DEX

Utilities

lief.DEX.is_dex(*args, **kwargs)

Overloaded function.

  1. is_dex(path: str) -> bool

Check if the file given in parameter is a DEX

  1. is_dex(raw: List[int]) -> bool

Check if the raw data given in parameter is a DEX

lief.DEX.version(*args, **kwargs)

Overloaded function.

  1. version(file: str) -> int

Return the DEX version of the file given in parameter

  1. version(raw: List[int]) -> int

Return the DEX version of the raw data given in parameter


Parser

lief.DEX.parse(*args, **kwargs)

Overloaded function.

  1. parse(filename: str) -> LIEF::DEX::File

Parse the given filename and return a File object

  1. parse(raw: List[int], name: str = ‘’) -> LIEF::DEX::File

Parse the given raw data and return a File object

  1. parse(io: object, name: str = ‘’) -> LIEF::DEX::File


File

class lief.DEX.File

DEX File representation

property classes

Iterator over Dex Class

property dex2dex_json_info
property fields

Iterator over Dex Field

get_class(*args, **kwargs)

Overloaded function.

  1. get_class(self: lief.DEX.File, classname: str) -> LIEF::DEX::Class

  2. get_class(self: lief.DEX.File, classname: int) -> LIEF::DEX::Class

has_class(self: lief.DEX.File, classname: str) → bool

Check if a class with a name given in parameter exists

property header

Dex File Header

property location

Original location of the dex file

property map

Dex MapList

property methods

Iterator over Dex Method

property name

Name of the dex file

property prototypes

Iterator over Dex Prototype

raw(self: lief.DEX.File, deoptimize: bool = True) → List[int]

Original raw file

save(self: lief.DEX.File, output: str = '', deoptimize: bool = True) → str

Save the original file into the file given in first parameter

property strings

Iterator over Dex strings

property types

Iterator over Dex Type

property version

Dex version


class lief.DEX.Header

DEX Header

property checksum

Checksum value of the rest of the file (without magic)

property classes

Classess identifiers

property data

Raw data. Should be align on 32-bits

property endian_tag

Endianness tag. Should be ENDIAN_CONSTANT

property fields

Fields identifiers

property file_size

Size of the current DEX file

property header_size

Size of this header. Should be 0x70

Link (raw data)

property magic

Magic value

property map_offset

Offset from the start of the file to the map item

property methods

Methods identifiers

property nb_classes

Number of classes in the current DEX

property nb_methods

Number of methods in the current DEX

property prototypes

Prototypes identifiers

property signature

SHA-1 signature of the rest of the file (without magic and checksum)

property strings

String identifiers

property types

Type identifiers


Method

class lief.DEX.Method

DEX Method representation

property access_flags

List of ACCESS_FLAGS

property bytecode

Dalvik Bytecode as a list of bytes

property cls

Class associated with this method

property code_offset

Offset to the Dalvik Bytecode

has(self: lief.DEX.Method, flag: lief.DEX.ACCESS_FLAGS) → bool

Check if the given ACCESS_FLAGS is present

property has_class

True if a class is associated with this method

property index

Original DEX file index of the method

insert_dex2dex_info(self: lief.DEX.Method, pc: int, index: int) → None

Insert de-optimization information

property is_virtual

True if the method is a virtual (not private, static, final, constructor)

property name

Method’s name

property prototype

Prototype of this method


Field

class lief.DEX.Field

DEX Field representation

property access_flags

List of ACCESS_FLAGS

property cls

Class associated with this field

has(self: lief.DEX.Field, flag: lief.DEX.ACCESS_FLAGS) → bool

Check if the given ACCESS_FLAGS is present

property has_class

True if a class is associated with this field

property index

Original DEX file index of the field

property is_static

True if the field is static

property name

Field’s name

property type

Type of this field


Class

class lief.DEX.Class

DEX Class representation

property access_flags

List of ACCESS_FLAGS

property dex2dex_info

De-optimize information

property fields

Iterator over Field in this class

property fullname

Mangled class name (e.g. Lcom/example/android/MyActivity;)

get_field(self: lief.DEX.Class, name: str) → lief.DEX.lief.DEX.it_fields

Iterator over Field (s) having the given name

get_method(self: lief.DEX.Class, name: str) → lief.DEX.lief.DEX.it_methods

Iterator over Method (s) having the given name

has(self: lief.DEX.Class, flag: lief.DEX.ACCESS_FLAGS) → bool

Check if the given ACCESS_FLAGS is present

property has_parent

True if the current class extends another one

property index

Original index in the DEX class pool

property methods

Iterator over Method implemented in this class

property name

Class name (e.g. MyActivity)

property package_name

Package Name (e.g. com.example.android)

property parent

Class parent class

property pretty_name

Demangled class name (e.g. com.example.android.MyActivity)

property source_filename

Original filename


Code Info

class lief.DEX.CodeInfo

DEX CodeInfo representation


Prototype

class lief.DEX.Prototype

DEX Prototype representation

property parameters_type

Iterator over parameters Type

property return_type

Type returned


Type

class lief.DEX.Type

DEX Type representation

class PRIMITIVES(self: lief.DEX.Type.PRIMITIVES, value: int) → None

Members:

VOID_T

BOOLEAN

BYTE

SHORT

CHAR

INT

LONG

FLOAT

DOUBLE

BOOLEAN = <PRIMITIVES.BOOLEAN: 2>
BYTE = <PRIMITIVES.BYTE: 3>
CHAR = <PRIMITIVES.CHAR: 5>
DOUBLE = <PRIMITIVES.DOUBLE: 9>
FLOAT = <PRIMITIVES.FLOAT: 8>
INT = <PRIMITIVES.INT: 6>
LONG = <PRIMITIVES.LONG: 7>
SHORT = <PRIMITIVES.SHORT: 4>
VOID_T = <PRIMITIVES.VOID_T: 1>
property name
class TYPES(self: lief.DEX.Type.TYPES, value: int) → None

Members:

UNKNOWN

ARRAY

PRIMITIVE

CLASS

ARRAY = <TYPES.ARRAY: 3>
CLASS = <TYPES.CLASS: 2>
PRIMITIVE = <TYPES.PRIMITIVE: 1>
UNKNOWN = <TYPES.UNKNOWN: 0>
property name
property dim

If the current type is an array, return its dimension otherwise 0

static pretty_name(primitive: lief.DEX.Type.PRIMITIVES) → str

Pretty name of primitives

property type

TYPES of this object

property underlying_array_type

Underlying type of the array

property value

Depending on the TYPES, return Class or PRIMITIVES or array


MapList

class lief.DEX.MapList

DEX MapList representation

get(self: lief.DEX.MapList, type: LIEF::DEX::MapItem::TYPES) → LIEF::DEX::MapItem

Return the TYPES from the given TYPES

has(self: lief.DEX.MapList, type: LIEF::DEX::MapItem::TYPES) → bool

Check if the given TYPES is present

property items

Iterator over MapItem


MapItem

class lief.DEX.MapItem

DEX MapItem representation

class TYPES(self: lief.DEX.MapItem.TYPES, value: int) → None

Members:

HEADER

STRING_ID

TYPE_ID

PROTO_ID

FIELD_ID

METHOD_ID

CLASS_DEF

CALL_SITE_ID

METHOD_HANDLE

MAP_LIST

TYPE_LIST

ANNOTATION_SET_REF_LIST

ANNOTATION_SET

CLASS_DATA

CODE

STRING_DATA

DEBUG_INFO

ANNOTATION

ENCODED_ARRAY

ANNOTATIONS_DIRECTORY

ANNOTATION = <TYPES.ANNOTATION: 8196>
ANNOTATIONS_DIRECTORY = <TYPES.ANNOTATIONS_DIRECTORY: 8198>
ANNOTATION_SET = <TYPES.ANNOTATION_SET: 4099>
ANNOTATION_SET_REF_LIST = <TYPES.ANNOTATION_SET_REF_LIST: 4098>
CALL_SITE_ID = <TYPES.CALL_SITE_ID: 7>
CLASS_DATA = <TYPES.CLASS_DATA: 8192>
CLASS_DEF = <TYPES.CLASS_DEF: 6>
CODE = <TYPES.CODE: 8193>
DEBUG_INFO = <TYPES.DEBUG_INFO: 8195>
ENCODED_ARRAY = <TYPES.ENCODED_ARRAY: 8197>
FIELD_ID = <TYPES.FIELD_ID: 4>
HEADER = <TYPES.HEADER: 0>
MAP_LIST = <TYPES.MAP_LIST: 4096>
METHOD_HANDLE = <TYPES.METHOD_HANDLE: 8>
METHOD_ID = <TYPES.METHOD_ID: 5>
PROTO_ID = <TYPES.PROTO_ID: 3>
STRING_DATA = <TYPES.STRING_DATA: 8194>
STRING_ID = <TYPES.STRING_ID: 1>
TYPE_ID = <TYPES.TYPE_ID: 2>
TYPE_LIST = <TYPES.TYPE_LIST: 4097>
property name
property offset

Offset from the start of the file to the items in question

property size

count of the number of items to be found at the indicated offset

property type

TYPES of the item


Enums

Access Flags

class lief.DEX.ACCESS_FLAGS(self: lief.DEX.ACCESS_FLAGS, value: int) → None

Members:

UNKNOWN

PUBLIC

PRIVATE

PROTECTED

STATIC

FINAL

SYNCHRONIZED

VOLATILE

BRIDGE

TRANSIENT

VARARGS

NATIVE

INTERFACE

ABSTRACT

STRICT

SYNTHETIC

ANNOTATION

ENUM

CONSTRUCTOR

DECLARED_SYNCHRONIZED

ABSTRACT = <ACCESS_FLAGS.ABSTRACT: 1024>
ANNOTATION = <ACCESS_FLAGS.ANNOTATION: 8192>
BRIDGE = <ACCESS_FLAGS.VOLATILE: 64>
CONSTRUCTOR = <ACCESS_FLAGS.CONSTRUCTOR: 65536>
DECLARED_SYNCHRONIZED = <ACCESS_FLAGS.DECLARED_SYNCHRONIZED: 131072>
ENUM = <ACCESS_FLAGS.ENUM: 16384>
FINAL = <ACCESS_FLAGS.FINAL: 16>
INTERFACE = <ACCESS_FLAGS.INTERFACE: 512>
NATIVE = <ACCESS_FLAGS.NATIVE: 256>
PRIVATE = <ACCESS_FLAGS.PRIVATE: 2>
PROTECTED = <ACCESS_FLAGS.PROTECTED: 4>
PUBLIC = <ACCESS_FLAGS.PUBLIC: 1>
STATIC = <ACCESS_FLAGS.STATIC: 8>
STRICT = <ACCESS_FLAGS.STRICT: 2048>
SYNCHRONIZED = <ACCESS_FLAGS.SYNCHRONIZED: 32>
SYNTHETIC = <ACCESS_FLAGS.SYNTHETIC: 4096>
TRANSIENT = <ACCESS_FLAGS.TRANSIENT: 128>
UNKNOWN = <ACCESS_FLAGS.UNKNOWN: 0>
VARARGS = <ACCESS_FLAGS.TRANSIENT: 128>
VOLATILE = <ACCESS_FLAGS.VOLATILE: 64>
property name