .line 75
    :cond_0
    aget-object v0, v1, v2

    .line 76
    .local v0, element:Ljava/lang/StackTraceElement;
    sget-object v4, Ljava/lang/System;->out:Ljava/io/PrintStream;

    new-instance v5, Ljava/lang/StringBuilder;

    const-string v6, "Class name :: " 

    invoke-direct {v5, v6}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V

    invoke-virtual {v0}, Ljava/lang/StackTraceElement;->getClassName()Ljava/lang/String;

    move-result-object v6

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    const-string v6, "  || method name :: " 

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    invoke-virtual {v0}, Ljava/lang/StackTraceElement;->getMethodName()Ljava/lang/String;

    move-result-object v6

    invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    move-result-object v5

    invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v5

    invoke-virtual {v4, v5}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

    .line 75
    add-int/lit8 v2, v2, 0x1

    goto :goto_0
.end method

Add this method into any smali file. And call as

将此方法添加到任何smali文件中。和电话

(Assuming you added above smali code into com.example.pakagename.ClassName)

(假设您在com.example. pakagame . classname中添加了上述smali代码)

invoke-static {}, Lcom/example/packagename/ClassName;->printStackTraces()V

Hope this helps .....

希望这有助于.....

#2

5  

Now you can use the great plugin for Android Studio or Intellij IDEA - Smalidea. Furthermore, I have described the installation process and debugging in my blog post.

现在你可以使用伟大的插件为Android Studio或Intellij创意- Smalidea。此外,我在我的博客中描述了安装过程和调试。

#3

3  

If you like IntellijIdea, give smalidea a chance!

如果你喜欢IntellijIdea,给smalidea一个机会吧!

#4

2  

I suggest using apkanalyzer from sony:

我建议使用索尼的apkanalyzer:

https://github.com/sonyxperiadev/ApkAnalyser

https://github.com/sonyxperiadev/ApkAnalyser

it allows you to decompile apk-s and read smali code, insert print statements into various places. There is menu option: "Print custom log", you can also print stacktrace, and do lots of other things. After all the changes you just press Device->Install and start apk. All from GUI.

它允许您分解ap -s并读取smali代码,将打印语句插入到不同的位置。有菜单选项:“打印自定义日志”,你也可以打印stacktrace,并做很多其他的事情。在所有的更改之后,您只需按下设备->安装并启动apk。所有的GUI。

#5

2  

hey I was thinking that You might find this tool helpful

嘿,我想你会发现这个工具很有用

it decompiles any apk file to a java written code classes

它将所有apk文件分解为java编写的代码类

check this link and give it a try

检查这个链接并尝试一下

http://forum.xda-developers.com/showthread.php?t=2430413

http://forum.xda-developers.com/showthread.php?t=2430413

#6

1  

Sorry to point out that apkanalyzer is a ststic analyser For understanding and editing smali code, try the following

抱歉地指出,apkanalyzer是理解和编辑smali代码的ststic分析器,请尝试以下操作

http://themasterofmagik.wordpress.com/2014/03/08/decompilerecompile-an-apk-basic-editing/

http://themasterofmagik.wordpress.com/2014/03/08/decompilerecompile-an-apk-basic-editing/

It explains editing in various scenarios. What tool to use and when.

它解释了各种场景中的编辑。使用什么工具,何时使用。

Different approaches to Decompile/Recompile an apk

分解/重新编译apk的不同方法

a. apk
    1. apktool + Notepad++
    2. Virtuous Ten Studio
    3. AndroChef Java Decompiler
b. classes.dex
    1. smali/baksmali
    2. dex2jar + JD-GUI
标签:

相关文章