1. 编写一个MyLog.java 放到一个android工程下,编译打包,然后反编译拿到MyLog的smali代码
package com.example.logapplication;
import android.util.Log;
public class MyLog {
public static final String TAG = "JIA";
public static void logd(Object obj) {
Log.d(TAG, "logd: " + obj);
}
public static void logi(Object obj) {
Log.i(TAG, "logi: " + obj);
}
public static void loge(Object obj) {
Log.e(TAG, "logde: " + obj);
}
public static void print() {
Log.e(TAG, "logde print: =====" );
}
}
拿到MyLog.smali后,第一件事是抹去他的包信息,得到
.class public LMyLog;
.super Ljava/lang/Object;
.source "MyLog.java"
# static fields
.field public static final TAG:Ljava/lang/String; = "JIA"
# direct methods
.method public constructor <init>()V
.locals 0
.line 5
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
.method public static logd(Ljava/lang/Object;)V
.locals 2
.param p0, "obj" # Ljava/lang/Object;
.line 9
new-instance v0, Ljava/lang/StringBuilder;
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V
const-string v1, "logd: "
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
const-string v1, "JIA"
invoke-static {v1, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
.line 10
return-void
.end method
.method public static loge(Ljava/lang/Object;)V
.locals 2
.param p0, "obj" # Ljava/lang/Object;
.line 17
new-instance v0, Ljava/lang/StringBuilder;
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V
const-string v1, "logde: "
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
const-string v1, "JIA"
invoke-static {v1, v0}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 18
return-void
.end method
.method public static logi(Ljava/lang/Object;)V
.locals 2
.param p0, "obj" # Ljava/lang/Object;
.line 13
new-instance v0, Ljava/lang/StringBuilder;
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V
const-string v1, "logi: "
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
move-result-object v0
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v0
const-string v1, "JIA"
invoke-static {v1, v0}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
.line 14
return-void
.end method
.method public static print()V
.locals 2
.line 21
const-string v0, "JIA"
const-string v1, "logde print: ====="
invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 22
return-void
.end method
3. 将滚动天空拖入到AndroidKiller 中进行反编译,打开smali目录的位置,将MyLog.smali放到目录下,等于是是在源代码的根目录下(这也是要抹除包信息的原因),在目标文件a.smali的onPayCancel插入自己的代码
# virtual methods
.method public varargs onPayCancel(Lcom/turbochilli/rollingsky/pay/IProduct;I[Ljava/lang/String;)V
.locals 3
.prologue
const/4 v2, 0x4
.line 57
iget-object v0, p0, Lcom/turbochilli/rollingsky/b/a;->a:Ljava/lang/String;
const-string v1, "ball_50"
# my code begin
invoke-static {}, LMyLog;->print()V
invoke-static {v0}, LMyLog;->loge(Ljava/lang/Object;)V
# my code end
invoke-static {v0, v1}, Landroid/text/TextUtils;->equals(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Z
move-result v0
if-eqz v0, :cond_1
.line 77
:cond_0
:goto_0
invoke-static {}, Lcom/turbochilli/rollingsky/util/NativeUtil;->getInstance()Lcom/turbochilli/rollingsky/util/NativeUtil;
move-result-object v0
......
.end method
4. 通过AndroidKiller 重打包,并安装(手动打也可以,就是有些繁琐,借助工具更香)
5. 看到了自己的日志
JIA com...llingsky_cn.nearme.gamecenter E logde print: =====
JIA com...llingsky_cn.nearme.gamecenter E logde: ball_500