如何修改smali代码以删除java代码中的一行
我想删除下面java代码中的第580行和第581行。该文件位于android设备中的system/framework/services.jar中,因此我执行的步骤如下:如何修改smali代码以删除java代码中的一行,java,android,compilation,recompile,smali,Java,Android,Compilation,Recompile,Smali,我想删除下面java代码中的第580行和第581行。该文件位于android设备中的system/framework/services.jar中,因此我执行的步骤如下: 将jar反编译为smali 更改smali文件 将smali文件重新编译为dex文件 将其打包到services.jar中 将services.jar推入android手机 问题是在步骤2中,如何更改smali文件,我试图删除:line580及其下面的代码,但它不起作用,在编译时,抛出了一个nullPointerExec
568 public void registerUiTestAutomationService(IBinder owner,
569 IAccessibilityServiceClient serviceClient,
570 AccessibilityServiceInfo accessibilityServiceInfo) {
571 mSecurityPolicy.enforceCallingPermission(Manifest.permission.RETRIEVE_WINDOW_CONTENT,
572 FUNCTION_REGISTER_UI_TEST_AUTOMATION_SERVICE);
573
574 accessibilityServiceInfo.setComponentName(sFakeAccessibilityServiceComponentName);
575
576 synchronized (mLock) {
577 UserState userState = getCurrentUserStateLocked();
578
579 if (userState.mUiAutomationService != null) {
580 throw new IllegalStateException("UiAutomationService " + serviceClient
581 + "already registered!");
582 }
583
584 try {
585 owner.linkToDeath(userState.mUiAutomationSerivceOnwerDeathRecipient, 0);
586 } catch (RemoteException re) {
587 Slog.e(LOG_TAG, "Couldn't register for the death of a"
588 + " UiTestAutomationService!", re);
589 return;
590 }
591
592 userState.mUiAutomationServiceOwner = owner;
593 userState.mUiAutomationServiceClient = serviceClient;
594
595 // Set the temporary state.
596 userState.mIsAccessibilityEnabled = true;
597 userState.mIsTouchExplorationEnabled = false;
598 userState.mIsEnhancedWebAccessibilityEnabled = false;
599 userState.mIsDisplayMagnificationEnabled = false;
600 userState.mInstalledServices.add(accessibilityServiceInfo);
601 userState.mEnabledServices.clear();
602 userState.mEnabledServices.add(sFakeAccessibilityServiceComponentName);
603 userState.mTouchExplorationGrantedServices.add(sFakeAccessibilityServiceComponentName);
604
605 // Use the new state instead of settings.
606 onUserStateChangedLocked(userState);
607 }
608 }
反编译后的smali代码:
.line 579
.local v1, "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationService:Lcom/android/server/accessibility/AccessibilityManagerService$Service;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$300(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Lcom/android/server/accessibility/AccessibilityManagerService$Service;
move-result-object v2
if-eqz v2, :cond_3d
.line 580
new-instance v2, Ljava/lang/IllegalStateException;
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, "UiAutomationService "
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v4
const-string v5, "already registered!"
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V
throw v2
.line 607
.end local v1 # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:catchall_3a
move-exception v2
monitor-exit v3
:try_end_3c
.catchall {:try_start_11 .. :try_end_3c} :catchall_3a
throw v2
.line 585
.restart local v1 # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:cond_3d
:try_start_3d
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationSerivceOnwerDeathRecipient:Landroid/os/IBinder$DeathRecipient;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$1200(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Landroid/os/IBinder$DeathRecipient;
move-result-object v2
const/4 v4, 0x0
invoke-interface {p1, v2, v4}, Landroid/os/IBinder;->linkToDeath(Landroid/os/IBinder$DeathRecipient;I)V
:try_end_45
.catch Landroid/os/RemoteException; {:try_start_3d .. :try_end_45} :catch_74
.catchall {:try_start_3d .. :try_end_45} :catchall_3a
。第579行
.local v1,“用户状态”:Lcom/android/server/accessibility/AccessibilityManager服务$userState;
#Lcom/android/server/accessibility/AccessibilityManager服务$UserState的getter;->mUiAutomationService:Lcom/android/server/accessibility/AccessibilityManagerService$服务;
调用静态{v1},Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$300(Lcom/android/server/accessibility/AccessibilityManager服务$UserState;)Lcom/android/server/accessibility/AccessibilityManager服务$Service;
移动结果对象v2
如果方程v2,:cond_3d
.第580行
新实例v2,Ljava/lang/IllegalStateException;
新实例v4,Ljava/lang/StringBuilder;
调用直接{v4},Ljava/lang/StringBuilder;->()V
常量字符串v5,“UiAutomationService”
调用虚拟{v4,v5},Ljava/lang/StringBuilder;->追加(Ljava/lang/String;)Ljava/lang/StringBuilder;
移动结果对象v4
调用虚拟{v4,p2},Ljava/lang/StringBuilder;->追加(Ljava/lang/Object;)Ljava/lang/StringBuilder;
移动结果对象v4
常量字符串v5,“已注册!”
调用虚拟{v4,v5},Ljava/lang/StringBuilder;->追加(Ljava/lang/String;)Ljava/lang/StringBuilder;
移动结果对象v4
调用虚拟{v4},Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
移动结果对象v4
调用直接{v2,v4},Ljava/lang/IllegalStateException;->(Ljava/lang/String;)V
投掷v2
.第607行
.end local v1#“userState”:Lcom/android/server/accessibility/AccessibilityManagerService$userState;
:catchall_3a
移动异常v2
监视器出口v3
:试试看
.catchall{:try_start_11..:try_end_3c}:catchall_3a
投掷v2
.第585行
.重新启动本地v1#“userState”:Lcom/android/server/accessibility/AccessibilityManagerService$userState;
:cond_3d
:尝试\u开始\u 3d
#Lcom/android/server/accessibility/AccessibilityManager服务$UserState的getter;->muiautomationserivceonwerdeath接收者:Landroid/os/IBinder$death接收者;
调用静态{v1},Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$1200(Lcom/android/server/accessibility/AccessibilityManager服务$UserState;)Landroid/os/IBinder$DeathRecipient;
移动结果对象v2
常量/4 v4,0x0
调用接口{p1,v2,v4},Landroid/os/IBinder;->死亡链接(Landroid/os/IBinder$DeathRecipient;I)V
:试试看
.catch Landroid/os/RemoteException;{:try_start_3d..:try_end_45}:catch_74
.catchall{:try_start_3d..:try_end_45}:catchall_3a
尝试删除
.line 580
new-instance v2, Ljava/lang/IllegalStateException;
new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, "UiAutomationService "
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v4
const-string v5, "already registered!"
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V
throw v2
。第580行
新实例v2,Ljava/lang/IllegalStateException;
新实例v4,Ljava/lang/StringBuilder;
调用直接{v4},Ljava/lang/StringBuilder;->()V
常量字符串v5,“UiAutomationService”
调用虚拟{v4,v5},Ljava/lang/StringBuilder;->追加(Ljava/lang/String;)Ljava/lang/StringBuilder;
移动结果对象v4
调用虚拟{v4,p2},Ljava/lang/StringBuilder;->追加(Ljava/lang/Object;)Ljava/lang/StringBuilder;
移动结果对象v4
常量字符串v5,“已注册!”
调用虚拟{v4,v5},Ljava/lang/StringBuilder;->追加(Ljava/lang/String;)Ljava/lang/StringBuilder;
移动结果对象v4
调用虚拟{v4},Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
移动结果对象v4
调用直接{v2,v4},Ljava/lang/IllegalStateException;->(Ljava/lang/String;)V
投掷v2
我不确定。但是,这应该删除行580和581。请尝试并让我知道。我已经尝试过了,这次我删除了smali代码中的:第579行和:第580行,编译后,通过jd gui检查代码,得到以下错误。
/*error*/public void registerUniteStationService(IBinder paramIBinder,IAccessibilityServiceClient paramIAccessibilityServiceClient,AccessibilityServiceInfo paramAccessibilityServiceInfo){//Exception table://从到目标类型//28 33 36 finally//36 37 36 finally//39 42 36 finally}请尝试
。第580行
nop
仍有错误=“//异常表://from to target type//28 42 45 finally//45 46 45 finally//48 51 45 finally//54 66 45 finally//66 163 45 finally//166 180 45 finally//54 66 164 android/os/RemoteException",还有其他方法可以修复吗?使用JD GUI从jar中提取源代码。然后删除所需的行,编译它,生成jar文件,然后生成smali文件。现在比较原始smali和新smali。你会得到解决方案/线索。这是个好主意,但实际上需要很多依赖性,我没有源代码,所以不能编译它…还有其他方法吗?