Open AduosPiggy opened 3 hours ago
也可以直接在获取code off的时候,把ins 全部覆盖写入
read hanlders first ---> and then skip 8byties ---> read tries by hanlders; 这个方法是一个巧合;这样子会因为阅读的偏移地址超出dex文件,然后抛出异常,然后就不对dex文件做修改。这就意味着 在framework层dump下来的dex文件就需要是包含完整方法体且有try-catch的方法,这里相当于没有处理bin文件中的ins。
总的还是建议在 com/luoye/util/DexUtils.java 的 patch方法中复写这一段:
bytes是bin文件中的ins 方法;从寄存器到最后的tries handlers都直接覆盖写入。
代码参考如下:
for (int i = 0; i < methods.length; i++) { ClassData.Method method = methods[i]; int methodCodeOffset = method.getCodeOffset(); byte[] bytes = map.get(method.getMethodIndex()); mRandomOutAccessFile.seek(methodCodeOffset); mRandomOutAccessFile.write(bytes, 0, bytes.length); patchCount++;
com/android/dex/Dex.java: read hanlders first ---> and then skip 8byties ---> read tries by hanlders; don't know why, but this seems success fixed try-catch; modify follow:
private Code readCode() { int registersSize = readUnsignedShort(); int insSize = readUnsignedShort(); int outsSize = readUnsignedShort(); int triesSize = readUnsignedShort(); int debugInfoOffset = readInt(); int instructionsSize = readInt(); short[] instructions = readShortArray(instructionsSize); Try[] tries; CatchHandler[] catchHandlers; if (triesSize > 0) { if (instructions.length % 2 == 1) { readShort(); // padding }
// Section triesSection = open(data.position()); // skip(triesSize * SizeOf.TRY_ITEM); // catchHandlers = readCatchHandlers(); // tries = triesSection.readTries(triesSize, catchHandlers);