利用smali代碼去解決jadx出bug時的反編譯問題

jadx可以很方便的進行反編譯、但是有時候會增加了一些破壞代碼後 、jadx就不能正常的解碼出java代碼。比如這段代碼就是出錯後的代碼:

     /*
        r0 = isMediaUri(r9);
        r1 = 0;
        if (r0 != 0) goto L_0x0008;
    L_0x0007:
        return r1;
    L_0x0008:
        if (r9 == 0) goto L_0x0057;
    L_0x000a:
        r8 = r8.getContentResolver();
        r4 = 0;
        r5 = 0;
        r6 = 0;
        r7 = 0;
        r2 = r8;
        r3 = r9;
        r9 = r2.query(r3, r4, r5, r6, r7);	 Catch:{ Exception -> 0x0053, all -> 0x004b }
        r0 = r9.moveToFirst();	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        if (r0 == 0) goto L_0x0041;
    L_0x001e:
        r0 = 0;
        r0 = r9.getInt(r0);	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        r2 = "video";
        r2 = r10.contains(r2);	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        r3 = 1;
        if (r2 == 0) goto L_0x0033;
    L_0x002c:
        r4 = (long) r0;	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        r8 = android.provider.MediaStore.Video.Thumbnails.getThumbnail(r8, r4, r3, r1);	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
    L_0x0031:
        r1 = r8;
        goto L_0x0041;
    L_0x0033:
        r2 = "image/*";
        r10 = r10.contains(r2);	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        if (r10 == 0) goto L_0x0041;
    L_0x003b:
        r4 = (long) r0;	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        r8 = android.provider.MediaStore.Images.Thumbnails.getThumbnail(r8, r4, r3, r1);	 Catch:{ Exception -> 0x0049, all -> 0x0047 }
        goto L_0x0031;
    L_0x0041:
        if (r9 == 0) goto L_0x0057;
    L_0x0043:
        r9.close();
        goto L_0x0057;
    L_0x0047:
        r8 = move-exception;
        goto L_0x004d;
        goto L_0x0054;
    L_0x004b:
        r8 = move-exception;
        r9 = r1;
    L_0x004d:
        if (r9 == 0) goto L_0x0052;
    L_0x004f:
        r9.close();
    L_0x0052:
        throw r8;
    L_0x0053:
        r9 = r1;
    L_0x0054:
        if (r9 == 0) goto L_0x0057;
    L_0x0056:
        goto L_0x0043;
    L_0x0057:
        return r1;
        */

那怎麼讀懂這個代碼呢?藉助AndroidKiller來看smali代碼，還原這個成java代碼。
先看一段java 代碼

        int shhh=3;
        boolean r0 = isMediaUri(r9);

        if (r0) {
            shhh=5;
        }


        if (!r0) {
            shhh=8;
        }

        System.err.println("shhh "+shhh);

對應的smali代碼是這樣

 const/4 v0, 0x3

    .line 326
    .local v0, "shhh":I
    invoke-static {p1}, Lcom/bbbbb/ccccc/FileUtils;->isMediaUri(Landroid/net/Uri;)Z

    move-result v1

    .line 328
    .local v1, "r0":Z
    if-eqz v1, :cond_0

    .line 329
    const/4 v0, 0x5

    .line 333
    :cond_0
    if-nez v1, :cond_1

    .line 334
    const/16 v0, 0x8

    .line 337
    :cond_1
    sget-object v2, Ljava/lang/System;->err:Ljava/io/PrintStream;

    new-instance v3, Ljava/lang/StringBuilder;

    invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V

    const-string v4, "shhh "

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3, v0}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;

    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v3

    invoke-virtual {v2, v3}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

很顯然，根據這個轉換我們很方便就可以解讀出如下代碼

        /*
        r0 = isMediaUri(r9);
        r1 = 0;
        if (r0 != 0) goto L_0x0008;

這段轉成java就是這樣子

        boolean r0 = isMediaUri(r9);
        if (!r0) {
            //goto L_0x0008;
            //去執行 L_0x0008對應的代碼
        }

其他的依次類推，你學會了嗎。