Why is this an invalid smali register?

Question

I injected this piece of code invoke-static {p0}, Lcom/outfit7/talkingtomcandyrun/Toast;->show(Landroid/content/Context;)V in a decompiled app.

Like this:

.line 70
    move-object/from16 v0, p0

    iget-object v0, v0, Lcom/bee7/gamewall/dialogs/BannerNotificationDialog;->sharedPreferencesNotificationsHelper:Lcom/bee7/sdk/common/util/SharedPreferencesNotificationsHelper;

    move-object/from16 v21, v0

    sget v22, Lcom/bee7/gamewall/BannerNotification;->NUMBER_OF_REWARD_BANNER_NOTIFICATIONS_LAYOUTS:I

    invoke-virtual/range {v21 .. v22}, Lcom/bee7/sdk/common/util/SharedPreferencesNotificationsHelper;->getNextRewardNotificationLayout(I)I

    .line 76
    sget v21, Lcom/bee7/gamewall/R$layout;->gamewall_banner_notification_reward_0:I

    move-object/from16 v0, p0

    move/from16 v1, v21

    invoke-virtual {v0, v1}, Lcom/bee7/gamewall/dialogs/BannerNotificationDialog;->setContentView(I)V     
    invoke-static {p0}, Lcom/outfit7/talkingtomcandyrun/Toast;->show(Landroid/content/Context;)V

    .line 77
    const/16 v21, 0x1

    move/from16 v0, v21

    move-object/from16 v1, p0

    iput v0, v1, Lcom/bee7/gamewall/dialogs/BannerNotificationDialog;->numberOfOffersInBannerNotification:I

But when i tried to build it with apktool i rechieve the following message:

com.outfit7.talkingtomcandyrun\smali\com\bee7\gamewall\dialogs\BannerNotificationDialog.smali[179,106] Invalid register: v25. Must be between v0 and v15, inclusive.

Referring to this line: invoke-virtual {v0, v1}, Lcom/bee7/gamewall/dialogs/BannerNotificationDialog;->setContentView(I)V.

Why am i getting this error? I don't even see register v25 in the code.

Edit:

I tried it with some other apps and noticed that the error always adds 1 to the highest register. So if the highest register in the method is v17 it will say Invalid register: v18.

Answer 1

If you look at the documentation for the invoke-static opcode, you'll see that it uses 4 bits to encode each parameter register, which only allows it to reference registers 0-15.

p0 is a parameter register, and the parameter registers are at the end of the "allocated" register range in the method.

So, if the method has, say, 30 registers (.registers 30), and it has 5 (non-long/non-double) arguments, then the arguments to the method will be passed in as v25-v29. The pNN registers are just an alias to this range of registers at the end. So in this case, p0 is an alias for v25. p1 is an alias for v26, etc.

Also, when counting up the number of arguments, don't forget to include the implicit this argument for non-static methods, which is always the first passed argument. i.e. p0

In this case, your best bet is to use invoke-static/range instead, which accepts a contiguous range of registers, and can directly reference these higher registers.

e.g.

invoke-static/range {p0}, Lcom/outfit7/talkingtomcandyrun/Toast;->show(Landroid/content/Context;)V`

Another option would be to use move-object to swap the value in p0 with a lower register temporarily, and then swap it back afterward. You'll need to find or create an unused register in order to do the swap, of course.