3

我想删除下面java代码中的第580行和第581行。这个文件在android设备的system/framework/services.jar中,所以我做的步骤是:

  1. 将jar反编译为smali

  2. 修改smali文件

  3. 将smali文件重新编译为dex文件

  4. 将其打包到 services.jar 中。

  5. 将services.jar推送到安卓手机

    问题在第2步,如何更改smali文件,我试图删除:line580和它下面的代码,但它不起作用,编译时抛出了一个nullPointerExecption......我可以看到/错误/在jd-gui工具有人请给我一些建议,我对smali完全陌生,在此先感谢。

java代码是:

568    public void registerUiTestAutomationService(IBinder owner,
569            IAccessibilityServiceClient serviceClient,
570            AccessibilityServiceInfo accessibilityServiceInfo) {
571            mSecurityPolicy.enforceCallingPermission(Manifest.permission.RETRIEVE_WINDOW_CONTENT,
572                FUNCTION_REGISTER_UI_TEST_AUTOMATION_SERVICE);
573
574        accessibilityServiceInfo.setComponentName(sFakeAccessibilityServiceComponentName);
575
576        synchronized (mLock) {
577            UserState userState = getCurrentUserStateLocked();
578
579            if (userState.mUiAutomationService != null) {
580                throw new IllegalStateException("UiAutomationService " + serviceClient
581                        + "already registered!");
582            }
583
584            try {
585                owner.linkToDeath(userState.mUiAutomationSerivceOnwerDeathRecipient, 0);
586            } catch (RemoteException re) {
587                Slog.e(LOG_TAG, "Couldn't register for the death of a"
588                        + " UiTestAutomationService!", re);
589                return;
590            }
591
592            userState.mUiAutomationServiceOwner = owner;
593            userState.mUiAutomationServiceClient = serviceClient;
594
595            // Set the temporary state.
596            userState.mIsAccessibilityEnabled = true;
597            userState.mIsTouchExplorationEnabled = false;
598            userState.mIsEnhancedWebAccessibilityEnabled = false;
599            userState.mIsDisplayMagnificationEnabled = false;
600            userState.mInstalledServices.add(accessibilityServiceInfo);
601            userState.mEnabledServices.clear();
602            userState.mEnabledServices.add(sFakeAccessibilityServiceComponentName);
603            userState.mTouchExplorationGrantedServices.add(sFakeAccessibilityServiceComponentName);
604
605            // Use the new state instead of settings.
606            onUserStateChangedLocked(userState);
607        }
608    }

反编译后的smali代码:

.line 579
.local v1, "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationService:Lcom/android/server/accessibility/AccessibilityManagerService$Service;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$300(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Lcom/android/server/accessibility/AccessibilityManagerService$Service;

move-result-object v2

if-eqz v2, :cond_3d

.line 580
new-instance v2, Ljava/lang/IllegalStateException;

new-instance v4, Ljava/lang/StringBuilder;

invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

const-string v5, "UiAutomationService "

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

move-result-object v4

const-string v5, "already registered!"

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v4

invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V

throw v2

.line 607
.end local v1    # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:catchall_3a
move-exception v2

monitor-exit v3
:try_end_3c
.catchall {:try_start_11 .. :try_end_3c} :catchall_3a

throw v2

.line 585
.restart local v1    # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:cond_3d
:try_start_3d
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationSerivceOnwerDeathRecipient:Landroid/os/IBinder$DeathRecipient;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$1200(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Landroid/os/IBinder$DeathRecipient;

move-result-object v2

const/4 v4, 0x0

invoke-interface {p1, v2, v4}, Landroid/os/IBinder;->linkToDeath(Landroid/os/IBinder$DeathRecipient;I)V
:try_end_45
.catch Landroid/os/RemoteException; {:try_start_3d .. :try_end_45} :catch_74
.catchall {:try_start_3d .. :try_end_45} :catchall_3a
4

1 回答 1

1

尝试删除

.line 580
new-instance v2, Ljava/lang/IllegalStateException;

new-instance v4, Ljava/lang/StringBuilder;

invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

const-string v5, "UiAutomationService "

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

move-result-object v4

const-string v5, "already registered!"

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v4

invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V

throw v2

我不确定。但是 AFAIK 这应该删除第 580 和 581 行。请尝试并告诉我。

于 2014-08-26T09:55:06.253 回答