Dex文件中数据结构
类型 |
含义 |
u1 |
等同于uint8_t,表示1字节无符号数 |
u2 |
等同于uint16_t,表示2字节的无符号数 |
u4 |
等同于uint32_t,表示4字节的无符号数 |
u8 |
等同于uint64_t,表示8字节的无符号数 |
sleb128 |
有符号LEB128,可变长度1~5字节 |
uleb128 |
无符号LEB128,可变长度1~5字节 |
uleb128p1 |
无符号LEB128值加1,可变长度1~5字节 |
sleb128,uleb128,uleb128p1是DEX文件中特有的数据类型
每个LEB128由1~5个字节组成,所有字节组合在一起表示一个32位的数据,
每个字节只有7位为有效位,如果第一个字节的最高位为1,则LEB128使用第二个字节,以此类推。如果读取5个字节后下一个字节的最高位仍为1则该dex文件无效,Dalvik虚拟机在验证dex时会返回失败
Dex文件整体结构
Dex由多个结构体组合而成,一个dex有7部份。
DexHeader结构体占用0x70个字节
DexFile源码文件 dalvik\libdex\DexFile.h
-
/*
-
* Structure representing a DEX file.
-
*
-
* Code should regard DexFile as opaque, using the API calls provided here
-
* to access specific structures.
-
*/
-
struct DexFile {
-
/* directly-mapped "opt" header */
-
const DexOptHeader* pOptHeader;
-
-
/* pointers to directly-mapped structs and arrays in base DEX */
-
const DexHeader* pHeader;
-
const DexStringId* pStringIds;
-
const DexTypeId* pTypeIds;
-
const DexFieldId* pFieldIds;
-
const DexMethodId* pMethodIds;
-
const DexProtoId* pProtoIds;
-
const DexClassDef* pClassDefs;
-
const DexLink* pLinkData;
-
-
/*
-
* These are mapped out of the "auxillary" section, and may not be
-
* included in the file.
-
*/
-
const DexClassLookup* pClassLookup;
-
const void* pRegisterMapPool; // RegisterMapClassPool
-
-
/* points to start of DEX file data */
-
const u1* baseAddr;
-
-
/* track memory overhead for auxillary structures */
-
int overhead;
-
-
/* additional app-specific data structures associated with the DEX */
-
//void* auxData;
-
};