search

JesusFreke / smali

smali/baksmali
6.29k stars 1.07k forks source link

dexlib2: unaligned switch table: at 113, switch offset 374 #822

Closed XhstormR closed 2 years ago

XhstormR commented 3 years ago

I use the dexlib2 library to modify the DEX file, there is no exception error when modifying DEX. But when running the modified APK, java.lang.verifyError error exception occurred:

2021-07-08 14:17:20.088 20845-20845/? E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.tencent.mm, PID: 20845
    java.lang.VerifyError: Verifier rejected class com.tencent.mm.plugin.account.ui.MobileInputUI: void com.tencent.mm.plugin.account.ui.MobileInputUI.onCreate(android.os.Bundle): [0xFFFFFFFF] unaligned switch table: at 113, switch offset 374 (declaration of 'com.tencent.mm.plugin.account.ui.MobileInputUI' appears in base.apk!classes8.dex)
        at java.lang.Class.classForName(Native Method)
        at java.lang.Class.forName(Class.java:454)
        at java.lang.Class.forName(Class.java:379)
        at com.tencent.mm.ui.e.bx(SourceFile:116)
        at com.tencent.mm.ui.e.a(SourceFile:43)
        at com.tencent.mm.ui.MMFragmentActivity.startActivityForResult(SourceFile:624)
        at android.app.Activity.startActivityForResult(Activity.java:5163)
        at androidx.fragment.app.FragmentActivity.startActivityForResult(SourceFile:754)
        at com.tencent.mm.ui.MMFragmentActivity.startActivityForResult(SourceFile:617)
        at android.app.Activity.startActivity(Activity.java:5534)
        at com.tencent.mm.ui.MMFragmentActivity.startActivity(SourceFile:611)
        at android.app.Activity.startActivity(Activity.java:5502)
        at com.tencent.mm.ui.MMFragmentActivity.startActivity(SourceFile:604)
        at com.tencent.mm.plugin.account.ui.WelcomeActivity$4.onClick(SourceFile:107)
        at android.view.View.performClick(View.java:7201)
        at android.view.View.performClickInternal(View.java:7170)
        at android.view.View.access$3500(View.java:806)
        at android.view.View$PerformClick.run(View.java:27562)
        at android.os.Handler.handleCallback(Handler.java:883)
        at android.os.Handler.dispatchMessage(Handler.java:100)
        at android.os.Looper.loop(Looper.java:214)
        at android.app.ActivityThread.main(ActivityThread.java:7697)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:516)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950)

It looks like this caused by this Switch statement: 剪贴板02

I uploaded the modified DEX file. modified.classes8.dex.zip

XhstormR commented 3 years ago

This is the original dex file: origin.classes8.dex.zip

JesusFreke commented 2 years ago

Can you give a brief overview of how you're modifying and writing out the dex file? I think padding the switch payload is handled by MutableMethodImplementation.

XhstormR commented 2 years ago

This is the sample code:

        class MyRewrittenMethod(method: Method) : RewrittenMethod(method) {

            override fun getImplementation(): MethodImplementation? {
                val methodImplementation = super.getImplementation()
                if (methodImplementation != null
                    && method.name == "onCreate"
                    && method.definingClass == "com.example.MainActivity"
                ) {
                    with(methodImplementation) {
                        val p0 = registerCount - this@MyRewrittenMethod.parameters.size - 1
                        val testParameters = listOf(ReflectionUtils.javaToDexName("android.app.Activity"))
                        val testReturnType = ReflectionUtils.javaToDexName("void")
                        val immutableMethodReference = ImmutableMethodReference("com.example.Test", "testMethod", testParameters, testReturnType)
                        val immutableInstruction = ImmutableInstruction3rc(Opcode.INVOKE_STATIC_RANGE, p0, 1, immutableMethodReference)
                        val instructions = instructions.toMutableList()
                            .apply { add(0, immutableInstruction) }
                        return ImmutableMethodImplementation(registerCount, instructions, null, null)
                    }
                }
                return methodImplementation
            }
        }
JesusFreke commented 2 years ago

Yeah, if you're just building an ImmutableMethodImplementation directly, you'll need to fix up things like that yourself. I would recommend using a MutableMethodImplementation to modify the method, which should handle things like payload alignment, etc.

XhstormR commented 2 years ago

Got it, thank you.