【Android SDK程序逆向分析与破解系列】之三:Android可执行程序DEX分析(二)
来源:互联网 发布:苹果电影下载软件 编辑:程序博客网 时间:2024/05/01 12:45
作者:郭嘉
邮箱:allenwells@163.com
博客:http://blog.csdn.net/allenwells
github:https://github.com/AllenWells
【Android SDK程序逆向分析与破解系列】章节索引
【Android SDK程序逆向分析与破解系列】之一:Android安装程序APK分析
【Android SDK程序逆向分析与破解系列】之二:Android可执行程序DEX分析(一)
【Android SDK程序逆向分析与破解系列】之三:Android可执行程序DEX分析(二)
【Android SDK程序逆向分析与破解系列】之四:Android可执行程序ODEX分析
【Android SDK程序逆向分析与破解系列】之五:Android APK的静态分析
一 DEX文件结构体分析
Dalvik虚拟机解析DEX文件的内容,最终将其映射成DexMapList数据结构,DexHeader结构中的mapOff字段指明了DexMapList结构在DEX文件中的偏移。
源码位置:dalvik\libdex\DexFile.h
#ifndef LIBDEX_DEXFILE_H_#define LIBDEX_DEXFILE_H_#include "vm/Common.h" // basic type defs, e.g. u1/u2/u4/u8, and LOG#include "libdex/SysUtil.h"/* * gcc-style inline management -- ensures we have a copy of all functions * in the library, so code that links against us will work whether or not * it was built with optimizations enabled. */#ifndef _DEX_GEN_INLINES /* only defined by DexInlines.c */# define DEX_INLINE extern __inline__#else# define DEX_INLINE#endif/* DEX file magic number */#define DEX_MAGIC "dex\n"/* current version, encoded in 4 bytes of ASCII */#define DEX_MAGIC_VERS "036\0"/* * older but still-recognized version (corresponding to Android API * levels 13 and earlier */#define DEX_MAGIC_VERS_API_13 "035\0"/* same, but for optimized DEX header */#define DEX_OPT_MAGIC "dey\n"#define DEX_OPT_MAGIC_VERS "036\0"#define DEX_DEP_MAGIC "deps"/* * 160-bit SHA-1 digest. */enum { kSHA1DigestLen = 20, kSHA1DigestOutputLen = kSHA1DigestLen*2 +1 };/* general constants */enum { kDexEndianConstant = 0x12345678, /* the endianness indicator */ kDexNoIndex = 0xffffffff, /* not a valid index value */};/* * Enumeration of all the primitive types. */enum PrimitiveType { PRIM_NOT = 0, /* value is a reference type, not a primitive type */ PRIM_VOID = 1, PRIM_BOOLEAN = 2, PRIM_BYTE = 3, PRIM_SHORT = 4, PRIM_CHAR = 5, PRIM_INT = 6, PRIM_LONG = 7, PRIM_FLOAT = 8, PRIM_DOUBLE = 9,};/* * access flags and masks; the "standard" ones are all <= 0x4000 * * Note: There are related declarations in vm/oo/Object.h in the ClassFlags * enum. */enum { ACC_PUBLIC = 0x00000001, // class, field, method, ic ACC_PRIVATE = 0x00000002, // field, method, ic ACC_PROTECTED = 0x00000004, // field, method, ic ACC_STATIC = 0x00000008, // field, method, ic ACC_FINAL = 0x00000010, // class, field, method, ic ACC_SYNCHRONIZED = 0x00000020, // method (only allowed on natives) ACC_SUPER = 0x00000020, // class (not used in Dalvik) ACC_VOLATILE = 0x00000040, // field ACC_BRIDGE = 0x00000040, // method (1.5) ACC_TRANSIENT = 0x00000080, // field ACC_VARARGS = 0x00000080, // method (1.5) ACC_NATIVE = 0x00000100, // method ACC_INTERFACE = 0x00000200, // class, ic ACC_ABSTRACT = 0x00000400, // class, method, ic ACC_STRICT = 0x00000800, // method ACC_SYNTHETIC = 0x00001000, // field, method, ic ACC_ANNOTATION = 0x00002000, // class, ic (1.5) ACC_ENUM = 0x00004000, // class, field, ic (1.5) ACC_CONSTRUCTOR = 0x00010000, // method (Dalvik only) ACC_DECLARED_SYNCHRONIZED = 0x00020000, // method (Dalvik only) ACC_CLASS_MASK = (ACC_PUBLIC | ACC_FINAL | ACC_INTERFACE | ACC_ABSTRACT | ACC_SYNTHETIC | ACC_ANNOTATION | ACC_ENUM), ACC_INNER_CLASS_MASK = (ACC_CLASS_MASK | ACC_PRIVATE | ACC_PROTECTED | ACC_STATIC), ACC_FIELD_MASK = (ACC_PUBLIC | ACC_PRIVATE | ACC_PROTECTED | ACC_STATIC | ACC_FINAL | ACC_VOLATILE | ACC_TRANSIENT | ACC_SYNTHETIC | ACC_ENUM), ACC_METHOD_MASK = (ACC_PUBLIC | ACC_PRIVATE | ACC_PROTECTED | ACC_STATIC | ACC_FINAL | ACC_SYNCHRONIZED | ACC_BRIDGE | ACC_VARARGS | ACC_NATIVE | ACC_ABSTRACT | ACC_STRICT | ACC_SYNTHETIC | ACC_CONSTRUCTOR | ACC_DECLARED_SYNCHRONIZED),};/* annotation constants */enum { kDexVisibilityBuild = 0x00, /* annotation visibility */ kDexVisibilityRuntime = 0x01, kDexVisibilitySystem = 0x02, kDexAnnotationByte = 0x00, kDexAnnotationShort = 0x02, kDexAnnotationChar = 0x03, kDexAnnotationInt = 0x04, kDexAnnotationLong = 0x06, kDexAnnotationFloat = 0x10, kDexAnnotationDouble = 0x11, kDexAnnotationString = 0x17, kDexAnnotationType = 0x18, kDexAnnotationField = 0x19, kDexAnnotationMethod = 0x1a, kDexAnnotationEnum = 0x1b, kDexAnnotationArray = 0x1c, kDexAnnotationAnnotation = 0x1d, kDexAnnotationNull = 0x1e, kDexAnnotationBoolean = 0x1f, kDexAnnotationValueTypeMask = 0x1f, /* low 5 bits */ kDexAnnotationValueArgShift = 5,};/* map item type codes */enum { kDexTypeHeaderItem = 0x0000, kDexTypeStringIdItem = 0x0001, kDexTypeTypeIdItem = 0x0002, kDexTypeProtoIdItem = 0x0003, kDexTypeFieldIdItem = 0x0004, kDexTypeMethodIdItem = 0x0005, kDexTypeClassDefItem = 0x0006, kDexTypeMapList = 0x1000, kDexTypeTypeList = 0x1001, kDexTypeAnnotationSetRefList = 0x1002, kDexTypeAnnotationSetItem = 0x1003, kDexTypeClassDataItem = 0x2000, kDexTypeCodeItem = 0x2001, kDexTypeStringDataItem = 0x2002, kDexTypeDebugInfoItem = 0x2003, kDexTypeAnnotationItem = 0x2004, kDexTypeEncodedArrayItem = 0x2005, kDexTypeAnnotationsDirectoryItem = 0x2006,};/* auxillary data section chunk codes */enum { kDexChunkClassLookup = 0x434c4b50, /* CLKP */ kDexChunkRegisterMaps = 0x524d4150, /* RMAP */ kDexChunkEnd = 0x41454e44, /* AEND */};/* debug info opcodes and constants */enum { DBG_END_SEQUENCE = 0x00, DBG_ADVANCE_PC = 0x01, DBG_ADVANCE_LINE = 0x02, DBG_START_LOCAL = 0x03, DBG_START_LOCAL_EXTENDED = 0x04, DBG_END_LOCAL = 0x05, DBG_RESTART_LOCAL = 0x06, DBG_SET_PROLOGUE_END = 0x07, DBG_SET_EPILOGUE_BEGIN = 0x08, DBG_SET_FILE = 0x09, DBG_FIRST_SPECIAL = 0x0a, DBG_LINE_BASE = -4, DBG_LINE_RANGE = 15,};/* * Direct-mapped "header_item" struct. */struct DexHeader { u1 magic[8]; /* DEX版本标识 */ u4 checksum; /* adler32 检验 */ u1 signature[kSHA1DigestLen]; /* SHA-1哈希值 */ u4 fileSize; /* 整个文件大小 */ u4 headerSize; /* DexHeader结构大小 */ u4 endianTag; /* 字节序标记 */ u4 linkSize; /* 链接段大小 */ u4 linkOff; /* 链接段偏移 */ u4 mapOff; /* DexMapList的文件偏移,以下可根据名字以此类推 */ u4 stringIdsSize; u4 stringIdsOff; u4 typeIdsSize; u4 typeIdsOff; u4 protoIdsSize; u4 protoIdsOff; u4 fieldIdsSize; u4 fieldIdsOff; u4 methodIdsSize; u4 methodIdsOff; u4 classDefsSize; u4 classDefsOff; u4 dataSize; /* 数据段大小 */ u4 dataOff; /* 数据段偏移 */};/* * Direct-mapped "map_item". */struct DexMapItem { u2 type; /* kDexType开头的类型 */ u2 unused; /* 未使用,用于字节对齐 */ u4 size; /* 指定类型的个数 */ u4 offset; /* 指定类型数据的文件偏移 */};/* * Direct-mapped "map_list". */struct DexMapList { u4 size; /* DexMapItem的个数 */ DexMapItem list[1]; /* DexMapItem的结构 */};/* * Direct-mapped "string_id_item". */struct DexStringId { u4 stringDataOff; /* 字符串数据偏移,指向字符串数据 */};/* * Direct-mapped "type_id_item". */struct DexTypeId { u4 descriptorIdx; /* 指向DexStringId列表的索引,代表了具体类的类型 */};/* * Direct-mapped "field_id_item". */struct DexFieldId { u2 classIdx; /*类的类型:指向DexTypeId列表的索引 */ u2 typeIdx; /* 声明类型:指向DexProtoId列表的索引 */ u4 nameIdx; /* 方法名:指向DexStringId列表的索引 */};/* * Direct-mapped "method_id_item". */struct DexMethodId { u2 classIdx; /* 类的类型:指向DexTypeId列表的索引 */ u2 protoIdx; /* 声明类型:指向DexProtoId列表的索引 */ u4 nameIdx; /* 方法名:指向DexStringId列表的索引 */};/* * Direct-mapped "proto_id_item". */struct DexProtoId { u4 shortyIdx; /* 指向DexStringId列表的索引,为方法声明字符串 */ u4 returnTypeIdx; /* 指向DexTypeId列表的索引,方法返回类型字符串 */ u4 parametersOff; /* 指向DexTypeList的偏移,存放了方法的参数列表 */};/* * Direct-mapped "class_def_item". */struct DexClassDef { u4 classIdx; /* 类的类型:指向DexTypeId列表的索引 */ u4 accessFlags; /* 访问标志 */ u4 superclassIdx; /* 父类类型:指向DexTypeID列表的索引 */ u4 interfacesOff; /* 接口:指向DexTypeList的偏移 */ u4 sourceFileIdx; /* 源文件名:指向DexStringId列表的索引 */ u4 annotationsOff; /* 注解:指向DexAnnotationsDirectoryItem结构 */ u4 classDataOff; /* 指向DexClassData结构的偏移 */ u4 staticValuesOff; /* 指向DexEncodedArray结构的偏移 */};/* * Direct-mapped "type_item". */struct DexTypeItem { u2 typeIdx; /* 指向DexTypeId列表的索引 */};/* * Direct-mapped "type_list". */struct DexTypeList { u4 size; /* 接下来DexTypeItem的个数 */ DexTypeItem list[1]; /* DexTypeItem结构 */};/* * Direct-mapped "code_item". * * The "catches" table is used when throwing an exception, * "debugInfo" is used when displaying an exception stack trace or * debugging. An offset of zero indicates that there are no entries. */struct DexCode { u2 registersSize; /* 使用的寄存器个数 */ u2 insSize; /* 参数个数 */ u2 outsSize; /* 调用其他方式时使用的寄存器个数 */ u2 triesSize; /* try/catch个数 */ u4 debugInfoOff; /* 指向调试信息的偏移 */ u4 insnsSize; /* 指令集的个数,以2字节为单位 */ u2 insns[1]; /* 指令集 */ /* 2字节空间用于结构对齐 */ /* try_item[triesSize],DexTry结构 */ /* try/catch总handler的个数 */ /* catch_handler_item[handlersSize],DexCatchHandler结构 */};/* * Direct-mapped "try_item". */struct DexTry { u4 startAddr; /* start address, in 16-bit code units */ u2 insnCount; /* instruction count, in 16-bit code units */ u2 handlerOff; /* offset in encoded handler data to handlers */};/* * Link table. Currently undefined. */struct DexLink { u1 bleargh;};/* * Direct-mapped "annotations_directory_item". */struct DexAnnotationsDirectoryItem { u4 classAnnotationsOff; /* offset to DexAnnotationSetItem */ u4 fieldsSize; /* count of DexFieldAnnotationsItem */ u4 methodsSize; /* count of DexMethodAnnotationsItem */ u4 parametersSize; /* count of DexParameterAnnotationsItem */ /* followed by DexFieldAnnotationsItem[fieldsSize] */ /* followed by DexMethodAnnotationsItem[methodsSize] */ /* followed by DexParameterAnnotationsItem[parametersSize] */};/* * Direct-mapped "field_annotations_item". */struct DexFieldAnnotationsItem { u4 fieldIdx; u4 annotationsOff; /* offset to DexAnnotationSetItem */};/* * Direct-mapped "method_annotations_item". */struct DexMethodAnnotationsItem { u4 methodIdx; u4 annotationsOff; /* offset to DexAnnotationSetItem */};/* * Direct-mapped "parameter_annotations_item". */struct DexParameterAnnotationsItem { u4 methodIdx; u4 annotationsOff; /* offset to DexAnotationSetRefList */};/* * Direct-mapped "annotation_set_ref_item". */struct DexAnnotationSetRefItem { u4 annotationsOff; /* offset to DexAnnotationSetItem */};/* * Direct-mapped "annotation_set_ref_list". */struct DexAnnotationSetRefList { u4 size; DexAnnotationSetRefItem list[1];};/* * Direct-mapped "annotation_set_item". */struct DexAnnotationSetItem { u4 size; u4 entries[1]; /* offset to DexAnnotationItem */};/* * Direct-mapped "annotation_item". * * NOTE: this structure is byte-aligned. */struct DexAnnotationItem { u1 visibility; u1 annotation[1]; /* data in encoded_annotation format */};/* * Direct-mapped "encoded_array". * * NOTE: this structure is byte-aligned. */struct DexEncodedArray { u1 array[1]; /* data in encoded_array format */};/* * Lookup table for classes. It provides a mapping from class name to * class definition. Used by dexFindClass(). * * We calculate this at DEX optimization time and embed it in the file so we * don't need the same hash table in every VM. This is slightly slower than * a hash table with direct pointers to the items, but because it's shared * there's less of a penalty for using a fairly sparse table. */struct DexClassLookup { int size; // total size, including "size" int numEntries; // size of table[]; always power of 2 struct { u4 classDescriptorHash; // class descriptor hash code int classDescriptorOffset; // in bytes, from start of DEX int classDefOffset; // in bytes, from start of DEX } table[1];};/* * Header added by DEX optimization pass. Values are always written in * local byte and structure padding. The first field (magic + version) * is guaranteed to be present and directly readable for all expected * compiler configurations; the rest is version-dependent. * * Try to keep this simple and fixed-size. */struct DexOptHeader { u1 magic[8]; /* includes version number */ u4 dexOffset; /* file offset of DEX header */ u4 dexLength; u4 depsOffset; /* offset of optimized DEX dependency table */ u4 depsLength; u4 optOffset; /* file offset of optimized data tables */ u4 optLength; u4 flags; /* some info flags */ u4 checksum; /* adler32 checksum covering deps/opt */ /* pad for 64-bit alignment if necessary */};#define DEX_OPT_FLAG_BIG (1<<1) /* swapped to big-endian */#define DEX_INTERFACE_CACHE_SIZE 128 /* must be power of 2 *//* * Structure representing a DEX file. * * Code should regard DexFile as opaque, using the API calls provided here * to access specific structures. */struct DexFile { /* directly-mapped "opt" header */ const DexOptHeader* pOptHeader; /* pointers to directly-mapped structs and arrays in base DEX */ const DexHeader* pHeader; const DexStringId* pStringIds; const DexTypeId* pTypeIds; const DexFieldId* pFieldIds; const DexMethodId* pMethodIds; const DexProtoId* pProtoIds; const DexClassDef* pClassDefs; const DexLink* pLinkData; /* * These are mapped out of the "auxillary" section, and may not be * included in the file. */ const DexClassLookup* pClassLookup; const void* pRegisterMapPool; // RegisterMapClassPool /* points to start of DEX file data */ const u1* baseAddr; /* track memory overhead for auxillary structures */ int overhead; /* additional app-specific data structures associated with the DEX */ //void* auxData;};/* * Utility function -- rounds up to the nearest power of 2. */u4 dexRoundUpPower2(u4 val);/* * Parse an optimized or unoptimized .dex file sitting in memory. * * On success, return a newly-allocated DexFile. */DexFile* dexFileParse(const u1* data, size_t length, int flags);/* bit values for "flags" argument to dexFileParse */enum { kDexParseDefault = 0, kDexParseVerifyChecksum = 1, kDexParseContinueOnError = (1 << 1),};/* * Fix the byte ordering of all fields in the DEX file, and do * structural verification. This is only required for code that opens * "raw" DEX files, such as the DEX optimizer. * * Return 0 on success. */int dexSwapAndVerify(u1* addr, int len);/* * Detect the file type of the given memory buffer via magic number. * Call dexSwapAndVerify() on an unoptimized DEX file, do nothing * but return successfully on an optimized DEX file, and report an * error for all other cases. * * Return 0 on success. */int dexSwapAndVerifyIfNecessary(u1* addr, int len);/* * Check to see if the file magic and format version in the given * header are recognized as valid. Returns true if they are * acceptable. */bool dexHasValidMagic(const DexHeader* pHeader);/* * Compute DEX checksum. */u4 dexComputeChecksum(const DexHeader* pHeader);/* * Free a DexFile structure, along with any associated structures. */void dexFileFree(DexFile* pDexFile);/* * Create class lookup table. */DexClassLookup* dexCreateClassLookup(DexFile* pDexFile);/* * Find a class definition by descriptor. */const DexClassDef* dexFindClass(const DexFile* pFile, const char* descriptor);/* * Set up the basic raw data pointers of a DexFile. This function isn't * meant for general use. */void dexFileSetupBasicPointers(DexFile* pDexFile, const u1* data);/* return the DexMapList of the file, if any */DEX_INLINE const DexMapList* dexGetMap(const DexFile* pDexFile) { u4 mapOff = pDexFile->pHeader->mapOff; if (mapOff == 0) { return NULL; } else { return (const DexMapList*) (pDexFile->baseAddr + mapOff); }}/* return the const char* string data referred to by the given string_id */DEX_INLINE const char* dexGetStringData(const DexFile* pDexFile, const DexStringId* pStringId) { const u1* ptr = pDexFile->baseAddr + pStringId->stringDataOff; // Skip the uleb128 length. while (*(ptr++) > 0x7f) /* empty */ ; return (const char*) ptr;}/* return the StringId with the specified index */DEX_INLINE const DexStringId* dexGetStringId(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->stringIdsSize); return &pDexFile->pStringIds[idx];}/* return the UTF-8 encoded string with the specified string_id index */DEX_INLINE const char* dexStringById(const DexFile* pDexFile, u4 idx) { const DexStringId* pStringId = dexGetStringId(pDexFile, idx); return dexGetStringData(pDexFile, pStringId);}/* Return the UTF-8 encoded string with the specified string_id index, * also filling in the UTF-16 size (number of 16-bit code points).*/const char* dexStringAndSizeById(const DexFile* pDexFile, u4 idx, u4* utf16Size);/* return the TypeId with the specified index */DEX_INLINE const DexTypeId* dexGetTypeId(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->typeIdsSize); return &pDexFile->pTypeIds[idx];}/* * Get the descriptor string associated with a given type index. * The caller should not free() the returned string. */DEX_INLINE const char* dexStringByTypeIdx(const DexFile* pDexFile, u4 idx) { const DexTypeId* typeId = dexGetTypeId(pDexFile, idx); return dexStringById(pDexFile, typeId->descriptorIdx);}/* return the MethodId with the specified index */DEX_INLINE const DexMethodId* dexGetMethodId(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->methodIdsSize); return &pDexFile->pMethodIds[idx];}/* return the FieldId with the specified index */DEX_INLINE const DexFieldId* dexGetFieldId(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->fieldIdsSize); return &pDexFile->pFieldIds[idx];}/* return the ProtoId with the specified index */DEX_INLINE const DexProtoId* dexGetProtoId(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->protoIdsSize); return &pDexFile->pProtoIds[idx];}/* * Get the parameter list from a ProtoId. The returns NULL if the ProtoId * does not have a parameter list. */DEX_INLINE const DexTypeList* dexGetProtoParameters( const DexFile *pDexFile, const DexProtoId* pProtoId) { if (pProtoId->parametersOff == 0) { return NULL; } return (const DexTypeList*) (pDexFile->baseAddr + pProtoId->parametersOff);}/* return the ClassDef with the specified index */DEX_INLINE const DexClassDef* dexGetClassDef(const DexFile* pDexFile, u4 idx) { assert(idx < pDexFile->pHeader->classDefsSize); return &pDexFile->pClassDefs[idx];}/* given a ClassDef pointer, recover its index */DEX_INLINE u4 dexGetIndexForClassDef(const DexFile* pDexFile, const DexClassDef* pClassDef){ assert(pClassDef >= pDexFile->pClassDefs && pClassDef < pDexFile->pClassDefs + pDexFile->pHeader->classDefsSize); return pClassDef - pDexFile->pClassDefs;}/* get the interface list for a DexClass */DEX_INLINE const DexTypeList* dexGetInterfacesList(const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->interfacesOff == 0) return NULL; return (const DexTypeList*) (pDexFile->baseAddr + pClassDef->interfacesOff);}/* return the Nth entry in a DexTypeList. */DEX_INLINE const DexTypeItem* dexGetTypeItem(const DexTypeList* pList, u4 idx){ assert(idx < pList->size); return &pList->list[idx];}/* return the type_idx for the Nth entry in a TypeList */DEX_INLINE u4 dexTypeListGetIdx(const DexTypeList* pList, u4 idx) { const DexTypeItem* pItem = dexGetTypeItem(pList, idx); return pItem->typeIdx;}/* get the static values list for a DexClass */DEX_INLINE const DexEncodedArray* dexGetStaticValuesList( const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->staticValuesOff == 0) return NULL; return (const DexEncodedArray*) (pDexFile->baseAddr + pClassDef->staticValuesOff);}/* get the annotations directory item for a DexClass */DEX_INLINE const DexAnnotationsDirectoryItem* dexGetAnnotationsDirectoryItem( const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->annotationsOff == 0) return NULL; return (const DexAnnotationsDirectoryItem*) (pDexFile->baseAddr + pClassDef->annotationsOff);}/* get the source file string */DEX_INLINE const char* dexGetSourceFile( const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->sourceFileIdx == 0xffffffff) return NULL; return dexStringById(pDexFile, pClassDef->sourceFileIdx);}/* get the size, in bytes, of a DexCode */size_t dexGetDexCodeSize(const DexCode* pCode);/* Get the list of "tries" for the given DexCode. */DEX_INLINE const DexTry* dexGetTries(const DexCode* pCode) { const u2* insnsEnd = &pCode->insns[pCode->insnsSize]; // Round to four bytes. if ((((uintptr_t) insnsEnd) & 3) != 0) { insnsEnd++; } return (const DexTry*) insnsEnd;}/* Get the base of the encoded data for the given DexCode. */DEX_INLINE const u1* dexGetCatchHandlerData(const DexCode* pCode) { const DexTry* pTries = dexGetTries(pCode); return (const u1*) &pTries[pCode->triesSize];}/* get a pointer to the start of the debugging data */DEX_INLINE const u1* dexGetDebugInfoStream(const DexFile* pDexFile, const DexCode* pCode){ if (pCode->debugInfoOff == 0) { return NULL; } else { return pDexFile->baseAddr + pCode->debugInfoOff; }}/* DexClassDef convenience - get class descriptor */DEX_INLINE const char* dexGetClassDescriptor(const DexFile* pDexFile, const DexClassDef* pClassDef){ return dexStringByTypeIdx(pDexFile, pClassDef->classIdx);}/* DexClassDef convenience - get superclass descriptor */DEX_INLINE const char* dexGetSuperClassDescriptor(const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->superclassIdx == 0) return NULL; return dexStringByTypeIdx(pDexFile, pClassDef->superclassIdx);}/* DexClassDef convenience - get class_data_item pointer */DEX_INLINE const u1* dexGetClassData(const DexFile* pDexFile, const DexClassDef* pClassDef){ if (pClassDef->classDataOff == 0) return NULL; return (const u1*) (pDexFile->baseAddr + pClassDef->classDataOff);}/* Get an annotation set at a particular offset. */DEX_INLINE const DexAnnotationSetItem* dexGetAnnotationSetItem( const DexFile* pDexFile, u4 offset){ if (offset == 0) { return NULL; } return (const DexAnnotationSetItem*) (pDexFile->baseAddr + offset);}/* get the class' annotation set */DEX_INLINE const DexAnnotationSetItem* dexGetClassAnnotationSet( const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ return dexGetAnnotationSetItem(pDexFile, pAnnoDir->classAnnotationsOff);}/* get the class' field annotation list */DEX_INLINE const DexFieldAnnotationsItem* dexGetFieldAnnotations( const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; if (pAnnoDir->fieldsSize == 0) return NULL; // Skip past the header to the start of the field annotations. return (const DexFieldAnnotationsItem*) &pAnnoDir[1];}/* get field annotation list size */DEX_INLINE int dexGetFieldAnnotationsSize(const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; return pAnnoDir->fieldsSize;}/* return a pointer to the field's annotation set */DEX_INLINE const DexAnnotationSetItem* dexGetFieldAnnotationSetItem( const DexFile* pDexFile, const DexFieldAnnotationsItem* pItem){ return dexGetAnnotationSetItem(pDexFile, pItem->annotationsOff);}/* get the class' method annotation list */DEX_INLINE const DexMethodAnnotationsItem* dexGetMethodAnnotations( const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; if (pAnnoDir->methodsSize == 0) return NULL; /* * Skip past the header and field annotations to the start of the * method annotations. */ const u1* addr = (const u1*) &pAnnoDir[1]; addr += pAnnoDir->fieldsSize * sizeof (DexFieldAnnotationsItem); return (const DexMethodAnnotationsItem*) addr;}/* get method annotation list size */DEX_INLINE int dexGetMethodAnnotationsSize(const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; return pAnnoDir->methodsSize;}/* return a pointer to the method's annotation set */DEX_INLINE const DexAnnotationSetItem* dexGetMethodAnnotationSetItem( const DexFile* pDexFile, const DexMethodAnnotationsItem* pItem){ return dexGetAnnotationSetItem(pDexFile, pItem->annotationsOff);}/* get the class' parameter annotation list */DEX_INLINE const DexParameterAnnotationsItem* dexGetParameterAnnotations( const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; if (pAnnoDir->parametersSize == 0) return NULL; /* * Skip past the header, field annotations, and method annotations * to the start of the parameter annotations. */ const u1* addr = (const u1*) &pAnnoDir[1]; addr += pAnnoDir->fieldsSize * sizeof (DexFieldAnnotationsItem); addr += pAnnoDir->methodsSize * sizeof (DexMethodAnnotationsItem); return (const DexParameterAnnotationsItem*) addr;}/* get method annotation list size */DEX_INLINE int dexGetParameterAnnotationsSize(const DexFile* pDexFile, const DexAnnotationsDirectoryItem* pAnnoDir){ (void) pDexFile; return pAnnoDir->parametersSize;}/* return the parameter annotation ref list */DEX_INLINE const DexAnnotationSetRefList* dexGetParameterAnnotationSetRefList( const DexFile* pDexFile, const DexParameterAnnotationsItem* pItem){ if (pItem->annotationsOff == 0) { return NULL; } return (const DexAnnotationSetRefList*) (pDexFile->baseAddr + pItem->annotationsOff);}/* get method annotation list size */DEX_INLINE int dexGetParameterAnnotationSetRefSize(const DexFile* pDexFile, const DexParameterAnnotationsItem* pItem){ if (pItem->annotationsOff == 0) { return 0; } return dexGetParameterAnnotationSetRefList(pDexFile, pItem)->size;}/* return the Nth entry from an annotation set ref list */DEX_INLINE const DexAnnotationSetRefItem* dexGetParameterAnnotationSetRef( const DexAnnotationSetRefList* pList, u4 idx){ assert(idx < pList->size); return &pList->list[idx];}/* given a DexAnnotationSetRefItem, return the DexAnnotationSetItem */DEX_INLINE const DexAnnotationSetItem* dexGetSetRefItemItem( const DexFile* pDexFile, const DexAnnotationSetRefItem* pItem){ return dexGetAnnotationSetItem(pDexFile, pItem->annotationsOff);}/* return the Nth annotation offset from a DexAnnotationSetItem */DEX_INLINE u4 dexGetAnnotationOff( const DexAnnotationSetItem* pAnnoSet, u4 idx){ assert(idx < pAnnoSet->size); return pAnnoSet->entries[idx];}/* return the Nth annotation item from a DexAnnotationSetItem */DEX_INLINE const DexAnnotationItem* dexGetAnnotationItem( const DexFile* pDexFile, const DexAnnotationSetItem* pAnnoSet, u4 idx){ u4 offset = dexGetAnnotationOff(pAnnoSet, idx); if (offset == 0) { return NULL; } return (const DexAnnotationItem*) (pDexFile->baseAddr + offset);}/* * Get the type descriptor character associated with a given primitive * type. This returns '\0' if the type is invalid. */char dexGetPrimitiveTypeDescriptorChar(PrimitiveType type);/* * Get the type descriptor string associated with a given primitive * type. */const char* dexGetPrimitiveTypeDescriptor(PrimitiveType type);/* * Get the boxed type descriptor string associated with a given * primitive type. This returns NULL for an invalid type, including * particularly for type "void". In the latter case, even though there * is a class Void, there's no such thing as a boxed instance of it. */const char* dexGetBoxedTypeDescriptor(PrimitiveType type);/* * Get the primitive type constant from the given descriptor character. * This returns PRIM_NOT (note: this is a 0) if the character is invalid * as a primitive type descriptor. */PrimitiveType dexGetPrimitiveTypeFromDescriptorChar(char descriptorChar);#endif // LIBDEX_DEXFILE_H_
0 0
- 【Android SDK程序逆向分析与破解系列】之三:Android可执行程序DEX分析(二)
- 【Android SDK程序逆向分析与破解系列】之二:Android可执行程序DEX分析(一)
- 【Android SDK程序逆向分析与破解系列】之四:Android可执行程序ODEX分析
- 【Android SDK程序逆向分析与破解系列】之五:Android APK的静态分析
- 【Android SDK程序逆向分析与破解系列】之一:Android安装程序APK分析
- 逆向分析 Android 程序
- 逆向分析 Android 程序
- android逆向学习,笔记(三)静态分析android程序
- 自用Android程序破解,逆向分析工具集
- Android安全:如何逆向分析Android程序
- 分析Android程序之破解第一个程序
- 手把手教你逆向分析 Android 程序
- 逆向分析 Android 程序- 内存内存
- 手把手教你逆向分析 Android 程序
- 手把手教你逆向分析android程序
- 手把手教你逆向分析 Android 程序
- 手把手教你逆向分析 Android 程序
- Android逆向分析基础-静态分析Android程序
- reading schema error: null
- 求线段交点
- 转载)爱加密亮相2015广州国际游博会,弘扬安全正能量
- ViewHolder工具类实现
- fragment(8)根据id查找fragment
- 【Android SDK程序逆向分析与破解系列】之三:Android可执行程序DEX分析(二)
- VC中的字符串【转】
- C# - String.Empty vs ""
- JS中判断null、undefined与NaN的方法
- 安卓WIFI原理浅析
- 程序化交易系统总结
- 漫谈高数 特征向量物理意义
- iText中输出中文
- Ride to School