Smali language Grammar

Androidkiller can decompile Android apk, generate a. Smali code, here is an online look for an introduction to the syntax of Smali:

Article Source: http://www.brogrammer.cn/android/smali/

1.smali

The apk file is apktool by the Smali folder, which is a file that ends in. Smali.
The Smali language is the register language of Davlik, which is similar in syntax to assembly language, and one of the biggest differences between Dalvik VMs and JVMs is that Dalvik VMS are register-based. Register-based means that all operations in the Smali must go through a register.

2. Basic data types

B-byte
C-char
D-double
F-float
I-int
S-short
V-void
J-long
Z-boolean

Note that J, z two are not the first letter of the corresponding type;
In Dalvik bytecode, registers are 32-bit, capable of supporting any type, long and double types are 64 bits, and 2 registers are required;
V can only be used for return value types;

3. Arrays and objects are reference types

An array is represented by a base type preceded by a square bracket "[", such as an int array and a float array, respectively: [I, [F;
The object type is denoted by L as the beginning, and the format is lpackage/classname; (a semicolon indicates that the end of the object is necessary), example:
The String object is in Smali: ljava/lang/string;
A Boolean member of the Class1 object is represented as: lcom/disney/class1;->isrunning:z
A String object member of the Class1 object is represented as:lcom/disney/class1;->name:ljava/lang/string;
Can be summarized as the format of the object type, member name: The member type,-> represents the owning relationship, the type trailer must include a semicolon.
The inner class is represented as: Lpackage/classname$innerobjectname, which is the "$" symbol before the inner class .

4. Functions

Format: Func-name (Para-type1para-type2para-type3 ...) Return-type

return type at the end, there is no delimiter between the arguments, example:

void Fun () fun () Vboolean fun (int, int., int) Fun (III) ZString Fun (Boolean, int[], int[], String, long) fun (z[i[iljava/ lang/string; J) ljava/lang/string;

5. Syntax

#标记, the return type of the constructor is V, and the name is <init>

# static fields define the tag of the instance fields define the tag of the instance variable # Direct methods defines the tag of the static method?? # virtual methods defines a non-static method tag??

. class public lcom/disney/wmw/wmwactivity;. Super lcom/disney/common/baseactivity;. Source "Wmwactivity.java". Implements Lcom/burstly/lib/ui/iburstlyadlistener;

The above lines of code represent the class name, the parent class name, and the source file name, which implements the interface.

. annotation inner class. End annotation

6. Local Variables

A local register, a non-parameter register, is represented by a symbol at the end of the number beginning with V, such as V0, V1, v2 、...,
The parameter register (parameter register) is represented by a symbol at the end of the number of p, such as P0, p1, p2 、...,
The. Registers is used to indicate the total number of registers in the method, that is, the total number of parameter registers and non-parameter registers.
. local 0, which indicates the minimum number of local registers to be used in this function, appears in the first line of the method. In this case, you only need to invoke the OnDestroy () processing of a parent class, so only use the p0, so the number of local registers used is 0, and don't forget that you might want to modify the. Local value after the code is implanted.
If the. Local 4, the register that can be used is v0-v3.
When a method is called, the parameters of the method are placed in the last n registers.
In the instance function, P0 refers to "This", P1 represents the first argument of the function, P2 represents the second parameter in the function ...,
In the static function, p1 represents the first argument of the function, and P2 represents the second parameter in the function ... because there is no this method in the static method of Java.
Example:

CONST/4 V0, 0x0iput-boolean v0, P0, lcom/disney/class1;->isrunning:z

In the first sentence above, the value of 0x0 is stored in the V0 local register,
The second sentence uses the Iput-boolean instruction to store the value in the V0 to the this.isrunning member variable, that is, this.isrunning = false; Because p0 in the instance function represents "this", Lcom/disney/class1; is the class name, and the corresponding instance is p0.

7. member variables and directives

# static Fields.field private static final prefs_installation_id java/lang/string; = "Installationid" # instance Fields.field private _activitypackagename java/lang/string;

There are different directives for getting and manipulating static member variables and instance member variables.
The commands read are: Iget, Sget, Iget-boolean, Sget-boolean, Iget-object, Sget-object, etc.
The assigned commands are: Iput, Sput, Iput-boolean, Sput-boolean, Iput-object, Sput-object, etc.
A member variable with "-object" means that the action is an object type, a member variable object that does not have a "-object" suffix representing an operation is a basic data type, and in particular a Boolean type uses an instruction operation with "-boolean".

Sample instructions for getting the static fields:

Sget-object V0, lcom/disney/class1;->prefs_installation_id:ljava/lang/string;

The sget-object instruction in the previous sentence takes the PREFS_INSTALLATION_ID string member variable and puts it in the V0 register.

The instructions for getting instance fields are similar to the static fields, and you need to indicate the instance to which the object belongs. Example:

Iget-object V0, P0, lcom/disney/class1;->_view:lcom/disney/class2;

The iget-object directive is more than sget-object a parameter p0, which is the instance of the class of the variable, where P0 is the "this".

The use of put directives and the get instructions are uniform, examples:

CONST/4 v3, 0x0sput-object v3, lcom/disney/class1;->globaliaphandler:lcom/disney/config/globalpurchasehandler;

The above sentence is equivalent to Class1.globaliaphandler = NULL;

8. Function calls

function calls in Smali are also classified as direct and virtual two types, and direct method is the private function, both public and protected functions are virtual methods. There are several different directives, such as Invoke-direct,invoke-virtual,invoke-static, Invoke-super, and Invoke-interface, when calling a function. There are also invoke-xxx/range directives, which are called when the parameters are more than 4, and are relatively rare.

Invoke-static: is called the static function, example:

invoke-static {}, Lcom/disney/class1;->fun () Z

There is a pair of curly braces "{}" behind the invoke-static, inside is an instance and a parameter list that calls the method, because this is a static method and does not require parameters, so {} is empty.

Invoke-super: Call the parent class method, which can be seen in OnCreate, OnDestroy, and other methods.
Invoke-direct: Calling the Private function, example:

Invoke-direct {p0}, Lcom/disney/class1;->getglobaliaphandler () Lcom/disney/config/globalpurchasehandler;

The above sentence is This->getglobaliaphandler (), and the function Globalpurchasehandler Getglobaliaphandler () is a private function defined in Class1.

Invoke-virtual: Used to invoke the protected or public function, example:

Sget-object V0, lcom/disney/class1;->sharehandler:landroid/os/handler;invoke-virtual {v0, v3}, Landroid/os/ Handler;->removecallbacksandmessages (ljava/lang/object;) V

The previous sentence V0 is Sharehandler android/os/handler,v3 is the Ljava/lang/object parameter passed to the Removecallbackandmessage method.

9. Get function Call result

The call function and return function result in Smali need to be done separately, and the returned result is obtained with Move-result (return basic data type) and Move-result-object (return object) instruction after the called function returns non-void.

Example:

CONST/4 v2, 0x0invoke-virtual {p0, v2}, Lcom/disney/class1;->getpreferences (I) landroid/content/sharedpreferences ; Move-result-object v1

The last sentence V1 saved is the Sharedpreferences instance that was returned by calling the This.getpreferences (int) method.

10. Function body

Between. Method and. End method.

Example:

. Method protected OnDestroy () v.locals 0.prologue.line 277invoke-super {p0}, lcom/disney/common/baseactivity;-> OnDestroy () V.line 279return-void.end method

The upper segment is the OnDestroy () function.
. Line 277, which marks the number of lines in the original Java file, is not required and does not have a compile problem. It can indicate the wrong location in case of an error, and the Jd-gui tool will restore the Smali code to Java code by analyzing the information.

11. Conditional syntax

If-eq P1, V0,: Cond_8:cond_8 invoke-direct {p0}, lcom/paul/test/a;->d () V

The previous paragraph indicates that if P1 and V0 are equal, the process of cond_8 is executed: Call the D () method of COM.PAUL.TEST.A

If-ne P1, V0,: Cond_b:cond_b const/4 v0, 0x0 invoke-virtual {p0, v0}, lcom/paul/test/a;->setpressed (Z) V I Nvoke-super {p0, p1, p2}, Landroid/view/view;->onkeyup (ilandroid/view/keyevent;) Z Move-result V0

The previous paragraph indicates that the process of cond_b execution is unequal.

Smali language Grammar