# SMALI语法大全

• 安卓修改大师对安卓文件进行代码级别修改的时候，需要修改反编译生成的SMALI文件。本文是最全的SMALI语法，原始英文资料，保持文章的原汁原味，避免翻译造成的歧义，对于英文好的同学，这是不可多得的福利。

SMALI代码示例

if v0==0 go cond_0

if-eqz v0, :cond_0

if v0!=0 go cond_0

if-nez v0, :cond_0

v1赋属性值

const/4 v1, 0x2

iput v1, p0, Lcom/android/shortcuts/setting/SettingActivity;->h:I

获得属性值 赋值v2

iget v2, p0, Lcom/android/shortcuts/setting/SettingActivity;->h:I

字符串赋值

const-string v0, "\u60a8\u7684\u8bd5"

SettingActivity;->a方法调用

参数 v0

invoke-direct {p0, v0}, Lcom/android/shortcuts/setting/SettingActivity;->a(Ljava/lang/String;)V

const/4 v1, 0x1

SMALI 数据类型

dalvik's bytecode has two major classes of types, primitive types and reference types. Reference types are objects and arrays, everything else is a primitive.

Primitives are represented by a single letter. I didn't come up with these abbreviations - they are what is actually stored in the dex file, in string form. They are specified in the dex-format.html document (dalvik/docs/dex-format.html in the AOSP repository)

 V void - can only be used for return types Z boolean B byte S short C char I int J long (64 bits) F float D double (64 bits)

Objects take the form Lpackage/name/ObjectName; - where the leading L indicates that it is an object type, package/name/ is the package that the object is in, ObjectName is the name of the object, and ; denotes the end of the object name. This would be equivalent topackage.name.ObjectName in java. Or for a more concrete example, Ljava/lang/String; is equivalent to java.lang.String

Arrays take the form [I - this would be an array of ints with a single dimension. i.e. int[] in java. For arrays with multiple dimensions, you simply add more [ characters. [[I = int[][][[[I = int[][][], etc. (Note: The maximum number of dimensions you can have is 255).

You can also have arrays of objects, [Ljava/lang/String; would be an array of Strings.

SMALI 方法和函数

Methods are always specified in a very verbose form that includes the type that contains the method, the method name, the types of the parameters and the return type. All this information is required for the virtual machine to be able to find the correct method, and to be able to perform static analysis on the bytecode (for verification/optimization purposes)

They take the form

Lpackage/name/ObjectName;->MethodName(III)Z

In this example, you should recognize Lpackage/name/ObjectName; as a type. MethodName is obviously the name of the method. (III)Z is the method's signature. III are the parameters (in this case, 3 ints), and Z is the return type (bool).

The method parameters are listed one right after another, with no separators between them.

Here's a more complex example:

method(I[[IILjava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;

In java, this would be

String method(int, int[][], int, String, Object[])

SMALI 语法说明

Fields are likewise always specified in verbose form that includes the type that contains the field, the name of the field, and the type of the field. Again, this is to allow the virtual machine to be able to find the correct field, as well as to perform static analysis on the bytecode.

They take the form

Lpackage/name/ObjectName;->FieldName:Ljava/lang/String;

This should be pretty self-explanatory - it is the package name, the field name and the type of the field respectively.