How to create a new project in Android

Content

1. A simple tutorial on a useful tool (Insight)

What can you learn?

A super powerful analysis assistant software.

2.Android optimization process analysis

What can you learn?

1. In-depth understanding of the Android optimization process
2. Close observation of the Android source code
2. You can see the functions in the lower part of the big boss’ shell

3.Android DEX file analysis Analysis

What can you learn?

1. Other functions that can be downloaded
2. The process of parsing dex files
3. A little knowledge about shelling and downloading

4. Analysis of Android DEX class loading process

What can you learn?

1. The complete process of class loading
2. Selection of shelling and reinforcement classes

0x01 A simple tutorial on a useful tool (Insight)

This software is very useful for Analysis of c/c and java source code has strong auxiliary functions, which will be used later, so a brief introduction is given.

Tools can be found in the attachment. Just upload and download separately.

SI3US-205035-36448

A registration code is provided here.

Install, next, next.

#Create a new project

Select new project.

Single machine OK

Select the first one

Select Add Tree, which means adding them all.

After loading is complete

we will use this software for analysis.

Android Optimization Process Analysis

I want to be verbose. At this time, I know the importance of English. Of course, my English is not good, but I can look it up in the dictionary.

1.extractAndProcessZip

Let’s not talk about this content first, let’s take a look at the name of this function. extract: Extract, and and, Process process Zip, compressed file format, we all know that apk is actually a zip compressed package.
Then the meaning of this function is the process of extracting zip.

Then let’s analyze it step by step.

Here is the intermediate variable definition of extractAndProcessZip. It is not the focus of our research.

DexClassVerifyMode verifyMode = VERIFY_MODE_ALL;

This sentence defines verifyMode, which is the verification module. The data initialized here is VERIFY_MODE_ALL, which means that everything is verified.

Thinking

If we make changes here, can we skip this verification.

Let’s look at other values.

If you have an idea, you can define this value yourself.

DexOptimizerMode dexOptMode = OPTIMIZE_MODE_VERIFIED;

Let’s continue looking down.

There is a function called dexOptCreateEmptyHeader which, as the name suggests, creates an empty header for dex optimization..

dexOffset, record the file position so we can get back here later, is actually the starting position of reading the dex file.

Let’s look at the next function.

Open the zip archive, find the DEX entry.
Obviously, what this part is doing is to find the dex file from the apk.

Then proceed with analysis.

Function to extract some offsets of dex.

Extract the DEX data into the cache file at the current offset. Record some offsets of the dex file.

The next thing to talk about is the process of dex odexing.

This is where verification is optimized.

You can modify the optimization process here, and even remove the optimization verification.

Think about
Where does the data here come from and where to compare it. ·
These data are compared in build.prop.

2. Continue to optimize

Let’s follow up on the dvmContinueOptimization function.

PS:
We are about to come into contact with a very important place that is very related to shelling

Open the dvmContinueOptimization function

The first is a judgment.

#Then there is a write to the dex file.

Then read on (the important point is coming)

##dvmDexFileOpenPartial. If you have seen other people’s shelling tutorials before, you must know it. Here is the frequently used endpoint. I only knew to download it before, but now I know that this function exists in the source code.

Let’s take a look at the call of the dvmDexFileOpenPartial function

It is called twice here, and once is its own definition.

Let’s take a look at the prototype of dvmDexFileOpenPartial first

int dvmDexFileOpenPartial(const void* addr, int len, DvmDex** ppDvmDex)

Parameter 1: The base of the loaded DEX file in memory Address. (That is, DEX.035)
Parameter 2: The file length of the loaded DEX file,
Parameter 3: Output parameter, the DEX file is converted into a DvmDex structure, which contains the classes, fields, and methods of the Dex file. String information. The object that Dalivk operates on the Dex file is the structure structure

Finally, the header information is written here.

0x03 Android DEX file parsing and analysis

dvmRawDexFileOpen() This function is the key function we need to understand. It is in RawDexFile .cpp function.

First define the basic variables.

#We all know that a very important thing in the file format is the magic number, so here is the first step to determine the magic number, verifyMagicAndGetAdler32. The magic here is the magic number.

Here is the verification of time and file size.

This function is a key function, and it is also a function that we need to focus on analyzing. Its main function is to generate the odex file corresponding to dex, also It is the so-called odexization. Let's follow up the function to see.

The following is part of the dexOptGenerateCacheFileName() function. Our main thing is to see where it is output.

Here you can see that it is generated in the data directory, ALOGV("Cache file for '%s' '%s' is '%s'" , fileName, subFileName, nameBuf);

Format like this.

That is to say, our odex file has been generated here.

The next thing to do is this function dvmDexFileOpenFromFd(), further optimize, complete the mapping, and set it as a readable file. Open this function. The location is in DvmDex.cpp.

#Let’s first look at where this function is called.

The place where this function is called is our key function dvmRawDexFileOpen. This function first calls dexOptGenerateCacheFileName to generate odex, and then calls dvmDexFileOpenFromFd for another optimization.

The last step in optimization is dexFileParse(), which is to parse DEX. This position is briefly summarized in DexFile

.

dvmRawDexFileOpen() main control function - dexOptGenerateCacheFileName() generates the corresponding odex - dvmDexFileOpenFromFd() further optimizes - dexFileParse() parses dex.

PS: Tips

When dexfileopenpartial is in the next section, you may find that there is no way to break it, then we can choose dexOptGenerateCacheFileNamePKcS0, dvmdexfileopenfromfd and other functions to proceed to the next section.

Generally speaking, dexfileopenpartial is better at handling things with shells.

0x04 Android Dex class loading process

Other source codes are guided by a main control function to guide other key functions to operate. The dex class loading process is also like this.

Its main control function is Dalvik_dalvik_system_DexFile_defineClassNative()

##There is also a function that needs attention Dalvik_dalvik_system_DexFile_openDexFileNative

What needs to be noted here is that there are two places where you can dump.

Let’s continue to look at our main control function.

There is such a call in the main control function.

This call is to verify the cookie, but this cookie is likely to be the decrypted dex cookie, so you can also dump this cookie here.

Then look down.

dvmDefineClass function, this function is a function that confirms class loading.

#The function makes a judgment on its own, but what is returned is indeed a big head. Let's follow up on this function to see.

The most important thing here is clazz, which is the dynamically loaded class.

His value is returned by the loadClassFromDex function, so we will take a further look.

#See such a structure here.

Let’s take a look at the details of this structure.

Whether this structure is exactly the same as the dex structure shows that this is what we need.

The above is the detailed content of How to create a new project in Android. For more information, please follow other related articles on the PHP Chinese website!