smali文件语法
Posted wulianghuan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了smali文件语法相关的知识,希望对你有一定的参考价值。
Dalvik opcodes
表中的VX值表示的Dalvik寄存器。根据不同的指令,16,256或64K寄存器可以访问。对long和double值的操作使用两个寄存器,例如在V0的注册解决占地V0和V1的寄存器双重价值。
布尔值存储真正的为1和0为假。被翻译成整数运算的布尔操作。
HIG-endian格式中所有的例子,如0F00 0A00 0F,00,0A,00顺序编码。
注意有没有解释/在一些指令的例子。这意味着,我没有看到指令“在野外”,它的存在/名称只能从已知 的Android操作码常数列表。
| Opcode (hex) | Opcode name | Explanation | Example |
| 00 | nop | No operation | 0000 - nop |
| 01 | move vx,vy | Moves the content of vy into vx. Both registers must be in the first 256 register range. | 0110 - move v0, v1 Moves v1 into v0. |
| 02 | move/from16 vx,vy | Moves the content of vy into vx. vy may be in the 64k register range while vx is one of the first 256 registers. | 0200 1900 - move/from16 v0, v25 Moves v25 into v0. |
| 03 | move/16 | ||
| 04 | move-wide | ||
| 05 | move-wide/from16 vx,vy | Moves a long/double value from vy to vx. vy may be in the 64k register range while wx is one of the first 256 registers. | 0516 0000 - move-wide/from16 v22, v0 Moves v0 into v22. |
| 06 | move-wide/16 | ||
| 07 | move-object vx,vy | Moves the object reference from vy to vx. | 0781 - move-object v1, v8 Moves the object reference in v8 to v1. |
| 08 | move-object/from16 vx,vy | Moves the object reference from vy to vx, vy can address 64k registers and vx can address 256 registers. | 0801 1500 - move-object/from16 v1, v21 Move the object reference in v21 to v1. |
| 09 | move-object/16 | ||
| 0A | move-result vx | Move the result value of the previous method invocation into vx. | 0A00 - move-result v0 Move the return value of a previous method invocation into v0. |
| 0B | move-result-wide vx | Move the long/double result value of the previous method invocation into vx,vx+1. | 0B02 - move-result-wide v2 Move the long/double result value of the previous method invocation into v2,v3. |
| 0C | move-result-object vx | Move the result object reference of the previous method invocation into vx. | 0C00 - move-result-object v0 |
| 0D | move-exception vx | Move the exception object reference thrown during a method invocation into vx. | 0D19 - move-exception v25 |
| 0E | return-void | Return without a return value | 0E00 - return-void |
| 0F | return vx | Return with vx return value | 0F00 - return v0 Returns with return value in v0. |
| 10 | return-wide vx | Return with double/long result in vx,vx+1. | 1000 - return-wide v0 Returns with a double/long value in v0,v1. |
| 11 | return-object vx | Return with vx object reference value. | 1100 - return-object v0 Returns with object reference value in v0 |
| 12 | const/4 vx,lit4 | Puts the 4 bit constant into vx | 1221 - const/4 v1, #int2 Moves literal 2 into v1. The destination register is in the lower 4 bit in the second byte, the literal 2 is in the higher 4 bit. |
| 13 | const/16 vx,lit16 | Puts the 16 bit constant into vx | 1300 0A00 - const/16 v0, #int 10 Puts the literal constant of 10 into v0. |
| 14 | const vx, lit32 | Puts the integer constant into vx | 1400 4E61 BC00 - const v0, #12345678 // #00BC614E Moves literal 12345678 into v0. |
| 15 | const/high16 v0, lit16 | Puts the 16 bit constant into the topmost bits of the register. Used to initialize float values. | 1500 2041 - const/high16 v0, #float 10.0 // #41200000 Moves the floating literal of 10.0 into v0. The 16 bit literal in the instruction carries the top 16 bits of the floating point number. |
| 16 | const-wide/16 vx, lit16 | Puts the integer constant into vx and vx+1 registers, expanding the integer constant into a long constant.. | 1600 0A00 - const-wide/16 v0, #long 10 Moves literal 10 into v0 and v1 registers. |
| 17 | const-wide/32 vx, lit32 | Puts the 32 bit constant into vx and vx+1 registers, expanding the integer constant into a long constant. | 1702 4e61 bc00 - const-wide/32 v2, #long 12345678 // #00bc614e Puts #12345678 into v2 and v3 registers. |
| 18 | const-wide vx, lit64 | Puts the 64 bit constant into vx and vx+1 registers. | 1802 874b 6b5d 54dc 2b00- const-wide v2, #long 12345678901234567 // #002bdc545d6b4b87 Puts #12345678901234567 into v2 and v3 registers. |
| 19 | const-wide/high16 vx,lit16 | Puts the 16 bit constant into the highest 16 bit of vx and vx+1 registers. Used to initialize double values. | 1900 2440 - const-wide/high16 v0, #double 10.0 // #402400000 Puts the double constant of 10.0 into v0 register. |
| 1A | const-string vx,string_id | Puts reference to a string constant identified by string_id into vx. | 1A08 0000 - const-string v8, "" // string@0000 Puts reference to string@0000 (entry #0 in the string table) into v8. |
| 1B | const-string-jumbo | ||
| 1C | const-class vx,type_id | Moves the class object of a class identified by type_id (e.g. Object.class) into vx. | 1C00 0100 - const-class v0, Test3 // type@0001 Moves reference to Test3.class (entry#1 in the type id table) into |
| 1D | monitor-enter vx | Obtains the monitor of the object referenced by vx. | 1D03 - monitor-enter v3 Obtains the monitor of the object referenced by v3. |
| 1E | monitor-exit | Releases the monitor of the object referenced by vx. | 1E03 - monitor-exit v3 Releases the monitor of the object referenced by v3. |
| 1F | check-cast vx, type_id | Checks whether the object reference in vx can be cast to an instance of a class referenced by type_id. Throws ClassCastException if the cast is not possible, continues execution otherwise. | 1F04 0100 - check-cast v4, Test3 // type@0001 Checks whether the object reference in v4 can be cast to type@0001 (entry #1 in the type id table) |
| 20 | instance-of vx,vy,type_id | Checks whether vy is instance of a class identified by type_id. Sets vx non-zero if it is, 0 otherwise. | 2040 0100 - instance-of v0, v4, Test3 // type@0001 Checks whether the object reference in v4 is an instance of type@0001 (entry #1 in the type id table). Sets v0 to non-zero if v4 is instance of Test3, 0 otherwise. |
| 21 | array-length vx,vy | Calculates the number of elements of the array referenced by vy and puts the length value into vx. | 2111 - array-length v1, v1 Calculates the number of elements of the array referenced by v1 and puts the result into v1. |
| 22 | new-instance vx,type | Instantiates an object type and puts the reference of the newly created instance into vx. | 2200 1500 - new-instance v0, java.io.FileInputStream // type@0015 Instantiates type@0015 (entry #15H in the type table) and puts its reference into v0. |
| 23 | new-array vx,vy,type_id | Generates a new array of type_id type and vy element size and puts the reference to the array into vx. | 2312 2500 - new-array v2, v1, char[] // type@0025 Generates a new array of type@0025 type and v1 size and puts the reference to the new array into v2. |
| 24 | filled-new-array parameters,type_id | Generates a new array of type_id and fills it with the parameters5. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction. | 2420 530D 0000 - filled-new-array v0,v0,[I // type@0D53 Generates a new array of type@0D53. The array's size will be 2 and both elements will be filled with the contents of v0 register. |
| 25 | filled-new-array-range vx..vy,type_id | Generates a new array of type_id and fills it with a range of parameters. Reference to the newly generated array can be obtained by a move-result-object instruction, immediately following the filled-new-array instruction. | 2503 0600 1300 - filled-new-array/range v19..v21, [B // type@0006 Generates a new array of type@0D53. The array's size will be 3 and the elements will be filled using the v19,v20 and v21 registers4. |
| 26 | fill-array-data vx,array_data_offset | Fills the array referenced by vx with the static data. The location of the static data is the sum of the position of the current instruction and the offset | 2606 2500 0000 - fill-array-data v6, 00e6 // +0025 Fills the array referenced by v0 with the static data at current instruction+25H words location. The offset is expressed as a 32-bit number. The static data is stored in the following format: 0003 // Table type: static array data 0400 // Byte per array element (in this case, 4 byte integers) 0300 0000 // Number of elements in the table 0100 0000 // Element #0: integer 1 0200 0000 // Element #1: integer 2 0300 0000 // Element #2: integer3 |
| 27 | throw vx | Throws an exception object. The reference of the exception object is in vx. | 2700 - throw v0 Throws an exception. The exception object reference is in v0. |
| 28 | goto target | Unconditional jump by short offset2. | 28F0 - goto 0005 // -0010 Jumps to current position-16 words (hex 10). 0005 is the label of the target instruction. |
| 29 | goto/16 target | Unconditional jump by 16 bit offset2. | 2900 0FFE - goto/16 002f // -01f1 Jumps to the current position-1F1H words. 002F is the label of the target instruction. |
| 2A | goto/32 target | ||
| 2B | packed-switch vx,table | Implements a switch statement where the case constants are close to each other. The instruction uses an index table. vx indexes into this table to find the offset of the instruction for a particular case. If vx falls out of the index table, the execution continues on the next instruction (default case). | 2B02 0C00 0000 - packed-switch v2, 000c // +000c Execute a packed switch according to the switch argument in v2. The position of the index table is at current instruction+0CH words. The table looks like the following: 0001 // Table type: packed switch table 0300 // number of elements 0000 0000 // element base 0500 0000 0: 00000005 // case 0: +00000005 0700 0000 1: 00000007 // case 1: +00000007 0900 0000 2: 00000009 // case 2: +00000009 |
| 2C | sparse-switch vx,table | Implements a switch statement with sparse case table. The instruction uses a lookup table with case constants and offsets for each case constant. If there is no match in the table, execution continues on the next instruction (default case). | 2C02 0c00 0000 - sparse-switch v2, 000c // +000c Execute a sparse switch according to the switch argument in v2. The position of the lookup table is at current instruction+0CH words. The table looks like the following. 0002 // Table type: sparse switch table 0300 // number of elements 9cff ffff // first case: -100 fa00 0000 // second case constant: 250 e803 0000 // third case constant: 1000 0500 0000 // offset for the first case constant: +5 0700 0000 // offset for the second case constant: +7 0900 0000 // offset for the third case constant: +9 |
| 2D | cmpl-float | Compares the float values in vy and vz and sets the integer value in vx accordingly3 | 2D00 0607 - cmpl-float v0, v6, v7 Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN. |
| 2E | cmpg-float vx, vy, vz | Compares the float values in vy and vz and sets the integer value in vx accordingly3. | 2E00 0607 - cmpg-float v0, v6, v7 Compares the float values in v6 and v7 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN. |
| 2F | cmpl-double vx,vy,vz | Compares the double values in vy and vz2 and sets the integer value in vx accordingly3. | 2F19 0608 - cmpl-double v25, v6, v8 Compares the double values in v6,v7 and v8,v9 and sets v25 accordingly. NaN bias is less-than, the instruction will return -1 if any of the parameters is NaN. |
| 30 | cmpg-double vx, vy, vz | Compares the double values in vy and vz2 and sets the integer value in vx accordingly3. | 3000 080A - cmpg-double v0, v8, v10 Compares the double values in v8,v9 and v10,v11 then sets v0 accordingly. NaN bias is greater-than, the instruction will return 1 if any of the parameters is NaN. |
| 31 | cmp-long vx, vy, vz | Compares the long values in vy and vz and sets the integer value in vx accordingly3. | 3100 0204 - cmp-long v0, v2, v4 Compares the long values in v2 and v4 then sets v0 accordingly. |
| 32 | if-eq vx,vy,target | Jumps to target if vx==vy2. vx and vy are integer values. | 32b3 6600 - if-eq v3, v11, 0080 // +0066 Jumps to the current position+66H words if v3==v11. 0080 is the label of the target instruction. |
| 33 | if-ne vx,vy,target | Jumps to target if vx!=vy2. vx and vy are integer values. | 33A3 1000 - if-ne v3, v10, 002c // +0010 Jumps to the current position+10H words if v3!=v10. 002c is the label of the target instruction. |
| 34 | if-lt vx,vy,target | Jumps to target is vx<vy2. vx and vy are integer values. | 3432 CBFF - if-lt v2, v3, 0023 // -0035 Jumps to the current position-35H words if v2<v3. 0023 is the label of the target instruction. |
| 35 | if-ge vx, vy,target | Jumps to target if vx>=vy2. vx and vy are integer values. | 3510 1B00 - if-ge v0, v1, 002b // +001b Jumps to the current position+1BH words if v0>=v1. 002b is the label of the target instruction. |
| 36 | if-gt vx,vy,target | Jumps to target if vx>vy2. vx and vy are integer values. | 3610 1B00 - if-ge v0, v1, 002b // +001b Jumps to the current position+1BH words if v0>v1. 002b is the label of the target instruction. |
| 37 | if-le vx,vy,target | Jumps to target if vx<=vy2. vx and vy are integer values. | 3756 0B00 - if-le v6, v5, 0144 // +000b Jumps to the current position+0BH words if v6<=v5. 0144 is the label of the target instruction. |
| 38 | if-eqz vx,target | Jumps to target if vx==02. vx is an integer value. | 3802 1900 - if-eqz v2, 0038 // +0019 Jumps to the current position+19H words if v2==0. 0038 is the label of the target instruction. |
| 39 | if-nez vx,target | Checks vx and jumps if vx is nonzero2. | 3902 1200 - if-nez v2, 0014 // +0012 Jumps to current position+18 words (hex 12) if v2 is nonzero. 0014 is the label of the target instruction. |
| 3A | if-ltz vx,target | Checks vx and jumps if vx<02. | 3A00 1600 - if-ltz v0, 002d // +0016 Jumps to the current position+16H words if v0<0. 002d is the label of the target instruction. |
| 3B | if-gez vx,target | Checks vx and jumps if vx>=02. | 3B00 1600 - if-gez v0, 002d // +0016 Jumps to the current position+16H words if v0 >=0. 002d is the label of the target instruction. |
| 3C | if-gtz vx,target | Checks vx and jumps if vx>02. | 3C00 1D00 - if-gtz v0, 004a // +001d Jumps to the current position+1DH words if v0>0. 004A is the label of the target instruction. |
| 3D | if-lez vx,target | Checks vx and jumps if vx<=02. | 3D00 1D00 - if-lez v0, 004a // +001d Jumps to the current position+1DH words if v0<=0. 004A is the label of the target instruction. |
| 3E | unused_3E | ||
| 3F | unused_3F | ||
| 40 | unused_40 | ||
| 41 | unused_41 | ||
| 42 | unused_42 | ||
| 43 | unused_43 | ||
| 44 | aget vx,vy,vz | Gets an integer value of an object reference array into vx. The array is referenced by vy and is indexed by vz. | 4407 0306 - aget v7, v3, v6 Gets an integer array element. The array is referenced by v3 and the element is indexed by v6. The element will be put into v7. |
| 45 | aget-wide vx,vy,vz | Gets a long/double value of long/double array into vx,vx+1. The array is referenced by vy and is indexed by vz. | 4505 0104 - aget-wide v5, v1, v4 Gets a long/double array element. The array is referenced by v1 and the element is indexed by v4. The element will be put into v5,v6. |
| 46 | aget-object vx,vy,vz | Gets an object reference value of an object reference array into vx. The array is referenced by vy and is indexed by vz. | 4602 0200 - aget-object v2, v2, v0 Gets an object reference array element. The array is referenced by v2 and the element is indexed by v0. The element will be put into v2. |
| 47 | aget-boolean vx,vy,vz | Gets a boolean value of a boolean array into vx. The array is referenced by vy and is indexed by vz. | 4700 0001 - aget-boolean v0, v0, v1 Gets a boolean array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0. |
| 48 | aget-byte vx,vy,vz | Gets a byte value of a byte array into vx. The array is referenced by vy and is indexed by vz. | 4800 0001 - aget-byte v0, v0, v1 Gets a byte array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0. |
| 49 | aget-char vx, vy,vz | Gets a char value of a character array into vx. The element is indexed by vz, the array object is referenced by vy | 4905 0003 - aget-char v5, v0, v3 Gets a character array element. The array is referenced by v0 and the element is indexed by v3. The element will be put into v5. |
| 4A | aget-short vx,vy,vz | Gets a short value of a short array into vx. The element is indexed by vz, the array object is referenced by vy. | 4A00 0001 - aget-short v0, v0, v1 Gets a short array element. The array is referenced by v0 and the element is indexed by v1. The element will be put into v0. |
| 4B | aput vx,vy,vz | Puts the integer value in vx into an element of an integer array. The element is indexed by vz, the array object is referenced by vy. | 4B00 0305 - aput v0, v3, v5 Puts the integer value in v2 into an integer array referenced by v0. The target array element is indexed by v1. |
| 4C | aput-wide vx,vy,vz | Puts the double/long value in vx,vx+1 into a double/long array. The array is referenced by vy, the element is indexed by vz. | 4C05 0104 - aput-wide v5, v1, v4 Puts the double/long value in v5,v6 into a double/long array referenced by v1. The target array element is indexed by v4. |
| 4D | aput-object vx,vy,vz | Puts the object reference value in vx into an element of an object reference array. The element is indexed by vz, the array object is referenced by vy. | 4D02 0100 - aput-object v2, v1, v0 Puts the object reference value in v2 into an object reference array referenced by v0. The target array element is indexed by v1. |
| 4E | aput-boolean vx,vy,vz | Puts the boolean value in vx into an element of a boolean array. The element is indexed by vz, the array object is referenced by vy. | 4E01 0002 - aput-boolean v1, v0, v2 Puts the boolean value in v1 into an object reference array referenced by v0. The target array element is indexed by v2. |
| 4F | aput-byte vx,vy,vz | Puts the byte value in vx into an element of a byte array. The element is indexed by vz, the array object is referenced by vy. | 4F02 0001 - aput-byte v2, v0, v1 Puts the boolean value in v2 into a byte array referenced by v0. The target array element is indexed by v1. |
| 50 | aput-char vx,vy,vz | Puts the char value in vx into an element of a character array. The element is indexed by vz, the array object is referenced by vy. | 5003 0001 - aput-char v3, v0, v1 Puts the character value in v3 into a character array referenced by v0. The target array element is indexed by v1. |
| 51 | aput-short vx,vy,vz | Puts the short value in vx into an element of a short array. The element is indexed by vz, the array object is referenced by vy. | 5102 0001 - aput-short v2, v0, v1 Puts the short value in v2 into a character array referenced by v0. The target array element is indexed by v1. |
| 52 | iget vx, vy, field_id | Reads an instance field into vx. The instance is referenced by vy. | 5210 0300 - iget v0, v1, Test2.i6:I // field@0003 Reads field@0003 into v0 (entry #3 in the field id table). The instance is referenced by v1. |
| 53 | iget-wide vx,vy,field_id | Reads an instance field into vx1. The instance is referenced by vy. | 5320 0400 - iget-wide v0, v2, Test2.l0:J // field@0004 Reads field@0004 into v0 and v1 registers (entry #4 in the field id table). The instance is referenced by v2. |
| 54 | iget-object vx,vy,field_id | Reads an object reference instance field into vx. The instance is referenced by vy. | iget-object v1, v2, LineReader.fis:Ljava/io/FileInputStream; // field@0002 Reads field@0002 into v1 (entry #2 in the field id table). The instance is referenced by v2. |
| 55 | iget-boolean vx,vy,field_id | Reads a boolean instance field into vx. The instance is referenced by vy. | 55FC 0000 - iget-boolean v12, v15, Test2.b0:Z // field@0000 Reads the boolean field@0000 into v12 register (entry #0 in the field id table). The instance is referenced by v15. |
| 56 | iget-byte vx,vy,field_id | Reads a byte instance field into vx. The instance is referenced by vy. | 5632 0100 - iget-byte v2, v3, Test3.bi1:B // field@0001 Reads the char field@0001 into v2 register (entry #1 in the field id table). The instance is referenced by v3. |
| 57 | iget-char vx,vy,field_id | Reads a char instance field into vx. The instance is referenced by vy. | 5720 0300 - iget-char v0, v2, Test3.ci1:C // field@0003 Reads the char field@0003 into v0 register (entry #3 in the field id table). The instance is referenced by v2. |
| 58 | iget-short vx,vy,field_id | Reads a short instance field into vx. The instance is referenced by vy. | 5830 0800 - iget-short v0, v3, Test3.si1:S // field@0008 Reads the short field@0008 into v0 register (entry #8 in the field id table). The instance is referenced by v3. |
| 59 | iput vx,vy, field_id | Puts vx into an instance field. The instance is referenced by vy. | 5920 0200 - iput v0,v2, Test2.i6:I // field@0002 Stores v0 into field@0002 (entry #2 in the field id table). The instance is referenced by v2. |
| 5A | iput-wide vx,vy, field_id | Puts the wide value located in vx and vx+1 registers into an instance field. The instance is referenced by vy. | 5A20 0000 - iput-wide v0,v2, Test2.d0:D // field@0000 Stores the wide value in v0, v1 registers into field@0000 (entry #0 in the field id table). The instance is referenced by v2. |
| 5B | iput-object vx,vy,field_id | Puts the object reference in vx into an instance field. The instance is referenced by vy. | 5B20 0000 - iput-object v0, v2, LineReader.bis:Ljava/io/BufferedInputStream; // field@0000 Stores the object reference in v0 into field@0000(entry #0 in the field table). The instance is referenced by v2. |
| 5C | iput-boolean vx,vy, field_id | Puts the boolean value located in vx into an instance field. The instance is referenced by vy. | 5C30 0000 - iput-boolean v0, v3, Test2.b0:Z // field@0000 Puts the boolean value in v0 into field@0000(entry #0 in the field id table). The instance is referenced by v3. |
| 5D | iput-byte vx,vy,field_id | Puts the byte value located in vx into an instance field. The instance is referenced by vy. | 5D20 0100 - iput-byte v0, v2, Test3.bi1:B // fieldSmali代码语法 |