其他分享
首页 > 其他分享> > DEX 文件结构解析

DEX 文件结构解析

作者:互联网

[仅学习笔记]

 

1.首先编译一个APP,解压缩,在里面找到一个dex file

 

在Android源码里面是一一对应的

struct Header {
     uint8_t magic_[8];  头部固定 标识是一个dexfile pdf jpg 也有自己的头
     uint32_t checksum_;  // See also location_checksum_   校验码,判断是否损坏
     uint8_t signature_[kSha1DigestSize];  sha签名
     uint32_t file_size_;  // size of entire file  整个file 大小
     uint32_t header_size_;  // offset to start of next section  头部大小
     uint32_t endian_tag_;
     uint32_t link_size_;  // unused
     uint32_t link_off_;  // unused
     uint32_t map_off_;  // unused
     uint32_t string_ids_size_;  // number of StringIds
     uint32_t string_ids_off_;  // file offset of StringIds array
     uint32_t type_ids_size_;  // number of TypeIds, we don't support more than 65535
     uint32_t type_ids_off_;  // file offset of TypeIds array
     uint32_t proto_ids_size_;  // number of ProtoIds, we don't support more than 65535
     uint32_t proto_ids_off_;  // file offset of ProtoIds array
     uint32_t field_ids_size_;  // number of FieldIds
     uint32_t field_ids_off_;  // file offset of FieldIds array
     uint32_t method_ids_size_;  // number of MethodIds
     uint32_t method_ids_off_;  // file offset of MethodIds array
     uint32_t class_defs_size_;  // number of ClassDefs
     uint32_t class_defs_off_;  // file offset of ClassDef array
     uint32_t data_size_;  // size of data section
     uint32_t data_off_;  // file offset of data section
 
     // Decode the dex magic version
     uint32_t GetVersion() const;
 
     private:
      DISALLOW_COPY_AND_ASSIGN(Header);
    };

 

2.接下来是string_ids,里面存的是字符串

 

 

 

 

struct StringId {
     uint32_t string_data_off_;  // offset in bytes from the base address   偏移
 
    private:
     DISALLOW_COPY_AND_ASSIGN(StringId);
   };

 

3.然后是type_ids  存的是方法

 

 

  struct TypeId {
      dex::StringIndex descriptor_idx_;  // index into string_ids
 
     private:
      DISALLOW_COPY_AND_ASSIGN(TypeId);
    };

 

4. ProtoId

 

 

 

 struct ProtoId {
      dex::StringIndex shorty_idx_;     // index into string_ids array for shorty descriptor  方法签名
      dex::TypeIndex return_type_idx_;  // index into type_ids array for return type  返回类型
      uint16_t pad_;                    // padding = 0
      uint32_t parameters_off_;         // file offset to type_list for parameter types 参数offset
 
     private:
      DISALLOW_COPY_AND_ASSIGN(ProtoId);
    };

 

5.FieldId

 

 

  struct FieldId {
     dex::TypeIndex class_idx_;   // index into type_ids_ array for defining class 类名
     dex::TypeIndex type_idx_;    // index into type_ids_ array for field type  类型
     dex::StringIndex name_idx_;  // index into string_ids_ array for field name 字段名
 
    private:
     DISALLOW_COPY_AND_ASSIGN(FieldId);
   };

 

6.MethodId

 

 

 struct MethodId {
      dex::TypeIndex class_idx_;   // index into type_ids_ array for defining class 方法所在的类
      uint16_t proto_idx_;         // index into proto_ids_ array for method prototype  方法签名
      dex::StringIndex name_idx_;  // index into string_ids_ array for method name  方法名字
 
     private:
      DISALLOW_COPY_AND_ASSIGN(MethodId);
    };

 

7.ClassDef

 

 

 

struct ClassDef {
      dex::TypeIndex class_idx_;  // index into type_ids_ array for this class 类
      uint16_t pad1_;  // padding = 0
      uint32_t access_flags_; 访问权限
      dex::TypeIndex superclass_idx_;  // index into type_ids_ array for superclass 父类
      uint16_t pad2_;  // padding = 0
      uint32_t interfaces_off_;  // file offset to TypeList 接口
      dex::StringIndex source_file_idx_;  // index into string_ids_ for source file name 源文件索引
      uint32_t annotations_off_;  // file offset to annotations_directory_item 注释
      uint32_t class_data_off_;  // file offset to class_data_item 类里面的数据段
      uint32_t static_values_off_;  // file offset to EncodedArray 静态数据段
 
      // Returns the valid access flags, that is, Java modifier bits relevant to the ClassDef type
      // (class or interface). These are all in the lower 16b and do not contain runtime flags.
      uint32_t GetJavaAccessFlags() const {
        // Make sure that none of our runtime-only flags are set.
        static_assert((kAccValidClassFlags & kAccJavaFlagsMask) == kAccValidClassFlags,
                      "Valid class flags not a subset of Java flags");
        static_assert((kAccValidInterfaceFlags & kAccJavaFlagsMask) == kAccValidInterfaceFlags,
                      "Valid interface flags not a subset of Java flags");
 
        if ((access_flags_ & kAccInterface) != 0) {
          // Interface.
          return access_flags_ & kAccValidInterfaceFlags;
        } else {
          // Class.
          return access_flags_ & kAccValidClassFlags;
        }
      }
 
     private:
      DISALLOW_COPY_AND_ASSIGN(ClassDef);
    };

 

8. map_list's MapItem

 

 

 

struct MapItem {
      uint16_t type_;  类型
      uint16_t unused_;  是否使用
      uint32_t size_;  大小
      uint32_t offset_;  偏移
 
     private:
      DISALLOW_COPY_AND_ASSIGN(MapItem);
    };

 

标签:DEX,文件,ids,file,offset,array,解析,type,uint32
来源: https://www.cnblogs.com/longtou/p/16140213.html