def getClassMembers(reference, g, objOff, mapList): name = resolveName(reference, mapList) primType = getType(g, objOff) classFlag = getClsFlag(g, objOff) obj = art.getIndex('Class_Obj', 'object_size_') g.seek(objOff+obj) objSize = struct.unpack("<i", g.read(4))[0] if(name!='Cannot Be Resolved'): dexCache = getClsDexCache(g, objOff) ifields_ = getIfields(g, objOff, 'ifields_') sfields_ = getIfields(g, objOff, 'sfields_') methods_=getClsMethod(g, objOff) #classFlag = getClsFlag(g, objOff) #primType = getType(g, objOff) super_class_ = getSuperClass(g, objOff) refi = art.getIndex('Class_Obj', 'num_reference_instance_fields_') g.seek(objOff+refi) refSize = struct.unpack("<i", g.read(4))[0] #print "ref instance size "+str(refSize) cls = art.getIndex('Class_Obj', 'class_size_') g.seek(objOff+cls) clsSize = struct.unpack("<i", g.read(4))[0] ins = art.getIndex('Class_Obj', 'reference_instance_offsets_') g.seek(objOff+ins) #print "instance off "+str(struct.unpack("<i", g.read(4))[0]) #print "Class Size "+ str(clsSize) return [name, classFlag, primType, ifields_,methods_, sfields_, dexCache, objSize, refSize, super_class_] else: return [None, classFlag, primType, None,None, None, None,objSize,0,None]
def getIfields(g, objOff, field): fIndex="" if (field=='ifields_'): fIndex = art.getIndex('Class_Obj', 'ifields_') else: fIndex = art.getIndex('Class_Obj', 'sfields_') g.seek(objOff+fIndex) fields_ = hex(struct.unpack("<Q", g.read(8))[0]) return fields_
def getDex(dexCache, mapList): [g, offset] = art.fromPointer(dexCache, mapList) dexFileIdx = art.getIndex("DexCache", "dex_file_") g.seek(offset + dexFileIdx) dexFile = hex(struct.unpack("<Q", g.read(8))[0]) #print "dexFile "+dexFile loc_ = art.getIndex("DexCache", "location_") g.seek(offset + loc_) loc = hex(struct.unpack("<I", g.read(4))[0]) [g, offset] = art.fromPointer(loc, mapList) #print "DexFile Location "+art.getStringClass(offset, g) return dexFile
def getObjectSize(g, objOff, mapList): objSizeOff = art.getIndex('Class_Obj', 'object_size_') g.seek(objOff+objSizeOff) objSize = struct.unpack("<i", g.read(4))[0] #compKlassName = resolveName(compClass, mapList) g.close() return objSize
def getComponent(g, objOff,mapList): compTypeOff = art.getIndex('Class_Obj', 'component_type_') g.seek(objOff+compTypeOff) compClass = hex(struct.unpack("<I", g.read(4))[0]) #compKlassName = resolveName(compClass, mapList) g.close() return compClass
def getLibsOffset(vmPath, offset): index = art.getIndex('JavaVMExt', 'libraries_') g = art.getFhandle(vmPath) g.seek(offset+index) libraries_ = hex(unpack_int(g.read(4))[0]) g.close() return libraries_
def getJVMPointer(nPath, rAddr): k = art.getFhandle(nPath) index = art.getIndex('Runtime', 'java_vm_') k.seek(rAddr + index) ret = hex(unpack_int(k.read(4))[0]) k.close() return ret
def getIds(g, offset): strIds = art.getIndex("DexFile", "string_ids_") g.seek(offset + strIds) sIdsOff = hex(unpack_int(g.read(4))[0]) fieldIds = art.getIndex("DexFile", "field_ids_") g.seek(offset + fieldIds) fIdsOff = hex(unpack_int(g.read(4))[0]) methodIds = art.getIndex("DexFile", "method_ids_") g.seek(offset + methodIds) mIdsOff = hex(unpack_int(g.read(4))[0]) typeIds = art.getIndex("DexFile", "type_ids_") g.seek(offset + typeIds) tIdsOff = hex(unpack_int(g.read(4))[0]) begin = art.getIndex("DexFile", "begin_") g.seek(offset + begin) beginOff = hex(unpack_int(g.read(4))[0]) #fieldId = getIdx(fieldIds, fieldIdx, dexFile, memList) return [beginOff, sIdsOff, fIdsOff, mIdsOff, tIdsOff]
def getNamePointer(klass, mapList): nameOff = art.getIndex('Class_Obj', 'name_') [k, clOff] = art.fromPointer(klass, mapList) if k != None: k.seek(clOff+nameOff) nameOff = hex(struct.unpack("<I", k.read(4))[0]) return nameOff else: return "0x0"
def getType(g, objOff): primTypeOff = art.getIndex('Class_Obj', 'primitive_type_') g.seek(objOff+primTypeOff) primType = struct.unpack("<H", g.read(2))[0] typeSwitch = { 0: "jObject", 1: "jBoolean", 2: "jByte", 3: "jChar", 4: "jShort", 5: "jInt", 6: "jLong", 7: "jFloat", 8: "jDouble", } t = typeSwitch.get(primType, "jObject") return t
def getClsFlag(g, objOff): clsFlagOff = art.getIndex('Class_Obj', 'class_flags_') g.seek(objOff+clsFlagOff) clsFlag = hex(struct.unpack("<I", g.read(4))[0]) typeSwitch = { "0x0": "kClassFlagNormal", "0x1": "kClassFlagNoReferenceFields", "0x4": "kClassFlagString", "0x8": "kClassFlagObjectArray", "0x10": "kClassFlagClass", "0x20": "kClassFlagClassLoader", "0x40": "kClassFlagDexCache", "0x80": "kClassFlagSoftReference", "0x100": "kClassFlagWeakReference", "0x200": "kClassFlagFinalizerReference", "0x400": "kClassFlagPhantomReference", } t = typeSwitch.get(clsFlag, "kClassFlagNormal") return t
def getWeakGlob(vmPath, offset): index = art.getIndex('JavaVMExt', 'weak_globals_') wOff = offset + index return getIrefTable(vmPath, wOff)
def getGlob(vmPath, offset): index = art.getIndex('JavaVMExt', 'globals_') gOff = offset + index return getIrefTable(vmPath, gOff)
def getHeap(self, nPath, rAddr, memList): index = art.getIndex('Runtime', 'heap_') heapAddr = self.readPointer(nPath, rAddr, index) print "Heap Offset " + heapAddr [heapPath, offset] = art.getOffset(heapAddr, memList) return [heapPath, offset]
def getJVMPointer(nPath, rAddr): k = art.getFhandle(nPath) index = art.getIndex('Runtime', 'java_vm_') k.seek(rAddr + index) return hex(struct.unpack("<I", k.read(4))[0])
def getLibsOffset(vmPath, offset): index = art.getIndex('JavaVMExt', 'libraries_') g = art.getFhandle(vmPath) g.seek(offset + index) libraries_ = hex(struct.unpack("<I", g.read(4))[0]) return libraries_
def getClsDexCache(g, objOff): dexCacheIdx = art.getIndex('Class_Obj', 'dex_cache_') g.seek(objOff+dexCacheIdx) dexCache = hex(struct.unpack("<I", g.read(4))[0]) #print "dexCache "+ dexCache return dexCache
def getSuperClass(g, objOff): mIndex = art.getIndex('Class_Obj', 'super_class_') g.seek(objOff+mIndex) super_class_ = hex(struct.unpack("<I", g.read(4))[0]) return super_class_
def getClsMethod(g, objOff): mIndex = art.getIndex('Class_Obj', 'methods_') g.seek(objOff+mIndex) methods_ = hex(struct.unpack("<Q", g.read(8))[0]) return methods_