×

dextra DEX/ODEX/ART/OAT分析工具

96
difcareer
2016.06.22 21:40* 字数 229

dextra是一款强大的DEX/ODEX/ART/OAT分析工具。

dextra下载:
原始 备份

dextra的使用:

  1. 下载dextra.tar,push到手机,解压,赋权,执行对应进行脚本即可。

  2. 不带参数显示帮助文档:

     1  # ./dextra.armv7
     2  Usage: ./dextra.armv7 [...] _file_
     3  Where: _file_ = DEX or ART/OAT file to open
     4  And [...] can be any combination of:
     5         -l List contents of file (classes is in dex, oat, or ART)
     6         -c: Only process this class
     7         -m: show methods for processed classes (implies -c *)
     8         -f: show fields for processed classes (implies -c *)
     9         -p: Only process classes in this package
    10  
    11  Disassembly/Decompilation:
    12         -d: Disassemble DEX code sections (like dexdump does - implies -m)
    13         -D: Decompile to Java (new feature, still working on it. Implies -j -m)
    14         -noindent: Disable indentation of code
    15  
    16  DEX specific options:
    17         -h: Just dump file header
    18         -M [_index_]: Dump Method at _index_, or dump all methods
    19         -F [_index_]: Dump Field at _index_, or dump all fields
    20         -S [_index_]: Dump String at _index_, or dump all strings
    21         -T [_index_]: Dump Type  at _index_, or dump all types
    22  
    23  OAT specific options:
    24         -h: Just dump file header
    25         -dextract     Extract embedded DEX content from an OAT files
    26         -o            Display addresses as offsets (useful for file editing/fuzzing)
    27         -delta 0x...   Apply Patch delta
    28         -begin 0x...   Set image beginning to value (auto-delta)
    29  
    30  ART specific options:
    31         -delta 0x...   Apply Patch delta
    32         -begin 0x...   Set image beginning to value (auto-delta)
    33         -deep         Deep dump (go into object arrays)
    34  
    35  And you can always use any of these output Modifiers:
    36         -j: Java style output (default is JNI, but this is much better)
    37         -v: verbose output
    38         -color: Color output (can also set JCOLOR=1 environment variable)
    39  
    40  This is DEXTRA, version 1.29.79 (N,PR3), compiled on May 24 2016.
    41  
    42  For more details and the latest version of this tool: http://NewAndroidBook.com/tools/dextra.html
    43  Please let me know you're using it- by visiting http://NewAndroidBook.com/tools/counter?dextra once
  1. 分析DEX:
    a. 查看dex头信息:
     1  #./dextra.armv7 -h classes.dex
     2  Header Magic: dex\n035
     3  Checksum: ded02cb6 (correct)
     4  File Size:    0x1a91e4  1741284
     5  Header Size:  0x70         112
     6  Endian:       0x12345678
     7  Warning: Constraint G6 (endian_tag) violated!
     8  Map:                    @0x1a9114 with 17 items
     9          Item  0:        type: Header                 0x0        size:     1     offset: 0x  0
    10          Item  1:        type: String IDs             0x1        size: 13460     offset: 0x 70
    11          Item  2:        type: Type IDs               0x2        size:  2826     offset: 0xd2c0
    12          Item  3:        type: Proto IDs              0x3        size:  3993     offset: 0xfee8
    13          Item  4:        type: Field IDs              0x4        size:  6920     offset: 0x1ba14
    14          Item  5:        type: Method IDs             0x5        size: 19819     offset: 0x29254
    15          Item  6:        type: Class Defs             0x6        size:  2051     offset: 0x4fdac
    16          Item  7:        type: Annotations Ref Ref List 0x1002   size:     1     offset: 0x5fe0c
    17          Item  8:        type: Annotations Set Item   0x1003     size:    16     offset: 0x5fe14
    18          Item  9:        type: Code                   0x2001     size: 13667     offset: 0x5fea8
    19          Item 10:        type: Annotations Directory  0x2006     size:    66     offset: 0x1345f0
    20          Item 11:        type: Type List              0x1001     size:  2434     offset: 0x134cc0
    21          Item 12:        type: String Data            0x2002     size: 13460     offset: 0x13aa44
    22          Item 13:        type: Annotation             0x2004     size:    17     offset: 0x18cea3
    23          Item 14:        type: Encoded Array          0x2005     size:   182     offset: 0x18cf41
    24          Item 15:        type: Map                    0x2000     size:  1998     offset: 0x18efc8
    25          Item 16:        type: Map List               0x1000     size:     1     offset: 0x1a9114
    26  Link:         0 bytes   @0x0
    27  String IDs: 13460 strings @0x70
    28  Type   IDs: 2826 types   @0xd2c0
    29  Field  IDs: 6920 fields  @0x1ba14
    30  Proto  IDs: 3993 protos  @0xfee8
    31  Method IDs: 19819 methods @0x29254
    32  Class Defs: 2051 classes @0x4fdac
    33  Data: 1348568 bytes @0x5fe0c

b. 查看dex类信息:

     1  # ./dextra.armv7  classes.dex | more
     2  Warning: Constraint G6 (endian_tag) violated!
     3          Class 0: public final a.a.a.a.a.a               File: No string found (I
     4  ndex: -1)
     5                  2 Instance Fields
     6                  1 Direct Methods
     7                  3 Virtual Methods
     8          Class 1: public final enum a.a.a.a.a.b
     9           extends Ljava/lang/Enum;               File: No string found (Index: -1
    10  )
    11                  6 static fields
    12                  4 Direct Methods
    13          Class 2: public abstract a.a.a.a.a.c            File: No string found (I
    14  ndex: -1)
    15                  6 Virtual Methods
    16          Class 3: public abstract a.a.a.a.a.d            File: No string found (I
    17  ndex: -1)
    18                  1 Virtual Methods
    19          ......

c. 查看指定类的属性和方法:

     1  #./dextra.armv7 -c com.wooyun.summit.MainActivity -f -m classes.dex                          <
     2  Warning: Constraint G6 (endian_tag) violated!
     3          Class 2040: public com.wooyun.summit.MainActivity
     4           extends Lcom/wooyun/summit/BaseActivity;               File: No string found (Index: -1)
     5                  8 Instance Fields
     6                   Field (6871) Name: b type: Landroid/widget/Button; Flags: 0x0
     7                   Field (6872) Name: c type: Landroid/widget/Button; Flags: 0x0
     8                   Field (6873) Name: d type: Landroid/widget/Button; Flags: 0x0
     9                   Field (6874) Name: e type: Landroid/widget/TextView; Flags: 0x0
    10                   Field (6875) Name: f type: Landroid/widget/TextView; Flags: 0x0
    11                   Field (6876) Name: g type: Landroid/widget/TextView; Flags: 0x0
    12                   Field (6877) Name: h type: Lcom/loopj/android/http/AsyncHttpClient; Flags: 0x4
    13                   Field (6878) Name: i type: Ljava/lang/String; Flags: 0x0
    14                  1 Direct Methods
    15                           Method (18861): <init> Access Flags: 0x10001    Params: ()     Returns: V // Constructor
    16                  6 Virtual Methods
    17                           Method (18862): a      Access Flags: 0x1        Params: (ILjava/lang/String;)  Returns: V
    18                           Method (18863): e      Access Flags: 0x4        Params: ()     Returns: V
    19                           Method (18864): f      Access Flags: 0x4        Params: ()     Returns: V
    20                           Method (18866): g      Access Flags: 0x4        Params: ()     Returns: V
    21                           Method (18867): h      Access Flags: 0x1        Params: ()     Returns: J
    22                           Method (18868): onStop Access Flags: 0x4        Params: ()     Returns: V

d. 用java方式展示上述内容:

     1  #./dextra.armv7 -c com.wooyun.summit.MainActivity -f -m -j classes.dex                       <
     2  Warning: Constraint G6 (endian_tag) violated!
     3  /* 2040 */ public class   com.wooyun.summit.MainActivity
     4             extends com.wooyun.summit.BaseActivity       {
     5           /** 8 Instance Fields  **/
     6             android.widget.Button        b;
     7             android.widget.Button        c;
     8             android.widget.Button        d;
     9             android.widget.TextView      e;
    10             android.widget.TextView      f;
    11             android.widget.TextView      g;
    12            protected  com.loopj.android.http.AsyncHttpClient     h;
    13             java.lang.String     i;
    14           /** 1 Direct Methods  **/
    15           public  void <init> (); // Constructor
    16           /** 6 Virtual Methods  **/
    17           public  void a (int, java.lang.String);
    18           protected  void e ();
    19           protected  void f ();
    20           protected  void g ();
    21           public  long h ();
    22           protected  void onStop ();
    23          }  // end class com.wooyun.summit.MainActivity

e. 反编译此类:

     1  #./dextra.armv7 -c com.wooyun.summit.MainActivity -f -m -j -D classes.dex                       <
     2  Warning: Constraint G6 (endian_tag) violated!
     3  /* 2040 */ public class   com.wooyun.summit.MainActivity
     4             extends com.wooyun.summit.BaseActivity       {
     5           /** 8 Instance Fields  **/
     6             android.widget.Button        b;
     7             android.widget.Button        c;
     8             android.widget.Button        d;
     9             android.widget.TextView      e;
    10             android.widget.TextView      f;
    11             android.widget.TextView      g;
    12            protected  com.loopj.android.http.AsyncHttpClient     h;
    13             java.lang.String     i;
    14           /** 1 Direct Methods  **/
    15           public  void <init> (); // Constructor
    16                  {
    17                  result = com.wooyun.summit.BaseActivity.<init>(v1); // (Method@18855(v1))
    18                  v0 = "http://2935cc63796d47603.jie.sangebaimao.com/data.php"; // (String@9552)
    19                  com.wooyun.summit.MainActivity.i = "http://2935cc63796d47603.jie.sangebaimao.com/data.php"; // (Field@6878 = v0)
    20                  return;
    21  
    22                  } // end <init>
    23           /** 6 Virtual Methods  **/
    24           public  void a (int, java.lang.String);
    25                  {
    26                  // 2 Try/catch blocks
    27                  v0 = 0;
    28                  try { // 5 instructions
    29                          v3 =  new a.a.a.a.g.g ; // (Type@184)
    30                          result = a.a.a.a.g.g.<init>(a.a.a.a.g.g, v8); // (Method@843(v3, v8))
    31                          try { // 12 instructions
    32                                  v0 =  new a.a.a.a.k.b ; // (Type@343)
    33                                  v1 = "Content-Type"; // (String@1266)
    34                                  v2 = "application/text"; // (String@7357)
    35                                  result = a.a.a.a.k.b.<init>(a.a.a.a.k.b, "Content-Type", "application/text"); // (Method@2003(v0, v1, v2))
    36                                  result = a.a.a.a.g.g.b(a.a.a.a.g.g, a.a.a.a.k.b); // (Method@846(v3, v0))
    37                                  v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
    38                                  v1 = com.wooyun.summit.MainActivity.a; // (Field@6870)
    39                                  v2 = com.wooyun.summit.MainActivity.i; // (Field@6878)
    40                                  v4 = "application/text"; // (String@7357)
    41                                  v5 =  new com.wooyun.summit.e ; // (Type@2461)
    42                                  result = com.wooyun.summit.e.<init>(com.wooyun.summit.e, v6, v7); // (Method@18895(v5, v6, v7))
    43                                  result = com.loopj.android.http.AsyncHttpClient.patch(); // (Method@18382())
    44                                  return;
    45                                  } catch (Exception v0) {
    46                                  v3 = v0;
    47                                                                  } catch (Exception v0) {
    48  
    49                  } // end a
    50           protected  void e ();
    51                  {
    52                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    53                  result = com.wooyun.summit.MainActivity.setContentView(v1, v0); // (Method@18869(v1, v0))
    54                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    55                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    56                  v0 = result;
    57                  (android.widget.Button) v0; // (Type@2188)
    58                  com.wooyun.summit.MainActivity.b = v0; // (Field@6871 = v0)
    59                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    60                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    61                  v0 = result;
    62                  (android.widget.TextView) v0; // (Type@2235)
    63                  com.wooyun.summit.MainActivity.e = v0; // (Field@6874 = v0)
    64                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    65                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    66                  v0 = result;
    67                  (android.widget.Button) v0; // (Type@2188)
    68                  com.wooyun.summit.MainActivity.c = v0; // (Field@6872 = v0)
    69                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    70                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    71                  v0 = result;
    72                  (android.widget.TextView) v0; // (Type@2235)
    73                  com.wooyun.summit.MainActivity.f = v0; // (Field@6875 = v0)
    74                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    75                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    76                  v0 = result;
    77                  (android.widget.Button) v0; // (Type@2188)
    78                  com.wooyun.summit.MainActivity.d = v0; // (Field@6873 = v0)
    79                  // Not handling const yet.. This is not a bug.. YOU try to implement your own JVM!
    80                  result = com.wooyun.summit.MainActivity.findViewById(v1, v0); // (Method@18865(v1, v0))
    81                  v0 = result;
    82                  (android.widget.TextView) v0; // (Type@2235)
    83                  com.wooyun.summit.MainActivity.g = v0; // (Field@6876 = v0)
    84                  return;
    85  
    86                  } // end e
    87           protected  void f ();
    88                  {
    89                  v3 = 1;
    90                  v0 =  new com.loopj.android.http.AsyncHttpClient ; // (Type@2397)
    91                  result = com.loopj.android.http.AsyncHttpClient.<init>(com.loopj.android.http.AsyncHttpClient); // (Method@18330(v0))
    92                  com.wooyun.summit.MainActivity.h = com.loopj.android.http.AsyncHttpClient; // (Field@6877 = v0)
    93                  v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
    94                  result = com.loopj.android.http.AsyncHttpClient.getHttpClient(com.wooyun.summit.MainActivity.h); // (Method@18363(v0))
    95                  v0 = result;
    96                  result = a.a.a.a.b.j.a(com.wooyun.summit.MainActivity.h); // (Method@361(v0))
    97                  v0 = result;
    98                  v1 = "http.protocol.allow-circular-redirects"; // (String@9519)
    99                  result = java.lang.Boolean.valueOf(1); // (Method@19035(v3))
   100                  v2 = result;
   101                  result = a.a.a.a.l.e.a(com.wooyun.summit.MainActivity.h, "http.protocol.allow-circular-redirects", v2); // (Method@2213(v0, v1, v2))
   102                  v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
   103                  v1 = 6000;
   104                  result = com.loopj.android.http.AsyncHttpClient.setTimeout(com.wooyun.summit.MainActivity.h, 6000); // (Method@18423(v0, v1))
   105                  v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
   106                  v1 = 3000;
   107                  result = com.loopj.android.http.AsyncHttpClient.setMaxRetriesAndTimeout(com.wooyun.summit.MainActivity.h, 1, 3000); // (Method@18416(v0, v3, v1))
   108                  return;
   109  
   110                  } // end f
   111           protected  void g ();
   112                  {
   113                  v0 = com.wooyun.summit.MainActivity.b; // (Field@6871)
   114                  v1 =  new com.wooyun.summit.b ; // (Type@2458)
   115                  result = com.wooyun.summit.b.<init>(com.wooyun.summit.b, v2); // (Method@18889(v1, v2))
   116                  result = android.widget.Button.setOnClickListener(com.wooyun.summit.MainActivity.b, com.wooyun.summit.b); // (Method@17017(v0, v1))
   117                  v0 = com.wooyun.summit.MainActivity.c; // (Field@6872)
   118                  v1 =  new com.wooyun.summit.c ; // (Type@2459)
   119                  result = com.wooyun.summit.c.<init>(com.wooyun.summit.c, v2); // (Method@18891(v1, v2))
   120                  result = android.widget.Button.setOnClickListener(com.wooyun.summit.MainActivity.c, com.wooyun.summit.c); // (Method@17017(v0, v1))
   121                  v0 = com.wooyun.summit.MainActivity.d; // (Field@6873)
   122                  v1 =  new com.wooyun.summit.d ; // (Type@2460)
   123                  result = com.wooyun.summit.d.<init>(com.wooyun.summit.d, v2); // (Method@18893(v1, v2))
   124                  result = android.widget.Button.setOnClickListener(com.wooyun.summit.MainActivity.d, com.wooyun.summit.d); // (Method@17017(v0, v1))
   125                  return;
   126  
   127                  } // end g
   128           public  long h ();
   129                  {
   130                  v0 =  new java.util.Date ; // (Type@2636)
   131                  result = java.util.Date.<init>(java.util.Date); // (Method@19557(v0))
   132                  result = java.util.Date.getTime(java.util.Date); // (Method@19559(v0))
   133                  v0 = result;
   134                  { v2, v3 } = 1000; // @TODO here
   135                  // Not handling div-long/2addr yet.. This is not a bug.. YOU try to implement your own JVM!
   136                  return java.util.Date // v0;
   137  
   138                  } // end h
   139           protected  void onStop ();
   140                  {
   141                  result = com.wooyun.summit.BaseActivity.onStop(v3); // (Method@18860(v3))
   142                  v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
   143                  if (com.wooyun.summit.MainActivity.h != null)    // if-eqz v0, +10 = 0xf ;
   144                  {
   145                          v0 = com.wooyun.summit.MainActivity.h; // (Field@6877)
   146                          v1 = com.wooyun.summit.MainActivity.a; // (Field@6870)
   147                          v2 = 1;
   148                          result = com.loopj.android.http.AsyncHttpClient.cancelRequests(com.wooyun.summit.MainActivity.h, com.wooyun.summit.MainActivity.a, 1); // (Method@18342(v0, v1, v2))
   149                  };
   150                  return;
   151  
   152                  } // end onStop
   153          }  // end class com.wooyun.summit.MainActivity

的确非常强大!!!,但如果就是这样,很多其他工具也可以做到。继续看:

  1. 再来看看分析OAT:
    a. 查看oat头信息:
     1  # ./dextra.armv7 -h fm.oat
     2  M (PR3) OAT file (064)
     3  Checksum: 0x906c6169
     4  Instruction set: Thumb2 -a53
     5  DEX files: 13
     6  Executable offset: 0x1ec9000
     7  Interpreter to interpreter bridge   @0x1ec9001
     8  Interpreter to compiled code bridge @0x1ec9009
     9  JNI DLSym Lookup @0x1ec9011
    10  portable resolution trampoline @0x1ec9029 (0x72be0029)
    11  Portable to interpreter bridge @0x1ec9031 (0x72be0031)
    12  Generic JNI Trampoline @0x1ec9039 (0x72be0039)
    13  Quick IMT conflict trampoline @0x338000
    14  Key value store Len: 2301
    15          Key: debuggable Value: false
    16          Key: dex2oat-cmdline    Value: --runtime-arg -Xms64m --runtime-arg -Xmx64m --image-classes=frameworks/base/preloaded-classes --dex-file=out/target/common/obj/JAVA_LIBRARIES/core-libart_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/conscrypt_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/okhttp_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/core-junit_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/bouncycastle_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/ext_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/framework_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/telephony-common_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/voip-common_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/ims-common_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/apache-xml_intermediates/javalib.jar --dex-file=out/target/common/obj/JAVA_LIBRARIES/org.apache.http.legacy.boot_intermediates/javalib.jar --dex-location=/system/framework/core-libart.jar --dex-location=/system/framework/conscrypt.jar --dex-location=/system/framework/okhttp.jar --dex-location=/system/framework/core-junit.jar --dex-location=/system/framework/bouncycastle.jar --dex-location=/system/framework/ext.jar --dex-location=/system/framework/framework.jar --dex-location=/system/framework/telephony-common.jar --dex-location=/system/framework/voip-common.jar --dex-location=/system/framework/ims-common.jar --dex-location=/system/framework/apache-xml.jar --dex-location=/system/framework/org.apache.http.legacy.boot.jar --oat-symbols=out/target/product/angler/symbols/system/framework/arm/boot.oat --oat-file=out/target/product/angler/dex_bootjars/system/framework/arm/boot.oat --oat-location=/system/framework/arm/boot.oat --image=out/target/product/angler/dex_bootjars/system/framework/arm/boot.art --base=0x70000000 --instruction-set=arm --instruction-set-variant=cortex-a7 --instruction-set-features=default --android-root=out/target/product/angler/system --include-patch-information --runtime-arg -Xnorelocate --no-generate-debug-info
    17          Key: dex2oat-host       Value: X86_64
    18          Key: pic        Value: false

b. 从oat中抽取dex:

     1  # ./dextra.armv7 -dextract fm.oat
     2  M (PR3) OAT file (064)
     3  Dex header @0xf211a45c (3137 classes) at 0xf45c: /system/framework/core-libart.jar
     4   Written to system@framework@core-libart.jar@classes.dex
     5  Dex header @0xf25f9b6c (158 classes) at 0x4eeb6c: /system/framework/conscrypt.jar
     6   Written to system@framework@conscrypt.jar@classes.dex
     7  Dex header @0xf263bdb0 (214 classes) at 0x530db0: /system/framework/okhttp.jar
     8   Written to system@framework@okhttp.jar@classes.dex
     9  Dex header @0xf2699bb0 (20 classes) at 0x58ebb0: /system/framework/core-junit.jar
    10   Written to system@framework@core-junit.jar@classes.dex
    11  Dex header @0xf269fc60 (915 classes) at 0x594c60: /system/framework/bouncycastle.jar
    12   Written to system@framework@bouncycastle.jar@classes.dex
    13  Dex header @0xf27d0030 (599 classes) at 0x6c5030: /system/framework/ext.jar
    14   Written to system@framework@ext.jar@classes.dex
    15  Dex header @0xf28bf180 (6075 classes) at 0x7b4180: /system/framework/framework.jar
    16   Written to system@framework@framework.jar@classes.dex
    17  Dex header @0xf326a688 (2008 classes) at 0x115f688: /system/framework/framework.jar:classes2.dex
    18   Written to system@framework@framework.jar:classes2.dex@classes.dex
    19  Dex header @0xf3689084 (553 classes) at 0x157e084: /system/framework/telephony-common.jar
    20   Written to system@framework@telephony-common.jar@classes.dex
    21  Dex header @0xf383cd70 (73 classes) at 0x1731d70: /system/framework/voip-common.jar
    22   Written to system@framework@voip-common.jar@classes.dex
    23  Dex header @0xf38624b0 (41 classes) at 0x17574b0: /system/framework/ims-common.jar
    24   Written to system@framework@ims-common.jar@classes.dex
    25  Dex header @0xf387ce20 (655 classes) at 0x1771e20: /system/framework/apache-xml.jar
    26   Written to system@framework@apache-xml.jar@classes.dex
    27  Dex header @0xf39af138 (448 classes) at 0x18a4138: /system/framework/org.apache.http.legacy.boot.jar
    28   Written to system@framework@org.apache.http.legacy.boot.jar@classes.dex

c. 抽取结果:

     1  # ls -al
     2  -rw-r--r-- root     root     56842760 2016-06-23 16:38 fm.oat
     3  -rw------- root     root      1254168 2016-06-23 16:41 system@framework@apache-xml.jar@classes.dex
     4  -rw------- root     root      1246160 2016-06-23 16:41 system@framework@bouncycastle.jar@classes.dex
     5  -rw------- root     root       270916 2016-06-23 16:41 system@framework@conscrypt.jar@classes.dex
     6  -rw------- root     root        24752 2016-06-23 16:41 system@framework@core-junit.jar@classes.dex
     7  -rw------- root     root      5109520 2016-06-23 16:41 system@framework@core-libart.jar@classes.dex
     8  -rw------- root     root       979280 2016-06-23 16:41 system@framework@ext.jar@classes.dex
     9  -rw------- root     root      4319740 2016-06-23 16:41 system@framework@framework.jar:classes2.dex@classes.dex
    10  -rw------- root     root     10138888 2016-06-23 16:41 system@framework@framework.jar@classes.dex
    11  -rw------- root     root       108912 2016-06-23 16:41 system@framework@ims-common.jar@classes.dex
    12  -rw------- root     root       384512 2016-06-23 16:41 system@framework@okhttp.jar@classes.dex
    13  -rw------- root     root       500104 2016-06-23 16:41 system@framework@org.apache.http.legacy.boot.jar@classes.dex
    14  -rw------- root     root      1785068 2016-06-23 16:41 system@framework@telephony-common.jar@classes.dex
    15  -rw------- root     root       153408 2016-06-23 16:41 system@framework@voip-common.jar@classes.dex

d. 也可以像上面一样直接看某个类的信息:

     1  # ./dextra.armv7 -c android.icu.impl.Utility -m -f -j -D fm.oat |more                    <
     2  // core-libart.jar:     Class 330 @0x1921408  (Landroid/icu/impl/Utility;)
     3  class android.icu.impl.Utility{
     4           static  void <clinit> (); // Class Constructor
     5                  {
     6                  v1 = 16;
     7                  // Not handling const-string/jumbo yet.. This is not a bug.. YOU
     8   try to implement your own JVM!
     9                  result = java.lang.System.getProperty(v0); // (Method@13627(v0))
    10  
    11                  v0 = result;
    12                  android.icu.impl.Utility.LINE_SEPARATOR = v0; // (Field@1482)
    13                  v0 = new char[]         // Not handling fill-array-data yet.. Th
    14  is is not a bug.. YOU try to implement your own JVM!
    15                  android.icu.impl.Utility.HEX_DIGIT = v0; // (Field@1481)
    16                  v0 = new char[]         // Not handling fill-array-data yet.. Th
    17  is is not a bug.. YOU try to implement your own JVM!
    18                  android.icu.impl.Utility.UNESCAPE_MAP = v0; // (Field@1484)
    19                  v0 = 36;
    20                  v0 = new char[]         // Not handling fill-array-data yet.. Th
    21  is is not a bug.. YOU try to implement your own JVM!
    22                  android.icu.impl.Utility.DIGITS = v0; // (Field@1478)
    23                  return;
    24                  /* 0x23 nop */
    25                                  /* 0024: fill-array-data-payload (16 elements, w
    26  idth 2) */
    27                  /* array[0] = 48 */
    28                  /* array[1] = 49 */

真是强大到爆。

官网还有其他更多的例子,大家自己去摸索。

Android
Web note ad 1