Dalvik 或 Java 虚拟机参考?

发布于 2024-10-14 15:53:12 字数 277 浏览 4 评论 0原文

我目前正在研究 Dalvik 字节码,但由于我缺乏编译器背景,我发现它有点难以掌握设计。我很确定没有人写过一本关于 Dalvik 的书(或者我可能是错的),所以有人可以建议我一本关于 Java VM 的参考资料,其中包含一些实践示例吗?具体来说,我感兴趣的是:

  • 了解如何解释生成的字节码
  • 使用 VM 规范(Dalvik 或 Java)将字节码反编译为中间表示,然后将其编译回来

简而言之,我可能正在寻找的是学习逆向工程字节码,以便我可以分析它的漏洞。有什么建议吗?

I am looking into Dalvik bytecode currently but as I lack a compiler background, I am finding it a little hard to grasp the design. I am pretty sure no one has written a book on Dalvik (or I could be wrong) so can someone suggest me a reference on the Java VM that contains some hands-on examples? Specifically, what I am interested in are:

  • Understand how to interpret the generated byte-code
  • Using VM specifications (Dalvik or Java) to decompile the byte code into an intermediate representation and then compile it back

In short, probably what I am looking for is to learn reverse engineering byte code so that I can analyze it for vulnerabilities. Any suggestions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

迷乱花海 2024-10-21 15:53:12

作为参考资料,没有什么比 dalvik 文档更好的了。您可以在 AOSP 的 dalvik 子项目中找到它们,或者现在可以在 在线获取它们。 http://s.android.com/tech/dalvik/index.html

字节码格式(或 dalvik 项目中的 dalvik-bytecode.html)可能是您最感兴趣的一种。.Dex 格式 (dex-format.html) 也很有用,指令格式 (instruction-formats.html)

有关字节码的更多一般信息,请查看 http://code.google.com/p/smali/wiki/Registershttp://code.google.com/p/smali/wiki/TypesMethodsAndFields

您肯定需要一些工具。我自然非常偏爱 smali/baksmali,它是当前唯一可用的汇编器/反汇编器对。还有一个名为 dedexer 的反汇编程序(但没有汇编程序)和 dexdump,它随 AOSP 代码库一起提供,并提供dex 文件的低级转储 - 不仅仅是字节码,还有所有 dex 结构(baksmali 有类似的输出,带有 -D 选项)。

您可能还对 apktool 感兴趣,它使用 smali/baksmali,但还具有能够反转 apk 中“编译的”xml 文件。

有一些工具可以将 dalvik 字节码转换回 java 字节码,尽管我认为它们还不是 100% - undxdex2jar

For reference material, nothing beats the dalvik docs. You can find these either in the dalvik sub-project in AOSP, or they are now available online at http://s.android.com/tech/dalvik/index.html

Bytecode format (or dalvik-bytecode.html in the dalvik project) is probably the one that you would be most interested in. .Dex Format (dex-format.html) is also useful, as is Instruction Formats (instruction-formats.html)

For some more general information about the bytecode, check out http://code.google.com/p/smali/wiki/Registers and http://code.google.com/p/smali/wiki/TypesMethodsAndFields

You'll definitely want a few tools. I'm naturally quite partial to smali/baksmali, which is the only assembler/disassembler pair currently available. There is also a disassembler called dedexer (but no assembler), and dexdump, which comes with the AOSP codebase and provides a low-level dump of dex files - not just the bytecode, but all the dex structures as well (baksmali has similar output, with the -D option).

You might also be interested in apktool, which uses smali/baksmali, but also has the ability to reverse the "compiled" xml files in an apk.

There are a couple of tools out there that convert dalvik bytecode back to java bytecode, although I don't think they're 100% yet - undx and dex2jar

平安喜乐 2024-10-21 15:53:12

已经有一些工具可以对 .dex 文件进行逆向工程,以生成人类可读的字节代码表示形式。最流行的语言之一是 baksmali,您可以在这里找到它:http://code.google.com /p/smali/

通过谷歌搜索可以轻松找到字节码本身的描述。这是第三个结果:http://www.netmite。 com/android/mydroid/dalvik/docs/dalvik-bytecode.html

如果您要进行逆向工程布局,则还需要一个二进制 xml 到 xml 转换器。还有另一个堆栈溢出问题提到了一些用于执行此操作的工具: Parse versionCode from android apk files

There are already tools for reverse engineering .dex files to generate a human-readable representations of the byte codes. One of the most popular is baksmali, which you can find here: http://code.google.com/p/smali/.

A description of the byte codes themselves can be found easily by Googling. Here was the third results: http://www.netmite.com/android/mydroid/dalvik/docs/dalvik-bytecode.html.

If you are reverse engineering layouts, you'll need a binary-xml-to-xml converter as well. There's another stack overflow question that mentions a few tools for doing that: Parse versionCode from android apk files

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文