def parse_class_data_item(dex_file_off, class_data_off): class_data_item_ptr = (dex_file_off + class_data_off) & 0xffffffff # static_fields_size offset_static_fields_size = 0x0 static_fields_size, length_static_fields_size = utility.readuleb128(class_data_item_ptr + offset_static_fields_size) # instance_fields_size offset_instance_fields_size = offset_static_fields_size + length_static_fields_size instance_fields_size, length_instance_fields_size = utility.readuleb128(class_data_item_ptr + offset_instance_fields_size) # direct_methods_size offset_direct_methods_size = offset_instance_fields_size + length_instance_fields_size direct_methods_size, length_direct_methods_size = utility.readuleb128(class_data_item_ptr + offset_direct_methods_size) # virtual_methods_size offset_virtual_methods_size = offset_direct_methods_size + length_direct_methods_size virtual_methods_size, length_virtual_methods_size = utility.readuleb128(class_data_item_ptr + offset_virtual_methods_size) # static_fields offset_static_fields = offset_virtual_methods_size + length_virtual_methods_size encoded_field_off = offset_static_fields for idx in range(static_fields_size): field_idx_diff_off = 0x0 field_idx_diff, length_field_idx_diff = encoded_field.get_field_idx_diff(dex_file_off, class_data_off, encoded_field_off, field_idx_diff_off) access_flags_off = field_idx_diff_off + length_field_idx_diff access_flags, length_access_flags = encoded_field.get_access_flags(dex_file_off, class_data_off, encoded_field_off, access_flags_off) encoded_field_off = access_flags_off + length_access_flags # instance_fields offset_instance_fields = encoded_field_off encoded_field_off = offset_instance_fields for idx in range(instance_fields_size): field_idx_diff_off = 0x0 field_idx_diff, length_field_idx_diff = encoded_field.get_field_idx_diff(dex_file_off, class_data_off, encoded_field_off, field_idx_diff_off) access_flags_off = field_idx_diff_off + length_field_idx_diff access_flags, length_access_flags = encoded_field.get_access_flags(dex_file_off, class_data_off, encoded_field_off, access_flags_off) encoded_field_off = access_flags_off + length_access_flags # direct_methods offset_direct_methods = encoded_field_off encoded_method_off = offset_direct_methods for idx in range(direct_methods_size): method_idx_diff_off = 0x0 method_idx_diff, length_method_idx_diff = encoded_method.get_method_idx_diff(dex_file_off, class_data_off, encoded_method_off, method_idx_diff_off) access_flags_off = method_idx_diff_off + length_method_idx_diff access_flags, length_access_flags = encoded_method.get_access_flags(dex_file_off, class_data_off, encoded_method_off, access_flags_off) code_off_off = access_flags_off + length_access_flags code_off, length_code_off = encoded_method.get_code_off(dex_file_off, class_data_off, encoded_method_off, code_off_off) encoded_method_off = code_off_off + length_code_off # virtual_methods offset_virtual_methods = encoded_method_off encoded_method_off = offset_virtual_methods for idx in range(virtual_methods_size): method_idx_diff_off = 0x0 method_idx_diff, length_method_idx_diff = encoded_method.get_method_idx_diff(dex_file_off, class_data_off, encoded_method_off, method_idx_diff_off) access_flags_off = method_idx_diff_off + length_method_idx_diff access_flags, length_access_flags = encoded_method.get_access_flags(dex_file_off, class_data_off, encoded_method_off, access_flags_off) code_off_off = access_flags_off + length_access_flags code_off, length_code_off = encoded_method.get_code_off(dex_file_off, class_data_off, encoded_method_off, code_off_off) encoded_method_off = code_off_off + length_code_off
def parse_encoded_field(dex_file_off, class_data_off, encoded_field_off):
encoded_field_ptr = dex_file_off + class_data_off + encoded_field_off
# field_idx_diff
offset_field_idx_diff = 0x0
field_idx_diff, length_field_idx_diff = utility.readuleb128(
encoded_field_ptr + offset_field_idx_diff)
# access_flags
offset_access_flags = offset_field_idx_diff + length_field_idx_diff
access_flags, length_access_flags = utility.readuleb128(
encoded_field_ptr + offset_access_flags)
def parse_encoded_field(dex_file_off, class_data_off, encoded_method_off):
encoded_method_ptr = (
(dex_file_off + class_data_off) & 0xffffffff) + encoded_method_off
# field_idx_diff
offset_method_idx_diff = 0x0
method_idx_diff, length_method_idx_diff = utility.readuleb128(
encoded_method_ptr + offset_method_idx_diff)
# access_flags
offset_access_flags = offset_method_idx_diff + length_method_idx_diff
access_flags, length_access_flags = utility.readuleb128(
encoded_method_ptr + offset_access_flags)
# code_off
offset_code_off = offset_access_flags + length_access_flags
code_off, length_code_off = utility.readuleb128(encoded_method_ptr +
offset_code_off)
def get_code_off(dex_file_off, class_data_off, encoded_method_off,
code_off_off):
encoded_method_ptr = dex_file_off + class_data_off + encoded_method_off
code_off, length_code_off = utility.readuleb128(encoded_method_ptr +
code_off_off)
return code_off, length_code_off
def get_access_flags(dex_file_off, class_data_off, encoded_method_off,
access_flags_off):
encoded_method_ptr = dex_file_off + class_data_off + encoded_method_off
access_flags, length_access_flags = utility.readuleb128(
encoded_method_ptr + access_flags_off)
return access_flags, length_access_flags
def get_method_idx_diff(dex_file_off, class_data_off, encoded_method_off,
method_idx_diff_off):
encoded_method_ptr = dex_file_off + class_data_off + encoded_method_off
method_idx_diff, length_method_idx_diff = utility.readuleb128(
encoded_method_ptr + method_idx_diff_off)
return method_idx_diff, length_method_idx_diff
def get_virtual_methods_size(dex_file_off, class_data_off,
virtual_methods_size_off):
class_data_item_ptr = dex_file_off + class_data_off
virtual_methods_size, length_virtual_methods_size = utility.readuleb128(
class_data_item_ptr + virtual_methods_size_off)
return virtual_methods_size, length_virtual_methods_size
def get_direct_methods_size(dex_file_off, class_data_off,
direct_methods_size_off):
class_data_item_ptr = dex_file_off + class_data_off
direct_methods_size, length_direct_methods_size = utility.readuleb128(
class_data_item_ptr + direct_methods_size_off)
return direct_methods_size, length_direct_methods_size
def get_instance_fields_size(dex_file_off, class_data_off,
instance_fields_size_off):
class_data_item_ptr = dex_file_off + class_data_off
instance_fields_size, length_instance_fields_size = utility.readuleb128(
class_data_item_ptr + instance_fields_size_off)
return instance_fields_size, length_instance_fields_size
def get_static_fields_size(dex_file_off, class_data_off,
static_fields_size_off):
class_data_item_ptr = dex_file_off + class_data_off
static_fields_size, length_static_fields_size = utility.readuleb128(
class_data_item_ptr + static_fields_size_off)
return static_fields_size, length_static_fields_size
def get_field_idx_diff(dex_file_off, class_data_off, encoded_field_off,
field_idx_diff_off):
encoded_field_ptr = dex_file_off + class_data_off + encoded_field_off
field_idx_diff, length_field_idx_diff = utility.readuleb128(
encoded_field_ptr + field_idx_diff_off)
return field_idx_diff, length_field_idx_diff
def parse_encoded_catch_handler_list(dex_file_off, encoded_catch_handler_list_off, tries_size): if tries_size == 0x0: return 0x0 encoded_catch_handler_list_ptr = (dex_file_off + encoded_catch_handler_list_off) & 0xffffffff # size offset_size = 0x0 size, length_size = utility.readuleb128(encoded_catch_handler_list_ptr + offset_size) print "[encoded_catch_handler_list] size = %#x" % size offset_catch_handler = offset_size + length_size length_catch_handler = 0x0 # encoded_catch_handler list encoded_catch_handler_ptr = encoded_catch_handler_list_ptr + offset_catch_handler for handler_idx in range(size): offset_size = 0x0 size, length_size = utility.readsleb128(encoded_catch_handler_ptr + offset_size) print "[encoded_catch_handler] (idx = %#x) size = %#x" % (handler_idx, size) offset_encoded_type_addr_pair = offset_size + length_size length_encoded_type_addr_pair = 0x0 # encoded_type_addr_pair encoded_type_addr_pair_ptr = encoded_catch_handler_ptr + offset_encoded_type_addr_pair for pair_idx in range(abs(size)): off_type_idx = 0x0 type_idx, length_type_idx = utility.readuleb128(encoded_type_addr_pair_ptr + off_type_idx) off_addr = off_type_idx + length_type_idx addr, length_addr = utility.readuleb128(encoded_type_addr_pair_ptr + off_addr) print "[encoded_type_addr_pair] (idx = %#x) (pair_idx = %#x) type_idx = %#x, addr = %#x" % (handler_idx, pair_idx, type_idx, addr) # update length_encoded_type_addr_pair, encoded_type_addr_pair_ptr length_encoded_type_addr_pair = length_encoded_type_addr_pair + length_type_idx + length_addr encoded_type_addr_pair_ptr = encoded_type_addr_pair_ptr + length_type_idx + length_addr offset_catch_all_addr = offset_encoded_type_addr_pair + length_encoded_type_addr_pair length_catch_all_addr = 0x0 if size <= 0: catch_all_addr, length_catch_all_addr = utility.readuleb128(encoded_catch_handler_ptr + offset_catch_all_addr) print "[encoded_catch_handler] (idx = %#x) catch_all_addr = %#x" % (handler_idx, catch_all_addr) # update length_catch_handler, encoded_catch_handler_ptr length_catch_handler = length_catch_handler + length_size + length_encoded_type_addr_pair + length_catch_all_addr encoded_catch_handler_ptr = encoded_catch_handler_ptr + length_size + length_encoded_type_addr_pair + length_catch_all_addr return length_size + length_catch_handler
def parse_string_id_item(dex_file_off, string_ids_off, string_id):
string_data_item_ptr = dex_file_off + string_ids_off + string_id * 0x4
string_data_item_off = memory.readMemory32(string_data_item_ptr +
offset_string_data_off)
utf16_size, offset_data_off = utility.readuleb128(dex_file_off +
string_data_item_off +
offset_utf16_size_off)
data = memory.retrieve_char_array(dex_file_off + string_data_item_off +
offset_data_off)
def get_string_id_item_data_off(dex_file_off, string_ids_off, string_id):
string_data_item_ptr = dex_file_off + string_ids_off + string_id * 0x4
string_data_item_off = memory.readMemory32(string_data_item_ptr +
offset_string_data_off)
utf16_size, offset_data_off = utility.readuleb128(dex_file_off +
string_data_item_off +
offset_utf16_size_off)
return dex_file_off + string_data_item_off + offset_data_off
