It is necessary to accurately determine the location of the insertion of our method call.
We have to find not far from the beginning of the method, code like this (especially left an excessive amount thereof):
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mButtonLightEnabled: Z
if-eqz v3,: cond_1
if-eqz v19,: cond_1
if-nez v32,: cond_1
const / 4 v3, 0x3
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 4 v3, 0x4
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x52
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x54
move / from16 v0, v25
if-ne v0, v3,: cond_1
.line 2162
: cond_0
: try_start_0
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mLight: Landroid / os / IHardwareService;
const / 4 v5, 0x1
invoke-interface {v3, v5}, Landroid / os / IHardwareService; ->setButtonLightEnabled (Z) V
: try_end_0
.catch Landroid / os / RemoteException; {: Try_start_0 ..: try_end_0}: catch_0
.line 2171
: cond_1
: goto_1
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mScreenshotChordEnabled: Z
if-eqz v3,: cond_8
move / from16 v0, v22
and-int / lit16 v3, v0, 0x400
if-nez v3,: cond_8
.line 2172
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mVolumeDownKeyTriggered: Z
if-eqz v3,: cond_3
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mPowerKeyTriggered: Z
if-nez v3,: cond_3
And here, between
: cond_1 and
: goto_1 insert the call of our method as follows (in bold):
Option A. If you do not have my mod "4-level taskkiler" -
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mButtonLightEnabled: Z
if-eqz v3,: cond_1
if-eqz v19,: cond_1
if-nez v32,: cond_1
const / 4 v3, 0x3
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 4 v3, 0x4
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x52
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x54
move / from16 v0, v25
if-ne v0, v3,: cond_1
.line 2162
: cond_0
: try_start_0
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mLight: Landroid / os / IHardwareService;
const / 4 v5, 0x1
invoke-interface {v3, v5}, Landroid / os / IHardwareService; ->setButtonLightEnabled (Z) V
: try_end_0
.catch Landroid / os / RemoteException; {: Try_start_0 ..: try_end_0}: catch_0
.line 2171
: cond_1
if-nez v32,: cond_aa
move / from16 v0, v25
const / 4 v3, 0x3
if-ne v0, v3,: cond_aa
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mHandleHome: Lfreeflax / handlehome / HandleHome $ Main;
move / from16 v0, v19
invoke-virtual {v3, v0}, Lfreeflax / handlehome / HandleHome $ Main; ->FFgetHandleHomeActivity (I) I
move-result v3
if-nez v3,: cond_4
: cond_aa
: goto_1
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mScreenshotChordEnabled: Z
if-eqz v3,: cond_8
move / from16 v0, v22
and-int / lit16 v3, v0, 0x400
if-nez v3,: cond_8
.line 2172
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mVolumeDownKeyTriggered: Z
if-eqz v3,: cond_3
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mPowerKeyTriggered: Z
if-nez v3,: cond_3
Option B. If you are my mod "4-level taskkiler" is set, with him it would look like this -
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mButtonLightEnabled: Z
if-eqz v3,: cond_1
if-eqz v19,: cond_1
if-nez v32,: cond_1
const / 4 v3, 0x3
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 4 v3, 0x4
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x52
move / from16 v0, v25
if-eq v0, v3,: cond_0
const / 16 v3, 0x54
move / from16 v0, v25
if-ne v0, v3,: cond_1
.line 2162
: cond_0
: try_start_0
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mLight: Landroid / os / IHardwareService;
const / 4 v5, 0x1
invoke-interface {v3, v5}, Landroid / os / IHardwareService; ->setButtonLightEnabled (Z) V
: try_end_0
.catch Landroid / os / RemoteException; {: Try_start_0 ..: try_end_0}: catch_0
.line 2171
: cond_1
if-nez v32,: cond_ab
move / from16 v0, v25
const / 4 v3, 0x4
if-ne v0, v3,: cond_aa
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mTaskKill: Lfreeflax / taskkill / TaskKill $ Main;
move / from16 v0, v19
invoke-virtual {v3, v0}, Lfreeflax / taskkill / TaskKill $ Main; ->FFgetTaskKillActivity (I) V
: cond_aa
move / from16 v0, v25
const / 4 v3, 0x3
if-ne v0, v3,: cond_ab
move-object / from16 v0, p0
iget-object v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mHandleHome: Lfreeflax / handlehome / HandleHome $ Main;
move / from16 v0, v19
invoke-virtual {v3, v0}, Lfreeflax / handlehome / HandleHome $ Main; ->FFgetHandleHomeActivity (I) I
move-result v3
if-nez v3,: cond_4 # before return
: cond_ab
: goto_1
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mScreenshotChordEnabled: Z
if-eqz v3,: cond_8
move / from16 v0, v22
and-int / lit16 v3, v0, 0x400
if-nez v3,: cond_8
.line 2172
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mVolumeDownKeyTriggered: Z
if-eqz v3,: cond_3
move-object / from16 v0, p0
iget-boolean v3, v0, Lcom / android / internal / policy / impl / PhoneWindowManager; ->mPowerKeyTriggered: Z
if-nez v3,: cond_3
In the inserted code is necessary to pay attention to the following registers whose numbers you have most likely to change:
v3 - should be free register which can be used (refer to such method in the code registers, the contents of which are further repeatedly changes in the method).
v19 - in this case I have written at the beginning of the method attribute press / release by key
getAction () I :
invoke-virtual / range {p2 .. p2}, Landroid / view / KeyEvent; ->getAction () I
move-result v3
if-nez v3,: cond_2
const / 16 v19, 0x1
v25 - in this case at the beginning of the method I have entered key-code method
getKeyCode () I :
invoke-virtual / range {p2 .. p2}, Landroid / view / KeyEvent; ->getKeyCode () I
move-result v25
v32 - in this case at the beginning of the method I have entered a sign of repeated keystrokes by
getRepeatCount () I :
invoke-virtual / range {p2 .. p2}, Landroid / view / KeyEvent; ->getRepeatCount () I
move-result v32
: cond_4 - should make the transition to the output of the method, but with assignment of values.
I have the transition of
cond_4: the following code:
: cond_4
const-wide / 16 v5, -0x1
goto: goto_2
and if you go back on
goto_2 , We see a way out of the method: