GithubHelp home page GithubHelp logo

tempbottle / dexfileanalyze Goto Github PK

View Code? Open in Web Editor NEW

This project forked from goodhacker/dexfileanalyze

0.0 3.0 0.0 156 KB

学习dex文件格式时写的一个小工具,主要目的是更具体的了解dex文件格式,理解dex文件的混淆是怎么一回事情,理解dex文件在被执行的时候和PE文件有什么区别?

Clarion 4.63% C++ 91.44% C 3.56% Java 0.37%

dexfileanalyze's Introduction

dexFileAnalyze

在学习《安卓逆向分析》一书的dex文件格式时写的一个小工具,因为PE文件结构在PC端是非常重要的,那么想了解安卓下的加壳就必须从代码的角度去分析一下dex文件格式。

文件说明:

  • test.java:用与测试dex文件的java源文件
  • test.dex:用于测试的dex文件,由test.java生成
  • Dex文件解析目录包含完整代码,在VC6下可以正确运行,用MFC写的
  • Dex文件解析/dex.h:包含了dex文件解析时用到的各种结构
  • Dex文件解析/Dex文件解析Dlg.cpp:有用的代码都在这里面

程序运行截图:

test.java代码:

class test{
	public static void main(String[] argc){
		System.out.println("test!");
	}
}

  • 实验对ClassDefs的解析如下:

    Start read ClassDefs...... 类名: Ltest; 访问权限: Null 父类: Ljava/lang/Object; 接口: Null 源文件名: test.java 注释信息: Null

解析了我们定义的类各种信息

  • 对method的解析如下:

    Start read Methods...... class: Ljava/io/PrintStream; proto: short-form: VL return_type: V parameters: Ljava/lang/String; name: println class: Ljava/lang/Object; proto: short-form: V return_type: V parameters: NULL name: class: Ltest; proto: short-form: V return_type: V parameters: NULL name: class: Ltest; proto: short-form: VL return_type: V parameters: [Ljava/lang/String; name: main

解析出来了一共四个方法:

PrintStream类的println方法、object类的构造函数方法、test类的构造函数方法、class类的test方法。

  • 在代码中每一个header的字段都有一个专门用于解析字段的函数,为了解析了一个字段的函数能用于别的字段当中,做了重载,利用了一下C++的特性,果然代码比较简洁了。

    ReadStrings(dex); ReadTypes(dex); ReadProtos(dex); ReadFields(dex); ReadMethods(dex); ReadClassDefs(dex);

  • 对于混淆:

只要把相应的类名,方法名用随机字符替换原来的类名方法名即可。

  • 总结:

通过亲自动手做了这个小工具,复习了C++、dex文件的整体结构、以及dex的混淆原理。

dexfileanalyze's People

Contributors

undefinedidentifier avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.