VFY: rejecting opcode 0x6e at 0x0117

实例:

  1. <font size="4">W/dalvikvm( 3418): VFY: tried to get class from non-ref register v0 (type=2)
  2. W/dalvikvm( 3418): VFY:  rejecting opcode 0x6e at 0x0117
  3. W/dalvikvm( 3418): VFY:  rejected Lcom/android/server/MountService;.<init> (Landroid/content/Context;)V
  4. W/dalvikvm( 3418): Verifier rejected class Lcom/android/server/MountService;</font>

复制代码


根据VFY得到下列内容
opcode                            6e
Opcode name             invoke-virt { 参数 },
register                      v0
type                                     2

DalvikSmali,详细内容请下载,Smali 学习笔记(大神出品,必属精品)
传送门:百度云ROM开发者学院视频课程http://bbs.rom.baidu.com/thread-141764-1-1.html

 

VFY解决实例

Configuration函数的某个命令挂了,挂的位置是0x000d,命令是0x59,原因应该是寄存器类型错误,就是vXX用错了
0x000d的位置可以根据你插桩的改动定位,如果改动比较多的话,可以通过累加命令的长度定位到某个命令,定位的方法是参照 smali学习笔记 里面有所有smali命令以及其长度
举个例子,比如一个函数
public xxxxxxxxxxxxxxxxxxxxxx()v

invoke-direct ..............(←第一个函数,什么.annotation啊proguard之类line之类的的都是不占位置的)

const-string ..............

return vX

.................
.............

那么如果报了rejecting opcode 0x0f at 0x05,那么根据上面网页的命令编码,0x0f是return,return指令出了问题;
如果函数里面有很多return而你不清楚是哪个的话,就根据指令的位置0x05定位,方法是从第一条指令开始计算,根据上面网页查到invoke-direct

后面那个7010 0800 0100就是invoke-direct指令的编码,长度为3(3个32位数值);同理查得const-string是1A08 0000,长度为2;
因为第一条指令都是从位置0开始的,而且长度为3,所以第2条指令起始位置就是0+3=3,而第2条指令长度为2,则第三条指令的位置0+3+2=5,正好就是0x05的位置,定位到该指令。
这种方法定位位置很准确,但是想想一个函数长数千行的时候~~~~你懂的

的的的

来自:Run14Cat  的答复

if-eqz v3, :cond_ty_2

.line 1447
const-string v3, "cn.ktouch.umsconnectionmode"

invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V

.line 1448
const-string v3, "cn.ktouch.umsdisconnectionmode"

invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V

.line 1451
:cond_ty_2

这两句中的v0表示有问题,改成v1,原由

nvoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
这句话里的v0要表示 Landroid/content/IntentFilter;
可是你发现v0不是这个值,最近的v0是表示 .local v0, emulate:Z
那个值才表示Landroid/content/IntentFilter;
往上文找,发现
invoke-direct {v1}, Landroid/content/IntentFilter;-><init>()V
.local v1, filter:Landroid/content/IntentFilter;
因此我改成v1

原文

.local v0, emulate:Z
if-eqz v0, :cond_1

const-string v7, "MountService"

const-string v8, "using emulated external storage"

invoke-static {v7, v8}, Landroid/util/Slog;->d(Ljava/lang/String;Ljava/lang/String;)I

iget-object v7, p0, Lcom/android/server/MountService;->mVolumeStates:Ljava/util/HashMap;

const-string v8, "mounted"

invoke-virtual {v7, v3, v8}, Ljava/util/HashMap;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;

:cond_1
add-int/lit8 v2, v2, 0x1

goto :goto_0

.end local v0 #emulate:Z
.end local v3 #path:Ljava/lang/String;
.end local v6 #volume:Landroid/os/storage/StorageVolume;
:cond_2
const-string v7, "package"

invoke-static {v7}, Landroid/os/ServiceManager;->getService(Ljava/lang/String;)Landroid/os/IBinder;

move-result-object v7

check-cast v7, Lcom/android/server/pm/PackageManagerService;

iput-object v7, p0, Lcom/android/server/MountService;->mPms:Lcom/android/server/pm/PackageManagerService;

new-instance v1, Landroid/content/IntentFilter;

 

invoke-direct {v1}, Landroid/content/IntentFilter;-><init>()V
.local v1, filter:Landroid/content/IntentFilter;
const-string v7, "android.intent.action.BOOT_COMPLETED"
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
const-string v7, "android.intent.action.LOCALE_CHANGED"
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V
iget-object v7, p0, Lcom/android/server/MountService;->mPrimaryVolume:Landroid/os/storage/StorageVolume;
if-eqz v7, :cond_3
iget-object v7, p0, Lcom/android/server/MountService;->mPrimaryVolume:Landroid/os/storage/StorageVolume;
invoke-virtual {v7}, Landroid/os/storage/StorageVolume;->allowMassStorage()Z
move-result v7
if-eqz v7, :cond_3
const-string v7, "android.hardware.usb.action.USB_STATE"
invoke-virtual {v1, v7}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V

:cond_ty_1
const-string v3, "persist.ty.usbconnectedmode"

const-string v4, "0"

invoke-static {v3, v4}, Landroid/os/SystemProperties;->get(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

move-result-object v3

iput-object v3, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;

.line 1445
const-string v3, "MountService"

new-instance v4, Ljava/lang/StringBuilder;

invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

const-string v5, "--->>>MountService UsbConnectedMode="

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

iget-object v5, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v4

invoke-static {v3, v4}, Landroid/util/Slog;->e(Ljava/lang/String;Ljava/lang/String;)I

.line 1446
iget-object v3, p0, Lcom/android/server/MountService;->UsbConnectedMode:Ljava/lang/String;

const-string v4, "1"

invoke-virtual {v3, v4}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z

move-result v3

if-eqz v3, :cond_ty_2

.line 1447
const-string v3, "cn.ktouch.umsconnectionmode"

invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V

.line 1448
const-string v3, "cn.ktouch.umsdisconnectionmode"

invoke-virtual {v0, v3}, Landroid/content/IntentFilter;->addAction(Ljava/lang/String;)V

.line 1451
:cond_ty_2

呵呵呵.