root@omega:/data/local/tmp # ./Gdump
./Gdump
error: only position independent executables (PIE) are supported.

可以像JEB一样 找到接口所有的重装方法吗

can your tool write apk with signature?

I ran into a bug to which I don't quite know how to reproduce it.

I'm analyzing the version 177.0.0.30.119 from Instagram (x86) (download here).

In the class X.0bP, method A00, the class X.0cU will be constructed. It's right after the switch statement (location 0313 in smali-view) in the method. This is where the problem lies. The smali code says, the class X.0cU should be constructed using invoke-direct/range {v16 ... v38}, so with arguments/parameters from v17 to v38. But the Java-code only shows a "blank" constructor with no arguments.

There are also other bugs (probably) related to this. In instructions prior to this, you can see method calls whos value is immediately discarded such as Boolean.valueOf(true) or Long.valueOf(...). Looking at the smali code, you can see that the return values of these are used to construct X.0cU (locations 02b8 and 02d4).

However, looking at X.0cU directly reveals that the constructor takes seemingly no parameters. But the constructor body uses registers v2 through v22 to assign its class-members.

I'm not sure where the root of this bug lies but it would be nice if this could be fixed.

CalebFenton/simplify#140
Sample from this issue when decompile with GDA only show 1 class in L/ package while JEB show many more classes. So GDA simply not recognizing those classes

在反编译某一款apk时，GDA闪退。apktool jadx jeb3都没问题，有点针对？
apk地址:链接：https://pan.baidu.com/s/1qrOBRgN21DE86P0du0jkbQ 提取码：r72e

目标apk：抖音_14.7.0
拖入apk到GDA3.90中，分析完成后提示"计算机内存不足",实际上此时计算机的内存占用率才30%左右。
GDA3.90之前的版本，均卡在99%的进度不动。希望能加以修复

I ran into the problem, it is not possible to increase the window size, tried using Altmove but it does not help. This is a very strange decision on your part. In the search box too. How do I resize the window?

This version is missing under Types: All Strings bzw: All

你好，看到有关GDA的介绍，里面谈到是通过使用定义计数法实现数据流分析，能不能介绍一下，实在没有找到相关资料，谢谢

Instagram

Originally posted by @kj9lj in #37 (comment)

反编译时，如果包下面有一个a包，还有一个a类。a包不会在列表中显示，这是个bug

Could you let me know which part of your software triggered the detection?

Is there any way to open the java jar file...?

check virustotal

Step to reproduce:

1: open any dex and use python script
2.: again use python script
3: gda crash with error

When i try to rename variables like p0, p1 .. etc it crashes.

Can you fix it pls?

hi dev , packer detection is just awesome . if there can be a option to unpack those packers it will be a great work . thanks

There are some issues with the GDA window itself on windows.

• The "recent searches" window is not in its own window (so you can select it on the taskbar). It also appears on every desktop.

• Clicking on the icon in the taskbar while the window is in focus doesn't do anything (it should be minimized).

• ALT and space doesn't do anything.

• The window isn't resizable.

• There's no dialog to save if there are changes/renamed variables once the application is closed.

• Not sure if it's really happening, but it feels like the window is still rendering while it can't be seen, so it needs more processing power.

Maybe there are more issues related to the window behaving different compared to others.

If you click on GDA Searching and select all under Types, the program crashes!

能获取h5封装的apk中的url吗?

when i use python scripts, it have no response, and when i load again, it crashed, just like last issues has said.
when i load java scripts, program tell me that i should use javac to complile it(which script i load is Example1Getting),so i load the Example1Getting.class, and program tell me that i didn't have a java env, so i tell program where the jvm.dll is, then it loading and loading and crashed.
maybe is the problem of java version?

GDA3.85打开大文件会直接崩溃闪退

There is no connection to the process when working with a dump. I tried it on three phones. The program simply does not respond. what could be the problem?

& 和 << 在一起的时候括号会丢失导致实际运算变了
正确的应该是（jeb反编译）
out.write((p1.length & 1) << 7 | v2.length);
gda 反编译结果
out.write(p1.length & 1 << 7 | v2.length);

I try to deobfuscate small dex which was heavily obfuscated, but nothing was changed after it finished.
I am missing something?
classes3.zip

GDA3.8
0x4366D6 mov byte ptr [EBX+EDX],0
EBX是malloc申请的内存,打开大文件如果申请内存失败,再写入[EBX+EDX] 就崩了

This isn't an important feature, but it would be nice if one could double click on text and have it selected like in other editors.

使用GDA打开Android jar/aar提示select dx.bat in android sdk path
选择完毕之后提示dx cannot process current jar/class file, please check it

it shows a trojan win32/occamy.c

使用V2方式签名的应用，GDA签名信息无法提取出来。提示

If you select Instruction Edit and change a jump, the program crashes at Export Modified Dexs ...

兄弟，没有行号，行号在逆向分析里面很重要

样本:QQ邮箱5.7.2
下载地址:https://www.wandoujia.com/apps/246975

类似问题:

• skylot/jadx#936
• Konloch/bytecode-viewer#276

During compilation, some "pipelines" put commonly used strings in a global string "table" (or multiple). This "table" is essentially a big method with a switch-case statement deciding on the input which string to return.

public static String 9C4.A00(int p0)	//method@000f28
{
   switch (p0){	
       case 0:	
         return "null cannot be cast to non-null type android.view.ViewGroup";
       case 1:	
         return "DirectFragment.DIRECT_FRAGMENT_ARGUMENT_THREAD_ID";
       case 2:	
         return "null cannot be cast to non-null type android.app.Activity";
       case 3:	
         return "DirectFragment.ENTRY_POINT";
       case 4:	
         return "direct_quick_reply_camera_fragment";
       case 5:	
         return "onRealtimeEventPayload exception";
       case 6:	
         return "primary_button";
       // ...
   }
}

Now when using X-Ref, all the calls to this method are returned, but each call "requests" a different string. So one would need to check each call to find the use of a given string.

Feature Request

There are two possibilities for a solution that come to my mind.

1. Inline these calls. Which seems reasonable, but may not be desired by the user as the code gets changed. It seems like this could be done with a plugin/script.

2. Show arguments to a method call. This is the least destructive way of solving this: For simple methods and method calls (only accepting a few arguments and all of them are primitives, and for calls: all arguments are static) show the call signature in the X-Ref window.

The window could show this for example:

Code:

someMethod() {
    staticString(1, 2);
}
otherMethod() {
    staticString(1, getArgument());
}

When analyzing an apk, you not only have to find a class/string etc. but also calls to a method or property inside it.
So for example Method a() calls b(). Then right clicking (or similar) could allow a search for calls to b() and then reveal the call in a(). The same for properties. Property A.a is accessed in A.b() for example.
This would improve the the speed of working with GDA.

it shows a trojan win32/occamy.c

RT

报：Trojan:Win32/Occamy.C

it shows a trojan win32/occamy.c

When searching for strings in an apk file, there's sometimes an exact camparison needed. In a relatively large app, searching e.g. for "update" will also return strings that include the word update (e.g. "updated", "will update"). This may exceed the capacity of the search, so matches are not shown.

My feature request would be that the search for a string would decide on what to check for:

"update" ➡ searches for exact strings of update
update ➡ searches for strings that include update

Additionally, /regex/i could test the string against a regex (/regex/i would match "RegEx" and "regex" but not "reg ex").

I tried wine and it doesn't work 😢

I need to change the default browser address in apk, Its umebrowser.apk
i want to buy your pro version, but never got any response,

i sent you an email but never got respond ,

can you please look at this link and tell if possible to change the default browser home address

So you've given some explanation about AV warnings being triggered by the "adb.exe file and the gdump file in %APPDATA%/GDA", however your explanation really doesn't add up. Windows still keeps detecting even the latest version (3.72) as containing Win32/Occamy.C (and not for an unpacked program called adb.exe, but in the executable, GDA3.72.exe itself!), which isn't really explained by the fact that the "bin file is packed by Themida". Instead it could be explained by the following line that I found in my netstat output after I ran the program:

  TCP    192.168.1.49:62250     123.112.20.158:9090    CLOSE_WAIT
 [GDA3.72.exe]

Why does your program try to connect to an IP in Beijing, CN (the IP of www.gda.wiki as I learned)?

I tried to modify the instruction directly (①) , but it had no effect. I can only modify bytecodes to modify instruction (②)
using GDA3.68

如题

In each release, you write the Source code (zip) but in fact, there is no code source!
Can you explain?
I'm a user and a fan of your program and also like to read the source code.