DEX

Utilities

bool LIEF::DEX::is_dex(const std::string &file)

Check if the given file is a DEX.

bool LIEF::DEX::is_dex(const std::vector<uint8_t> &raw)

Check if the given raw data is a DEX.

dex_version_t LIEF::DEX::version(const std::string &file)

Return the DEX version of the given file.

dex_version_t LIEF::DEX::version(const std::vector<uint8_t> &raw)

Return the DEX version of the raw data.


Parser

class Parser

Class which parses a DEX file to produce a DEX::File object.

Public Functions

Parser &operator=(const Parser &copy) = delete
Parser(const Parser &copy) = delete

Public Static Functions

static std::unique_ptr<File> parse(const std::string &file)

Parse the DEX file from the file path given in parameter.

static std::unique_ptr<File> parse(std::vector<uint8_t> data, const std::string &name = "")

File

class File : public LIEF::Object

Class that represents a DEX file.

Public Types

using classes_t = std::unordered_map<std::string, Class*>
using classes_list_t = std::vector<std::unique_ptr<Class>>
using it_classes = ref_iterator<classes_list_t&, Class*>
using it_const_classes = const_ref_iterator<const classes_list_t&, const Class*>
using methods_t = std::vector<std::unique_ptr<Method>>
using it_methods = ref_iterator<methods_t&, Method*>
using it_const_methods = const_ref_iterator<const methods_t&, const Method*>
using strings_t = std::vector<std::unique_ptr<std::string>>
using it_strings = ref_iterator<strings_t&, std::string*>
using it_const_strings = const_ref_iterator<const strings_t&, const std::string*>
using types_t = std::vector<std::unique_ptr<Type>>
using it_types = ref_iterator<types_t&, Type*>
using it_const_types = const_ref_iterator<const types_t&, const Type*>
using prototypes_t = std::vector<std::unique_ptr<Prototype>>
using it_prototypes = ref_iterator<prototypes_t&, Prototype*>
using it_const_prototypes = const_ref_iterator<const prototypes_t&, const Prototype*>
using fields_t = std::vector<std::unique_ptr<Field>>
using it_fields = ref_iterator<fields_t&, Field*>
using it_const_fields = const_ref_iterator<const fields_t&, const Field*>

Public Functions

File &operator=(const File &copy) = delete
File(const File &copy) = delete
dex_version_t version() const

Version of the current DEX file.

const std::string &name() const

Name of this file.

void name(const std::string &name)
const std::string &location() const

Location of this file.

void location(const std::string &location)
const Header &header() const

DEX header.

Header &header()
it_const_classes classes() const

All classes used in the DEX file

it_classes classes()
bool has_class(const std::string &class_name) const

Check if the given class name exists.

const Class *get_class(const std::string &class_name) const

Return the DEX::Class object associated with the given name.

Class *get_class(const std::string &class_name)
const Class *get_class(size_t index) const

Return the DEX::Class object associated with the given index.

Class *get_class(size_t index)
dex2dex_info_t dex2dex_info() const

De-optimize information.

std::string dex2dex_json_info() const

De-optimize information as JSON.

it_const_methods methods() const

Return an iterator over all the DEX::Method used in this DEX file.

it_methods methods()
it_const_fields fields() const

Return an iterator over all the DEX::Field used in this DEX file.

it_fields fields()
it_const_strings strings() const

String pool.

it_strings strings()
it_const_types types() const

Type pool.

it_types types()
it_prototypes prototypes()

Prototype pool.

it_const_prototypes prototypes() const
const MapList &map() const

DEX Map.

MapList &map()
std::string save(const std::string &path = "", bool deoptimize = true) const

Extract the current dex file and deoptimize it.

std::vector<uint8_t> raw(bool deoptimize = true) const
virtual void accept(Visitor &visitor) const override
~File() override

Friends

friend std::ostream &operator<<(std::ostream &os, const File &file)


Method

class Method : public LIEF::Object

Class which represents a DEX::Method.

Public Types

using access_flags_list_t = std::vector<ACCESS_FLAGS>
using bytecode_t = std::vector<uint8_t>

Public Functions

Method()
Method(std::string name, Class *parent = nullptr)
Method(const Method&)
Method &operator=(const Method&)
const std::string &name() const

Name of the Method.

bool has_class() const

True if a class is associated with this method.

const Class *cls() const

DEX::Class associated with this Method or a nullptr if not resolved.

Class *cls()
uint64_t code_offset() const

Offset to the Dalvik Bytecode.

const bytecode_t &bytecode() const

Dalvik Bytecode as bytes.

size_t index() const

Index in the DEX Methods pool.

bool is_virtual() const

True if this method is a virtual one. i.e. not static, private, finale or constructor.

const Prototype *prototype() const

Method’s prototype or a nullptr if it is not resolved.

Prototype *prototype()
void insert_dex2dex_info(uint32_t pc, uint32_t index)
virtual void accept(Visitor &visitor) const override
const dex2dex_method_info_t &dex2dex_info() const
bool has(ACCESS_FLAGS f) const

Check if the current method has the given ACCESS_FLAGS.

access_flags_list_t access_flags() const

ACCESS_FLAGS as an std::set.

~Method() override

Friends

friend std::ostream &operator<<(std::ostream &os, const Method &mtd)

Class

class Class : public LIEF::Object

Class which represents a DEX Class (i.e. a Java/Kotlin class)

Public Types

using access_flags_list_t = std::vector<ACCESS_FLAGS>
using methods_t = std::vector<Method*>
using it_methods = ref_iterator<methods_t&>
using it_const_methods = const_ref_iterator<const methods_t&>
using fields_t = std::vector<Field*>
using it_fields = ref_iterator<fields_t&>
using it_const_fields = const_ref_iterator<const fields_t&>
using it_named_methods = filter_iterator<methods_t&>
using it_const_named_methods = const_filter_iterator<const methods_t&>
using it_named_fields = filter_iterator<fields_t&>
using it_const_named_fields = const_filter_iterator<const fields_t&>

Public Functions

Class()
Class(const Class&) = delete
Class &operator=(const Class&) = delete
Class(std::string fullname, uint32_t access_flags = ACCESS_FLAGS::ACC_UNKNOWN, Class *parent = nullptr, std::string source_filename = "")
const std::string &fullname() const

Mangled class name (e.g. Lcom/example/android/MyActivity;)

std::string package_name() const

Package Name.

std::string name() const

Class name.

std::string pretty_name() const

Demangled class name.

bool has(ACCESS_FLAGS f) const

Check if the class has the given access flag.

access_flags_list_t access_flags() const

Access flags used by this class.

const std::string &source_filename() const

Filename associated with this class (if any)

bool has_parent() const

True if the current class extends another one.

const Class *parent() const

Parent class.

Class *parent()
it_const_methods methods() const

Methods implemented in this class.

it_methods methods()
it_named_methods methods(const std::string &name)

Return Methods having the given name.

it_const_named_methods methods(const std::string &name) const
it_const_fields fields() const

Fields implemented in this class.

it_fields fields()
it_named_fields fields(const std::string &name)

Return Fields having the given name.

it_const_named_fields fields(const std::string &name) const
dex2dex_class_info_t dex2dex_info() const

De-optimize information.

size_t index() const

Original index in the DEX class pool.

virtual void accept(Visitor &visitor) const override
~Class() override

Public Static Functions

static std::string package_normalized(const std::string &pkg_name)
static std::string fullname_normalized(const std::string &pkg_cls)
static std::string fullname_normalized(const std::string &pkg, const std::string &cls_name)

Friends

friend std::ostream &operator<<(std::ostream &os, const Class &cls)

Field

class Field : public LIEF::Object

Class which represent a DEX Field.

Public Types

using access_flags_list_t = std::vector<ACCESS_FLAGS>

Public Functions

Field()
Field(std::string name, Class *parent = nullptr)
Field(const Field&)
Field &operator=(const Field&)
const std::string &name() const

Name of the Field.

bool has_class() const

True if a class is associated with this field (which should be the case)

const Class *cls() const

Class associated with this Field.

Class *cls()
size_t index() const

Index in the DEX Fields pool.

bool is_static() const

True if this field is a static one.

const Type *type() const

Field’s prototype.

Type *type()
virtual void accept(Visitor &visitor) const override
bool has(ACCESS_FLAGS f) const

Check if the field has the given ACCESS_FLAGS.

access_flags_list_t access_flags() const

ACCESS_FLAGS as a list.

~Field() override

Friends

friend std::ostream &operator<<(std::ostream &os, const Field &mtd)

Code Info

class CodeInfo : public LIEF::Object

Public Functions

CodeInfo()
CodeInfo(const details::code_item &codeitem)
CodeInfo(const CodeInfo&)
CodeInfo &operator=(const CodeInfo&)
virtual void accept(Visitor &visitor) const override
~CodeInfo() override

Friends

friend std::ostream &operator<<(std::ostream &os, const CodeInfo &cinfo)

Prototype

class Prototype : public LIEF::Object

Class which represents a DEX method prototype.

Public Types

using parameters_type_t = std::vector<Type*>
using it_params = ref_iterator<parameters_type_t>
using it_const_params = const_ref_iterator<const parameters_type_t>

Public Functions

Prototype()
Prototype(const Prototype &other)
const Type *return_type() const

Type returned or a nullptr if not resolved.

Type *return_type()
it_const_params parameters_type() const

Types of the parameters.

it_params parameters_type()
virtual void accept(Visitor &visitor) const override
~Prototype() override

Friends

friend std::ostream &operator<<(std::ostream &os, const Prototype &type)

Type

class Type : public LIEF::Object

Class which represents a DEX type as described in the format specifications: https://source.android.com/devices/tech/dalvik/dex-format#typedescriptor.

Public Types

enum class TYPES

Values:

enumerator UNKNOWN = 0
enumerator PRIMITIVE = 1
enumerator CLASS = 2
enumerator ARRAY = 3
enum class PRIMITIVES

Values:

enumerator VOID_T = 0x01
enumerator BOOLEAN = 0x02
enumerator BYTE = 0x03
enumerator SHORT = 0x04
enumerator CHAR = 0x05
enumerator INT = 0x06
enumerator LONG = 0x07
enumerator FLOAT = 0x08
enumerator DOUBLE = 0x09
using array_t = std::vector<Type>

Public Functions

Type()
Type(const std::string &mangled)
Type(const Type &other)
TYPES type() const

Whether it is a primitive type, a class, …

const Class &cls() const
const array_t &array() const
const PRIMITIVES &primitive() const
Class &cls()

IF the current type is a TYPES::CLASS, return the associated DEX::CLASS. Otherwise the returned value is undefined.

array_t &array()

IF the current type is a TYPES::ARRAY, return the associated array. Otherwise the returned value is undefined.

PRIMITIVES &primitive()

IF the current type is a TYPES::PRIMITIVE, return the associated PRIMITIVES. Otherwise the returned value is undefined.

size_t dim() const

Return the array dimension if the current type is an array. Otherwise it returns 0.

const Type &underlying_array_type() const

In the case of a TYPES::ARRAY, return the array’s type.

Type &underlying_array_type()
virtual void accept(Visitor &visitor) const override
~Type() override

Public Members

Class *cls_ = {nullptr}
array_t *array_
PRIMITIVES *basic_

Public Static Functions

static std::string pretty_name(PRIMITIVES p)

Friends

friend std::ostream &operator<<(std::ostream &os, const Type &type)

MapList

class MapList : public LIEF::Object

Class which represents the map_list structure that follows the main DEX header.

This MapList aims at referencing the location of other DEX structures as described in https://source.android.com/devices/tech/dalvik/dex-format#map-item

Public Types

using items_t = std::map<MapItem::TYPES, MapItem>
using it_items_t = ref_iterator<std::vector<MapItem*>>
using it_const_items_t = const_ref_iterator<std::vector<MapItem*>>

Public Functions

MapList()
MapList(const MapList&)
MapList &operator=(const MapList&)
it_items_t items()

Iterator over LIEF::DEX::MapItem.

it_const_items_t items() const
bool has(MapItem::TYPES type) const

Check if the given type exists.

const MapItem &get(MapItem::TYPES type) const

Return the LIEF::DEX::MapItem associated with the given type.

MapItem &get(MapItem::TYPES type)

Return the LIEF::DEX::MapItem associated with the given type.

const MapItem &operator[](MapItem::TYPES type) const

Return the LIEF::DEX::MapItem associated with the given type.

MapItem &operator[](MapItem::TYPES type)

Return the LIEF::DEX::MapItem associated with the given type.

virtual void accept(Visitor &visitor) const override
~MapList() override

Friends

friend std::ostream &operator<<(std::ostream &os, const MapList &mtd)

MapItem

class MapItem : public LIEF::Object

Class which represents an element of the MapList object.

Public Types

enum class TYPES : uint16_t

Values:

enumerator HEADER = 0x0000
enumerator STRING_ID = 0x0001
enumerator TYPE_ID = 0x0002
enumerator PROTO_ID = 0x0003
enumerator FIELD_ID = 0x0004
enumerator METHOD_ID = 0x0005
enumerator CLASS_DEF = 0x0006
enumerator CALL_SITE_ID = 0x0007
enumerator METHOD_HANDLE = 0x0008
enumerator MAP_LIST = 0x1000
enumerator TYPE_LIST = 0x1001
enumerator ANNOTATION_SET_REF_LIST = 0x1002
enumerator ANNOTATION_SET = 0x1003
enumerator CLASS_DATA = 0x2000
enumerator CODE = 0x2001
enumerator STRING_DATA = 0x2002
enumerator DEBUG_INFO = 0x2003
enumerator ANNOTATION = 0x2004
enumerator ENCODED_ARRAY = 0x2005
enumerator ANNOTATIONS_DIRECTORY = 0x2006

Public Functions

MapItem()
MapItem(TYPES type, uint32_t offset, uint32_t size, uint16_t reserved = 0)
MapItem(const MapItem&)
MapItem &operator=(const MapItem&)
TYPES type() const

The type of the item.

uint16_t reserved() const

Reserved value (likely for alignment prupose)

uint32_t size() const

The number of elements (the real meaning depends on the type)

uint32_t offset() const

Offset from the start of the DEX file to the items associated with the underlying TYPES.

virtual void accept(Visitor &visitor) const override
~MapItem() override

Friends

friend std::ostream &operator<<(std::ostream &os, const MapItem &item)