Rabbit Unknown
Posts Tags Categories
Rabbit Unknown

Contents

Overview of Dalvik commands

 included in security reverse
   465 words   3 minutes 

The writing in the book is really bad. Summarize a little bit.

Bytecode representation Bytecode

Bitwise description

The data layout used to represent the instruction binary code.

[A|G|op BBBB F|E|D|C]

  • A letter represents 4bit data (a round of hexadecimal)

  • op means 8bit operation code (one byte, two hexadecimal)

  • Ø indicates that this bit must be zero in the instruction

  • One space per 16 bits (one word)

  • Vertical bars separate different data

Instruction format identification Format IDs

It is used to indicate the length and parameter type of the instruction.

N N a [s/i]

/2017/dalvik-overview/00.png

Additional data types:

/2017/dalvik-overview/01.png

grammar

A human-oriented instruction syntax defined with bit descriptions and format flags.

op vAA, string@BBBB

  • comma separated parameters

  • The instruction type op is the low byte of the first word. The upper eight bits can be parameters and can be empty

  • vX is a register, and several Xs are the size of the register label (address)

  • #+X constant

  • +X is the relative (current instruction) address offset

  • @X is the constant pool index. kind=[string, type, field, meth, site] site=call site

Register nomenclature

Let the function foo() use M registers and have N parameters.

/2017/dalvik-overview/02.png

command list

The table below contains a list of all directives.

original:https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html#instructions

The second part of the instruction format ID in the first column of the above table, the corresponding (for people to see) instruction data layout list, see

original:https://source.android.com/devices/tech/dalvik/instruction-formats.html#formats

You don’t need to memorize the second form, just look it up when you use it.

accomplish

  • The dalvik.bytecode.Opcodes interface defines a complete list of bytecodes.

    • The source code is located in libcore/dalvik/src/main/java/dalvik/bytecode/Opcodes.java

    • dalvik/opcode-gen/bytecode.txt is used to generate the instruction set of the above interface

    • The Android source code of kitkat version and below can be found at dalvik/vm/mterp/c Find the instruction implementation

    • lollipop and above, available at art/runtime/interpreter/mterp/ Find the corresponding instruction implementation (assembly) under [arch]

Take kitcat’s OP_MOVE.cpp as an example.

/2017/dalvik-overview/03.png

INST_A macro: Get the lower 4 bits of the upper eight bits of the instruction.

INST_B: Get the upper 4 bits of the upper eight bits.

/2017/dalvik-overview/04.png

GET_REGISTER: store value

fp[]: stack frame register, the local variable area of the function, storing all register values. Its index is the register number.

FINISH: Adjust the PC register and move to after this instruction.

underlying architecture

  • Part of the registers are mapped to CPU registers, part is simulated by the call stack.

  • The registers are all 32 bits, and the 64-bit data is represented by two adjacent registers.

  • Register numbers v0-v65535 because operators are 16 bits (v0000-vFFFF)

    • Most functions use less than 16 registers, so registers below 16, numbered less than 1 byte, correspond to special instructions (faster?)

  • The number of registers reserves the corresponding space when the function is called and allocates the call stack, and is specified by the .register command in the function header.

Updated on 2017-03-17
 androidmobile-securitydalvik
Back | Home