实例:
- <font size=”4″>W/dalvikvm( 3418): VFY: tried to get class from non-ref register v0 (type=2)
- W/dalvikvm( 3418): VFY: rejecting opcode 0x6e at 0x0117
- W/dalvikvm( 3418): VFY: rejected Lcom/android/server/MountService;.<init> (Landroid/content/Context;)V
- W/dalvikvm( 3418): Verifier rejected class Lcom/android/server/MountService;</font>
复制代码
根据VFY得到下列内容
opcode 6e
Opcode name invoke-virt { 参数 },
register v0
type 2
Dalvik 与 Smali,详细内容请下载,Smali 学习笔记(大神出品,必属精品)
传送门:百度云ROM开发者学院视频课程http://bbs.rom.baidu.com/thread-141764-1-1.html
VFY解决实例
Configuration函数的某个命令挂了,挂的位置是0x000d,命令是0x59,原因应该是寄存器类型错误,就是vXX用错了
0x000d的位置可以根据你插桩的改动定位,如果改动比较多的话,可以通过累加命令的长度定位到某个命令,定位的方法是参照 smali学习笔记 里面有所有smali命令以及其长度
举个例子,比如一个函数
public xxxxxxxxxxxxxxxxxxxxxx()vinvoke-direct …………..(←第一个函数,什么.annotation啊proguard之类line之类的的都是不占位置的)
const-string …………..
return vX
……………..
………….那么如果报了rejecting opcode 0x0f at 0x05,那么根据上面网页的命令编码,0x0f是return,return指令出了问题;
如果函数里面有很多return而你不清楚是哪个的话,就根据指令的位置0x05定位,方法是从第一条指令开始计算,根据上面网页查到invoke-direct后面那个7010 0800 0100就是invoke-direct指令的编码,长度为3(3个32位数值);同理查得const-string是1A08 0000,长度为2;
因为第一条指令都是从位置0开始的,而且长度为3,所以第2条指令起始位置就是0+3=3,而第2条指令长度为2,则第三条指令的位置0+3+2=5,正好就是0x05的位置,定位到该指令。
这种方法定位位置很准确,但是想想一个函数长数千行的时候~~~~你懂的
的的的
来自:Run14Cat 的答复
if-eqz v3, :cond_ty_2
.line 1447
const-string v3, “cn.ktouch.umsconnectionmode”invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
.line 1448
const-string v3, “cn.ktouch.umsdisconnectionmode”invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
.line 1451
:cond_ty_2
这两句中的v0表示有问题,改成v1,原由
nvoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
这句话里的v0要表示 Landroid/content/IntentFilter;
可是你发现v0不是这个值,最近的v0是表示 .local v0, emulate:Z
那个值才表示Landroid/content/IntentFilter;
往上文找,发现
invoke-direct {v1}, Landroid/content/IntentFilter;-><init>()V
.local v1, filter:Landroid/content/IntentFilter;
因此我改成v1
原文
.local v0, emulate:Z
if-eqz v0, :cond_1const-string v7, “MountService”
const-string v8, “using emulated external storage”
invoke-static {v7, v8}, Landroid/util/Slog;->d(Ljava/lang/String;Ljava/lang/String;)I
iget-object v7, p0, Lcom/android/server/MountService;->mVolumeStates:Ljava/util/HashMap;
const-string v8, “mounted”
invoke-virtual {v7, v3, v8}, Ljava/util/HashMap;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
:cond_1
add-int/lit8 v2, v2, 0x1goto :goto_0
.end local v0 #emulate:Z
.end local v3 #path:Ljava/lang/String;
.end local v6 #volume:Landroid/os/storage/StorageVolume;
:cond_2
const-string v7, “package”invoke-static {v7}, Landroid/os/ServiceManager;->getService(Ljava/lang/String;)Landroid/os/IBinder;
move-result-object v7
check-cast v7, Lcom/android/server/pm/PackageManagerService;
iput-object v7, p0, Lcom/android/server/MountService;->mPms:Lcom/android/server/pm/PackageManagerService;
new-instance v1, Landroid/content/IntentFilter;
invoke-direct {v1}, Landroid/content/IntentFilter;-><init>()V
.local v1, filter:Landroid/content/IntentFilter;
const-string v7, “android.intent.action.BOOT_COMPLETED”
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
const-string v7, “android.intent.action.LOCALE_CHANGED”
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
iget-object v7, p0, Lcom/android/server/MountService;->mPrimaryVolume:Landroid/os/storage/StorageVolume;
if-eqz v7, :cond_3
iget-object v7, p0, Lcom/android/server/MountService;->mPrimaryVolume:Landroid/os/storage/StorageVolume;
invoke-virtual {v7}, Landroid/os/storage/StorageVolume;->allowMassStorage()Z
move-result v7
if-eqz v7, :cond_3
const-string v7, “android.hardware.usb.action.USB_STATE”
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V:cond_ty_1
const-string v3, “persist.ty.usbconnectedmode”const-string v4, “0”
invoke-static {v3, v4}, Landroid/os/SystemProperties;->get(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v3
iput-object v3, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;
.line 1445
const-string v3, “MountService”new-instance v4, Ljava/lang/StringBuilder;
invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
const-string v5, “—>>>MountService UsbConnectedMode=”
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
iget-object v5, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;
invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v4
invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v4
invoke-static {v3, v4}, Landroid/util/Slog;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 1446
iget-object v3, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;const-string v4, “1”
invoke-virtual {v3, v4}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
move-result v3
if-eqz v3, :cond_ty_2
.line 1447
const-string v3, “cn.ktouch.umsconnectionmode”invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
.line 1448
const-string v3, “cn.ktouch.umsdisconnectionmode”invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
.line 1451
:cond_ty_2
呵呵呵.