我有个问题。我正在尝试将一些代码注入特定的代码点。差不多了,代码注入成功了。
但是在“com/google/ads/e”包中的“a”方法中代码注入失败。代码点在':goto_2'和'return v0'之间。
此时,像'const/4 v1, 0x1'这样的代码是可以的,但是像'const-string v1, "aaa"', 'new-instance v1, ~', 'sget v1, ~'这样的其他代码在崩溃时会崩溃应用程序正在运行,尽管 v1 不影响保留代码。
这个问题似乎与监视器指令相关。但我不知道为什么会出现这个问题。
.method private a(Ljava/lang/String;Landroid/app/Activity;Lcom/google/ads/AdRequest;Lcom/google/ads/f;Ljava/util/HashMap;J)Z
.locals 7
new-instance v0, Lcom/google/ads/h;
iget-object v1, p0, Lcom/google/ads/e;->a:Lcom/google/ads/internal/d;
invoke-virtual {v1}, Lcom/google/ads/internal/d;->h()Lcom/google/ads/m;
move-result-object v1
iget-object v1, v1, Lcom/google/ads/m;->k:Lcom/google/ads/util/i$b;
invoke-virtual {v1}, Lcom/google/ads/util/i$b;->a()Ljava/lang/Object;
move-result-object v2
check-cast v2, Lcom/google/ads/internal/h;
move-object v1, p0
move-object v3, p4
move-object v4, p1
move-object v5, p3
move-object v6, p5
invoke-direct/range {v0 .. v6}, Lcom/google/ads/h;-><init>(Lcom/google/ads/e;Lcom/google/ads/internal/h;Lcom/google/ads/f;Ljava/lang/String;Lcom/google/ads/AdRequest;Ljava/util/HashMap;)V
monitor-enter v0
:try_start_0
invoke-virtual {v0, p2}, Lcom/google/ads/h;->a(Landroid/app/Activity;)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
:goto_0
:try_start_1
invoke-virtual {v0}, Lcom/google/ads/h;->c()Z
move-result v1
if-nez v1, :cond_0
const-wide/16 v1, 0x0
cmp-long v1, p6, v1
if-lez v1, :cond_0
invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J
move-result-wide v1
invoke-virtual {v0, p6, p7}, Ljava/lang/Object;->wait(J)V
invoke-static {}, Landroid/os/SystemClock;->elapsedRealtime()J
:try_end_1
.catch Ljava/lang/InterruptedException; {:try_start_1 .. :try_end_1} :catch_0
.catchall {:try_start_1 .. :try_end_1} :catchall_0
move-result-wide v3
sub-long v1, v3, v1
sub-long/2addr p6, v1
goto :goto_0
:catch_0
move-exception v1
:try_start_2
new-instance v1, Ljava/lang/StringBuilder;
const-string v2, "Interrupted while waiting for ad network to load ad using adapter class: "
invoke-direct {v1, v2}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
invoke-virtual {v1, p1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v1
invoke-static {v1}, Lcom/google/ads/util/b;->a(Ljava/lang/String;)V
:cond_0
iget-object v1, p0, Lcom/google/ads/e;->a:Lcom/google/ads/internal/d;
invoke-virtual {v1}, Lcom/google/ads/internal/d;->m()Lcom/google/ads/internal/g;
move-result-object v1
invoke-virtual {v0}, Lcom/google/ads/h;->e()Lcom/google/ads/g$a;
move-result-object v2
invoke-virtual {v1, v2}, Lcom/google/ads/internal/g;->a(Lcom/google/ads/g$a;)V
invoke-virtual {v0}, Lcom/google/ads/h;->c()Z
move-result v1
if-eqz v1, :cond_2
invoke-virtual {v0}, Lcom/google/ads/h;->d()Z
move-result v1
if-eqz v1, :cond_2
iget-object v1, p0, Lcom/google/ads/e;->a:Lcom/google/ads/internal/d;
invoke-virtual {v1}, Lcom/google/ads/internal/d;->h()Lcom/google/ads/m;
move-result-object v1
invoke-virtual {v1}, Lcom/google/ads/m;->b()Z
move-result v1
if-eqz v1, :cond_1
const/4 v1, 0x0
:goto_1
iget-object v2, p0, Lcom/google/ads/e;->a:Lcom/google/ads/internal/d;
new-instance v3, Lcom/google/ads/e$8;
invoke-direct {v3, p0, v0, v1, p4}, Lcom/google/ads/e$8;-><init>(Lcom/google/ads/e;Lcom/google/ads/h;Landroid/view/View;Lcom/google/ads/f;)V
invoke-virtual {v2, v3}, Lcom/google/ads/internal/d;->a(Ljava/lang/Runnable;)V
const/4 v1, 0x1
monitor-exit v0
move v0, v1
:goto_2
# This point!!!
return v0
:cond_1
invoke-virtual {v0}, Lcom/google/ads/h;->f()Landroid/view/View;
move-result-object v1
goto :goto_1
:cond_2
invoke-virtual {v0}, Lcom/google/ads/h;->b()V
const/4 v1, 0x0
monitor-exit v0
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
move v0, v1
goto :goto_2
:catchall_0
move-exception v1
monitor-exit v0
throw v1
.end method