android oat如何提取dex文件字节码,8.1版本dex加载流程笔记--第三篇: OatFile::Open流程与OatDexFile的获得...

最新推荐文章于 2021-06-01 09:35:03 发布
最新推荐文章于 2021-06-01 09:35:03 发布
阅读量236 收藏
点赞数
文章标签: android oat如何提取dex文件字节码

[C++] 纯文本查看 复制代码bool OatFileBase::Setup(const char* abs_dex_location, std::string* error_msg) {

if (!GetOatHeader().IsValid()) {

std::string cause = GetOatHeader().GetValidationErrorMessage();

*error_msg = StringPrintf("Invalid oat header for '%s': %s",

GetLocation().c_str(),

cause.c_str());

return false;

}

PointerSize pointer_size = GetInstructionSetPointerSize(GetOatHeader().GetInstructionSet());

size_t key_value_store_size =

(Size() >= sizeof(OatHeader)) ? GetOatHeader().GetKeyValueStoreSize() : 0u;

if (Size() < sizeof(OatHeader) + key_value_store_size) {

*error_msg = StringPrintf("In oat file '%s' found truncated OatHeader, "

"size = %zu < %zu + %zu",

GetLocation().c_str(),

Size(),

sizeof(OatHeader),

key_value_store_size);

return false;

}

size_t oat_dex_files_offset = GetOatHeader().GetOatDexFilesOffset();

if (oat_dex_files_offset < GetOatHeader().GetHeaderSize() || oat_dex_files_offset > Size()) {

*error_msg = StringPrintf("In oat file '%s' found invalid oat dex files offset: "

"%zu is not in [%zu, %zu]",

GetLocation().c_str(),

oat_dex_files_offset,

GetOatHeader().GetHeaderSize(),

Size());

return false;

}

const uint8_t* oat = Begin() + oat_dex_files_offset; // Jump to the OatDexFile records.//oat指针跳到OatDexFile去

DCHECK_GE(static_cast(pointer_size), alignof(GcRoot<:object>));

if (!IsAligned(bss_begin_) ||

!IsAlignedParam(bss_methods_, static_cast(pointer_size)) ||

!IsAlignedParam(bss_roots_, static_cast(pointer_size)) ||

!IsAligned)>(bss_end_)) {

*error_msg = StringPrintf("In oat file '%s' found unaligned bss symbol(s): "

"begin = %p, methods_ = %p, roots = %p, end = %p",

GetLocation().c_str(),

bss_begin_,

bss_methods_,

bss_roots_,

bss_end_);

return false;

}

if ((bss_methods_ != nullptr && (bss_methods_ < bss_begin_ || bss_methods_ > bss_end_)) ||

(bss_roots_ != nullptr && (bss_roots_ < bss_begin_ || bss_roots_ > bss_end_)) ||

(bss_methods_ != nullptr && bss_roots_ != nullptr && bss_methods_ > bss_roots_)) {

*error_msg = StringPrintf("In oat file '%s' found bss symbol(s) outside .bss or unordered: "

"begin = %p, methods_ = %p, roots = %p, end = %p",

GetLocation().c_str(),

bss_begin_,

bss_methods_,

bss_roots_,

bss_end_);

return false;

}

uint8_t* after_arrays = (bss_methods_ != nullptr) ? bss_methods_ : bss_roots_; // May be null.

uint8_t* dex_cache_arrays = (bss_begin_ == after_arrays) ? nullptr : bss_begin_;

uint8_t* dex_cache_arrays_end =

(bss_begin_ == after_arrays) ? nullptr : (after_arrays != nullptr) ? after_arrays : bss_end_;

DCHECK_EQ(dex_cache_arrays != nullptr, dex_cache_arrays_end != nullptr);

uint32_t dex_file_count = GetOatHeader().GetDexFileCount();//获得dex_file_count

oat_dex_files_storage_.reserve(dex_file_count);

for (size_t i = 0; i < dex_file_count; i++) {

uint32_t dex_file_location_size;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &dex_file_location_size))) //循环通过ReadOatDexFileData函数读取dex_file_location_size并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu truncated after dex file "

"location size",

GetLocation().c_str(),

i);

return false;

}

if (UNLIKELY(dex_file_location_size == 0U)) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu with empty location name",

GetLocation().c_str(),

i);

return false;

}

if (UNLIKELY(static_cast(End() - oat) < dex_file_location_size)) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu with truncated dex file "

"location",

GetLocation().c_str(),

i);

return false;

}

const char* dex_file_location_data = reinterpret_cast(oat);

oat += dex_file_location_size;

std::string dex_file_location = ResolveRelativeEncodedDexLocation(

abs_dex_location,

std::string(dex_file_location_data, dex_file_location_size));

uint32_t dex_file_checksum;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &dex_file_checksum))) {//通过ReadOatDexFileData函数读取dex_file_checksum并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' truncated after "

"dex file checksum",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

uint32_t dex_file_offset;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &dex_file_offset))) {//通过ReadOatDexFileData函数读取dex_file_offset并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' truncated "

"after dex file offsets",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

if (UNLIKELY(dex_file_offset == 0U)) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with zero dex "

"file offset",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

if (UNLIKELY(dex_file_offset > DexSize())) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with dex file "

"offset %u > %zu",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

dex_file_offset,

DexSize());

return false;

}

if (UNLIKELY(DexSize() - dex_file_offset < sizeof(DexFile::Header))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with dex file "

"offset %u of %zu but the size of dex file header is %zu",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

dex_file_offset,

DexSize(),

sizeof(DexFile::Header));

return false;

}

const uint8_t* dex_file_pointer = DexBegin() + dex_file_offset;

if (UNLIKELY(!DexFile::IsMagicValid(dex_file_pointer))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with invalid "

"dex file magic '%s'",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

dex_file_pointer);

return false;

}

if (UNLIKELY(!DexFile::IsVersionValid(dex_file_pointer))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with invalid "

"dex file version '%s'",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

dex_file_pointer);

return false;

}

const DexFile::Header* header = reinterpret_cast(dex_file_pointer);

if (DexSize() - dex_file_offset < header->file_size_) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with dex file "

"offset %u and size %u truncated at %zu",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

dex_file_offset,

header->file_size_,

DexSize());

return false;

}

uint32_t class_offsets_offset;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &class_offsets_offset))) {//通过ReadOatDexFileData函数读取class_offsets_offset并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' truncated "

"after class offsets offset",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

if (UNLIKELY(class_offsets_offset > Size()) ||

UNLIKELY((Size() - class_offsets_offset) / sizeof(uint32_t) < header->class_defs_size_)) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with truncated "

"class offsets, offset %u of %zu, class defs %u",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

class_offsets_offset,

Size(),

header->class_defs_size_);

return false;

}

if (UNLIKELY(!IsAligned(class_offsets_offset))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with unaligned "

"class offsets, offset %u",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

class_offsets_offset);

return false;

}

const uint32_t* class_offsets_pointer =

reinterpret_cast(Begin() + class_offsets_offset);

uint32_t lookup_table_offset;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &lookup_table_offset))) {//通过ReadOatDexFileData函数读取lookup_table_offset并调整oat指针,lookup_table用于加速类的查找

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zd for '%s' truncated "

"after lookup table offset",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

const uint8_t* lookup_table_data = lookup_table_offset != 0u

? Begin() + lookup_table_offset

: nullptr;

if (lookup_table_offset != 0u &&

(UNLIKELY(lookup_table_offset > Size()) ||

UNLIKELY(Size() - lookup_table_offset <

TypeLookupTable::RawDataLength(header->class_defs_size_)))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with truncated "

"type lookup table, offset %u of %zu, class defs %u",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

lookup_table_offset,

Size(),

header->class_defs_size_);

return false;

}

uint32_t dex_layout_sections_offset;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &dex_layout_sections_offset))) {//通过ReadOatDexFileData函数读取dex_layout_sections_offset并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zd for '%s' truncated "

"after dex layout sections offset",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

const DexLayoutSections* const dex_layout_sections = dex_layout_sections_offset != 0

? reinterpret_cast(Begin() + dex_layout_sections_offset)

: nullptr;

uint32_t method_bss_mapping_offset;

if (UNLIKELY(!ReadOatDexFileData(*this, &oat, &method_bss_mapping_offset))) {//通过ReadOatDexFileData函数读取method_bss_mapping_offset并调整oat指针

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zd for '%s' truncated "

"after method bss mapping offset",

GetLocation().c_str(),

i,

dex_file_location.c_str());

return false;

}

const bool readable_method_bss_mapping_size =

method_bss_mapping_offset != 0u &&

method_bss_mapping_offset <= Size() &&

IsAligned(method_bss_mapping_offset) &&

Size() - method_bss_mapping_offset >= MethodBssMapping::ComputeSize(0);

const MethodBssMapping* method_bss_mapping = readable_method_bss_mapping_size

? reinterpret_cast(Begin() + method_bss_mapping_offset)

: nullptr;

if (method_bss_mapping_offset != 0u &&

(UNLIKELY(method_bss_mapping == nullptr) ||

UNLIKELY(method_bss_mapping->size() == 0u) ||

UNLIKELY(Size() - method_bss_mapping_offset <

MethodBssMapping::ComputeSize(method_bss_mapping->size())))) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with unaligned or "

" truncated method bss mapping, offset %u of %zu, length %zu",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

method_bss_mapping_offset,

Size(),

method_bss_mapping != nullptr ? method_bss_mapping->size() : 0u);

return false;

}

if (kIsDebugBuild && method_bss_mapping != nullptr) {

const MethodBssMappingEntry* prev_entry = nullptr;

for (const MethodBssMappingEntry& entry : *method_bss_mapping) {

CHECK_ALIGNED_PARAM(entry.bss_offset, static_cast(pointer_size));

CHECK_LT(entry.bss_offset, BssSize());

CHECK_LE(POPCOUNT(entry.index_mask) * static_cast(pointer_size), entry.bss_offset);

size_t index_mask_span = (entry.index_mask != 0u) ? 16u - CTZ(entry.index_mask) : 0u;

CHECK_LE(index_mask_span, entry.method_index);

if (prev_entry != nullptr) {

CHECK_LT(prev_entry->method_index, entry.method_index - index_mask_span);

}

prev_entry = &entry;

}

CHECK_LT(prev_entry->method_index,

reinterpret_cast(dex_file_pointer)->method_ids_size_);

}

uint8_t* current_dex_cache_arrays = nullptr;

if (dex_cache_arrays != nullptr) {

// All DexCache types except for CallSite have their instance counts in the

// DexFile header. For CallSites, we need to read the info from the MapList.

//对于CallSites,必须从MapList中读取,他不存储在header中

const DexFile::MapItem* call_sites_item = nullptr;

if (!FindDexFileMapItem(DexBegin(), //通过FindDexFileMapItem读取call_sites_item并解析

DexEnd(),

DexFile::MapItemType::kDexTypeCallSiteIdItem,

&call_sites_item)) {

*error_msg = StringPrintf("In oat file '%s' could not read data from truncated DexFile map",

GetLocation().c_str());

return false;

}

size_t num_call_sites = call_sites_item == nullptr ? 0 : call_sites_item->size_;

DexCacheArraysLayout layout(pointer_size, *header, num_call_sites);

if (layout.Size() != 0u) {

if (static_cast(dex_cache_arrays_end - dex_cache_arrays) < layout.Size()) {

*error_msg = StringPrintf("In oat file '%s' found OatDexFile #%zu for '%s' with "

"truncated dex cache arrays, %zu < %zu.",

GetLocation().c_str(),

i,

dex_file_location.c_str(),

static_cast(dex_cache_arrays_end - dex_cache_arrays),

layout.Size());

return false;

}

current_dex_cache_arrays = dex_cache_arrays;

dex_cache_arrays += layout.Size();

}

}

std::string canonical_location = DexFile::GetDexCanonicalLocation(dex_file_location.c_str());

// Create the OatDexFile and add it to the owning container.

OatDexFile* oat_dex_file = new OatDexFile(this, //根据上面ReadOatDexFileData和FindDexFileMapItem获得的信息构建oat_dex_file

dex_file_location,

canonical_location,

dex_file_checksum,

dex_file_pointer,

lookup_table_data,

method_bss_mapping,

class_offsets_pointer,

current_dex_cache_arrays,

dex_layout_sections);

oat_dex_files_storage_.push_back(oat_dex_file);

// Add the location and canonical location (if different) to the oat_dex_files_ table.

StringPiece key(oat_dex_file->GetDexFileLocation());

oat_dex_files_.Put(key, oat_dex_file);

if (canonical_location != dex_file_location) {

StringPiece canonical_key(oat_dex_file->GetCanonicalDexFileLocation());

oat_dex_files_.Put(canonical_key, oat_dex_file);

}

}

if (dex_cache_arrays != dex_cache_arrays_end) {

// We expect the bss section to be either empty (dex_cache_arrays and bss_end_

// both null) or contain just the dex cache arrays and optionally some GC roots.

*error_msg = StringPrintf("In oat file '%s' found unexpected bss size bigger by %zu bytes.",

GetLocation().c_str(),

static_cast(bss_end_ - dex_cache_arrays));

return false;

}

return true;

}

嗨皮波斯得兔有
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
android内存加载dex,安卓8.1版本dex加载流程笔记--第一篇:oatfileoatdexfiledexfile...
weixin_39935777的博客
05-31 961
本帖最后由 L剑仙 于 2020-3-1 18:53 编辑看雪发一遍了,在52再发一次 菜鸟最近初学脱壳,必须得先搞明白dex加载流程,才能搞懂哪里到了脱壳的时机。n6装的8.1,最近跟了一遍8.1源码,记录笔记,理解一下类似opencommon的脱壳点网上的文章大都比较老了,参考这篇6.0的加载https://www.jianshu.com/p/20dcfcf27004新版本多走了 oat_f...
高通项目 首次开机后apk随机报错
croop520的专栏
06-30 1358
在开发msm8909项目过程中,碰到一个现象,就是烧完版本后开机,会随机出现apk报错的情况,过一段时间,再关机开机,就没有报错。      在Log中,主要报如下错误: E AndroidRuntime: java.lang.RuntimeException: Unable to get provider com.android.providers.contacts.debug.Dump
Art下DexClassLoader将dex转化为oat文件格式的过程
不歪的专栏
09-21 8659
Art下DexClassLoader将dex转化为oat文件格式的过程
【个人笔记二】ART系统OAT文件加载解析
朱小南的博客
08-14 2571
在ART上用YAHFA、Legend以及一个java层实现的Andix:http://weishu.me/2017/03/20/dive-into-art-hello-world/,发现除了framework层的类(如telephonymanager)和应用中的类有效外,对于java核心库的类(如IOBridge和Class等)的hook都无效,所以我就以telephonymanager和IOBridge这两个类为例
Android10中的boot*.art和boot*.oat加载过程
Invoker123的博客
03-03 4506
简介   在Android7.0之前,所有bootclasspath指定的库会被同一编译成为boot.oat和boot.art两个文件。其中boot.oat包含了编译后的机器码指令,而boot.art文件,则是一个类对象映像。boot.art内包含了所有framework/base/preloaded-classes文件列出的所有类。这些类会被一次性的载入到内存中,并可以被直接使用。   在Android7.0及以后,boot.art和boot.oat被分成以boot-{packagename}.oat/a
Android studio手动创建并生成dex文件源码
05-13
Android开发中,Dex文件(Dalvik Executable)是Android应用的主要组成部分,它包含了运行在Android设备上的所有字节码。本教程将详细介绍如何在Android Studio中手动创建并生成Dex文件源码,这对于理解Android...
vdexExtractor,从vdex文件中反编译和提取android dex字节码的工具.zip
10-11
**vdexExtractor: 反编译与提取Android Dex字节码的神器** 在Android系统中,为了优化应用程序的启动性能,从Android 7.0(API级别24)开始引入了vdex(Virtual DEX文件。vdex是Dalvik虚拟机的一个优化层,它预先...
Android中内存加载dex
06-01
4. ** oat 解析与验证**:当类加载器找到需要的类时,会解析.oat文件中的数据,验证字节码是否符合Dalvik或ART的语义规则,确保安全和正确性。 5. ** 字节码优化**:对于ART运行时,dex文件在安装时已经被优化成...
android 反编译 逆向 vdex2dex odex2dex
最新发布
02-23
1. **Dex文件**:Dalvik Executable (DEX) 文件Android系统中用来存储Java字节码的格式。当开发者编译Android应用时,所有的类和资源会被转换成DEX文件,以便在Dalvik或ART虚拟机上运行。 2. **Odex文件**:...
ARTist:ARTist的核心实现意在包含在艺术项目中。 提供模块的ARTist API和样板代码
01-31
ARTist,全称为Android Runtime (ART) Transformer,是一款专为Android平台设计的工具,它主要应用于艺术项目的开发,尤其在代码注入和编译器插桩技术方面。此工具的出现,使得开发者能够更加灵活地对应用程序的行为...
android dex加载过程,8.1版本dex加载流程笔记--第二篇:DexFile::Open流程与简单脱壳原理...
weixin_42524013的博客
05-26 729
在看雪发了,52再发一下,共同学习菜鸟刚刚学完了dex_file.cc这个源码,大致搞明白了大佬们hook脱整体加固的原理了,原理在帖子最后学习了大佬angelToms的帖子https://bbs.pediy.com/thread-252828.htm与https://bbs.pediy.com/thread-252284.htm,总结的很清晰,dex 加载到内存之后,只要想方设法找到DexFil...
dex2oatdex转换为oat的执行路径概览
Dijkstra的专栏
09-05 1952
转自:http://blog.csdn.net/zylc369/article/details/39452053 dex2oat是一个可执行文件,在源码中通过编译文件art\dex2oat\Dex2oat.cc生成。 dex2oat的执行入口是: [cpp] view plain copy   int main(int 
简单的从odexoat文件中解压出dex文件
seaaseesa的博客
02-02 3783
目前解压这两种文件的方法都是用apktool,然而还有一种简单的方法。 odexoatdex文件的一种优化,但是解压他们的方法是相同的。 首先用WinHex打开一个odex文件,我们可以看到dex 035这个字符串,其实这个地方就是dex文件开始的位置,根据dex文件的数据结构可知向后再偏移32个字节就是dex文件的大小。于是从头的偏移位置向后取出dex大小个字节就是dex文件的内容。
ART世界探险(13) - 初入dex2oat
lusing的专栏
09-05 5342
对于大多数人来讲,dex2oat一直是个黑盒子。那么,这个盒子中到底是些什么东西呢,我们有了前面的java,指令集,还有一点点的编译原理的知识储备,终于可以打个开看个究竟了。
Android ART Oat文件格式简析(下)
Roland_Sun的专栏
05-15 6647
在上篇中,我们分析到了OatFile的begin_和end_
Android DEX 文件打开分析
xqyphp的专栏
10-13 2613
函数为 DexFile_openDexFileNativeClassLinker::OpenDexFilesFromOat 1、 FindOpenedOatDexFile 查找缓存中是否存在,checksum为空或者相同 2、 CreateOatFileForDexLocation 1、生成oat文件 执行execv 调用 dex2oat 生成Oat 会启动进程生成较慢
android8.0的vdex文件格式分析
热门推荐
07-18 1万+
google在android8.0新增加了vdex文件,定义如下 art\runtime\ vdex_file.h // VDEX files contain extracted DEXfiles. The VdexFile class maps the file to // memory and provides tools foraccessing its individual sect
老罗android oat,入门ART虚拟机(5)——OAT文件
weixin_28807463的博客
06-01 883
Android安全交流群:478084054先贴老罗的一张图:再摘一段老罗的描述:“作为Android私有的一种ELF文件OAT文件包含有两个特殊的段oatdata和oatexec,前者包含有用来生成本地机器指令的dex文件内容,后者包含生成的本地机器指令,它们之间的关系通过储存在oatdata段前面的oat头部描述。此外,在OAT文件的dynamic段,导出了三个符号oatdata、oatex...
android oat如何提取dex文件字节码,ART、OAT格式介绍与dex文件提取
weixin_32926649的博客
05-25 1059
dex文件经过dex2oat编译,会生成.art、.oat两个文件oat是一个android定制的elf文件,原始dex也保存在其中。8.0后,dex单独保存到.vdex文件中。art文件类似于一个内存映像,缓存常用的ArtField、ArtMethod、DexCache等内容,加载后可直接使用,避免解析耗时。art文件格式介绍以boot.art为例,它分为Image Section和Bitma...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值