Android_DEX_文件格式详解.doc

DEX文件格式0. 实验$ vi test.javaclass test public static void main(String argc) System.out.println(test!); $ javac test.java$ dx -dex -output=test.dex test.class$ hexdump test.dex0000000 6564 0a78 3330 0035ubyte8 DEX_FILE_MAGIC = dexn0350 5eb4 4f7a 94e6 65f00000010 fb3e d5f3 e185 dd62 fce7 c887 a7ec 5329checksum0000020 02d8 0000uint 文件字节数 0070 0000uint header字节数0x70 5678 1234uint = ENDIAN_CONSTANT 0x12345678 0000 0000size of the link section0000030 0000 0000offset from the start of the file to the link section 0238 0000offset from the start of the file to the map item 000e 0000count of strings in the string identifiers list 0070 0000offset from the start of the file to the string identifiers list0000040 0007 0000count of elements in the type identifiers list 00a8 0000offset from the start of the file to the type identifiers list 0003 0000count of elements in the prototype identifiers list 00c4 0000offset from the start of the file to the prototype identifiers list0000050 0001 0000count of elements in the field identifiers list 00e8 0000offset from the start of the file to the field identifiers list 0004 0000count of elements in the method identifiers list 00f0 0000offset from the start of the file to the method identifiers list0000060 0001 0000count of elements in the class definitions list 0110 0000offset from the start of the file to the class definitions list 01a8 0000Size of data section in bytes 0130 0000offset from the start of the file to the start of the data section.0000070 0176 0000String id 列表，总共有14（0xe）个string_id_item 017e 0000 0195 0000 01a9 00000000080 01bd 0000 01d1 0000 01d9 0000 01dc 00000000090 01e0 0000 01f5 0000 01fb 0000 0200 000000000a0 0209 0000 0210 0000 0001 0000Type id列表，7个type_id_item 0002 000000000b0 0003 0000 0004 0000 0005 0000 0006 000000000c0 0008 0000 0006 0000 0005 0000 0000 0000prototype id列表，3个proto_id_item00000d0 0007 0000 0005 0000 0168 0000 0007 000000000e0 0005 0000 0170 0000 0003 0000 000a 0000field id列表，1个field_id_item00000f0 0000 0001 000b 0000method id列表，4个method_id_item 0001 0000 0000 00000000100 0004 0000 0000 0000 0004 0002 0009 00000000110 0004class def列表，1个 0000 0000 0000 0001 0000 0000 00000000120 000d 0000 0000 0000 0227 0000 0000 00000000130 0001 0001 0001 0000 021b 0000 0004 00000000140 1070 0001 0000 000e 0003 0001 0002 00000000150 0220 0000 0008 0000 0062 0000 011a 000c0000160 206e 0000 0010 000e 0001 0000 0002 00000000170 0001 0000 0006 3c06 6e69 7469 003e 4c150000180 616a 6176 692f 2f6f 7250 6e69 5374 72740000190 6165 3b6d 1200 6a4c 7661 2f61 616c 676e00001a0 4f2f 6a62 6365 3b74 1200 6a4c 7661 2f6100001b0 616c 676e 532f 7274 6e69 3b67 1200 6a4c00001c0 7661 2f61 616c 676e 532f 7379 6574 3b6d00001d0 0600 744c 7365 3b74 0100 0056 5602 004c00001e0 5b13 6a4c 7661 2f61 616c 676e 532f 727400001f0 6e69 3b67 0400 616d 6e69 0300 756f 00740000200 7007 6972 746e 6e6c 0500 6574 7473 00210000210 7409 7365 2e74 616a 6176 0100 0700 000e0000220 0103 0700 780e 0000 0200 0200 8080 b0040000230 0102 c809 0002 0000 000d 0000批注8所的值为0x238，指向一个map_list类型，map_list第一个值为0xd，所以这个map_list有13个map_item，见下面。 0000 00000000240 0001 0000 0000 0000 0001 0000 000e 00000000250 0070 0000 0002 0000 0007 0000 00a8 00000000260 0003 0000 0003 0000 00c4 0000 0004 00000000270 0001 0000 00e8 0000 0005 0000 0004 00000000280 00f0 0000 0006 0000 0001 0000 0110 00000000290 2001 0000 0002 0000 0130 0000 1001 000000002a0 0002 0000 0168 0000 2002 0000 000e 000000002b0 0176 0000 2003 0000 0002 0000 021b 000000002c0 2000 0000 0001 0000 0227 0000 1000 000000002d0 0001 0000 0238 000000002d81. map_listmap_list数据结构为：NameFormatDescriptionsizeuintsize of the list, in entrieslistmap_itemsizeelements of the list第一项为map_list的大小，其中map_item的结构为：NameFormatDescriptiontypeushorttype of the items; see table belowunusedushort(unused)sizeuintcount of the number of items to be found at the indicated offsetoffsetuintoffset from the start of the file to the items in questiontype的值如下表：Item TypeConstantValueItem Size In Bytesheader_itemTYPE_HEADER_ITEM0x00000x70string_id_itemTYPE_STRING_ID_ITEM0x00010x04type_id_itemTYPE_TYPE_ID_ITEM0x00020x04proto_id_itemTYPE_PROTO_ID_ITEM0x00030x0cfield_id_itemTYPE_FIELD_ID_ITEM0x00040x08method_id_itemTYPE_METHOD_ID_ITEM0x00050x08class_def_itemTYPE_CLASS_DEF_ITEM0x00060x20map_listTYPE_MAP_LIST0x10004 + (item.size * 12)type_listTYPE_TYPE_LIST0x10014 + (item.size * 2)annotation_set_ref_listTYPE_ANNOTATION_SET_REF_LIST0x10024 + (item.size * 4)annotation_set_itemTYPE_ANNOTATION_SET_ITEM0x10034 + (item.size * 4)class_data_itemTYPE_CLASS_DATA_ITEM0x2000implicit; must parsecode_itemTYPE_CODE_ITEM0x2001implicit; must parsestring_data_itemTYPE_STRING_DATA_ITEM0x2002implicit; must parsedebug_info_itemTYPE_DEBUG_INFO_ITEM0x2003implicit; must parseannotation_itemTYPE_ANNOTATION_ITEM0x2004implicit; must parseencoded_array_itemTYPE_ENCODED_ARRAY_ITEM0x2005implicit; must parseannotations_directory_itemTYPE_ANNOTATIONS_DIRECTORY_ITEM0x2006implicit; must parse这个map_list有13个map_item，分别是：值typesizeoffset0x0000header_item0x10x00x0001string_id_item 0xe0x700x0002type_id_item 0x70xa80x0003proto_id_item 0x30xc40x0004field_id_item 0x10xe80x0005method_id_item 0x40xf00x0006class_def_item 0x10x1100x2001code_item0x20x1300x1001type_list0x20x1680x2002string_data_item0xe0x1760x2003debug_info_item0x20x21b0x2000class_data_item0x10x2270x1000map_list0x10x238发现这个表中的size和offset和header_item中的值一致。2. string_id_item批注10得出string id列表的位置为0x70,批注9得出string id列表中string_id_item的数量为0xe。string id的结构为string_id_item：NameFormatDescriptionstring_data_offuintoffset from the start of the file to the string data for this item. The offset should be to a location in the data section, and the data should be in the format specified by string_data_item below. There is no alignment requirement for the offset.string_data_off指向string的数据，string的数据的结构为string_data_item:NameFormatDescriptionutf16_sizeuleb128size of this string, in UTF-16 code units (which is the string length in many systems). That is, this is the decoded length of the string. (The encoded length is implied by the position of the 0 byte.)字符串的字节个数。dataubytea series of MUTF-8 code units (a.k.a. octets, a.k.a. bytes) followed by a byte of value 0. See MUTF-8 (Modified UTF-8) Encoding above for details and discussion about the data format.Note: It is acceptable to have a string which includes (the encoded form of) UTF-16 surrogate code units (that is, U+d800 U+dfff) either in isolation or out-of-order with respect to the usual encoding of Unicode into UTF-16. It is up to higher-level uses of strings to reject such invalid encodings, if appropriate.字符串的实际数据。LEB128每个LEB128由1到5个字节组成，所有字节组合到一起代表一个32位值。除了最后一个字节的最高标志位为0，其它的为1.剩下的7位为有效负荷，第二个字节的7位接上。有符号LEB128的符号由最后字节的有效负荷最高位决定。如下：如果是有符号的LEB128，符号位取决于bit13。如下举例：Encoded SequenceAs sleb128As uleb128As uleb128p1000-111107f-112712680 7f-1281625616255uleb128p1的值加1为uleb128。算法参见附录1。从文件的0x70得出string id列表如下，共有14个string_id_item。0176 0000 017e 0000 0195 0000 01a9 000001bd 0000 01d1 0000 01d9 0000 01dc 000001e0 0000 01f5 0000 01fb 0000 0200 00000209 0000 0210 0000例如：1)String Data在0x176处，可以从文件的0x176得到以下数据，以0结尾。3c06 6e69 7469 003e先读取第一个字节为0x06，得出String Data的长度为6，所以String Data的ASCII码序列为：3c 69 6e 69 74 3e 得到：2)String Data在0x17e处，可以从文件的0x17e得到以下数据，以0结尾。4c15 616a 6176 692f 2f6f 7250 6e69 5374 7274 6165 3b6d 12高位，去掉00先读取第一个字节为0x15，得出String Data的长度为21，所以String Data的ASCII码序列为：4c 6a 61 76 61 2f 69 6f 2f 50 72 69 6e 74 53 74 72 65 61 6d 3b 得到：Ljava/io/PrintStream;以此类推，可得其它String Data。3) 6a4c 7661 2f61 616c 676e 4f2f 6a62 6365 3b74 得到：Ljava/lang/Object;4) 6a4c 7661 2f61 616c 676e 532f 7274 6e69 3b67 得到：Ljava/lang/String;5) 6a4c 7661 2f61 616c 676e 532f 7379 6574 3b6d 得到：Ljava/lang/System;6) 744c 7365 3b74得到：Ltest;7) 56得到：V8) 56 4c得到：VL9) 5b 6a4c 7661 2f61 616c 676e 532f 7274 6e69 3b67得到：Ljava/lang/String;10) 616d 6e69得到：main11) 756f 74得到：out12) 70 6972 746e 6e6c得到：println13) 6574 7473 21得到：test!14) 74 7365 2e74 616a 6176 得到：test.java得出索引如下表：3. type_id_item批注12得出type id列表的位置为0xa8,批注11得出type id列表中type_id_item的数量为0x7。type id的结构为type_id_item：NameFormatDescriptiondescriptor_idxuintindex into the string_ids list for the descriptor string of this type. The string must conform to the syntax for TypeDescriptor, defined above.descriptor_idx为String id列表的索引。索引为：0001 0000 0002 0000 0003 0000 0004 0000 0005 0000 0006 0000 0008 0000依次代表：Ljava/io/PrintStream; Ljava/lang/Object; Ljava/lang/String; Ljava/lang/System; Ltest; V Ljava/lang/String;Type_id_list列表如下：0Ljava/io/PrintStream;1Ljava/lang/Object;2Ljava/lang/String;3Ljava/lang/System;4Ltest;5V6Ljava/lang/String;4. proto_id_item批注14得出prototype id列表的位置为0xc4，批注13的处prototype id列表中proto_id_item的数量为0totype id的结构为proto_id_item：NameFormatDescriptionshorty_idxuintindex into the string_ids list for the short-form descriptor string of this prototype. The string must conform to the syntax for ShortyDescriptor, defined above, and must correspond to the return type and parameters of this item.return_type_idxuintindex into the type_ids list for the return type of this prototypeparameters_offuintoffset from the start of the file to the list of parameter types for this prototype, or 0 if this prototype has no parameters. This offset, if non-zero, should be in the data section, and the data there should be in the format specified by type_list below. Additionally, there should be no reference to the type void in the list.shorty_idx为String Id列表的索引，return_type_idx为Type Id列表的索引，parameters_off指向type_list。type_list结构如下：NameFormatDescriptionsizeuintsize of the list, in entrieslisttype_itemsizeelements of the listtype_item结构入下：NameFormatDescriptiontype_idxushortindex into the type_ids listtype_idx为type id列表的索引。从文件的0xc4得到prototype id列表如下，共有3个proto_id_item。1) 0006 0000 0005 0000 0000 0000string_id_list0x6代表V，返回类型type_id_list0x5代表V，没有参数。2) 0007 0000 0005 0000 0168 0000 string_id_list0x7代表VL，返回类型type_id_list0x5代表V，参数从0x168处的值为：0001 0000 0002 一个参数，索引为0x2，type_id_list0x2代表Ljava/lang/String;3) 0007 0000 0005 0000 0170 0000string_id_list0x7代表VL，返回类型type_id_list0x5代表V，参数从0x170处的值为：0001 0000 0006 一个参数，索引为0x6，type_id_list0x6代表Ljava/lang/String;注：字段和方法描述符参见附录2。5. field_id_item批注16得出field id列表的位置为0xe8，批注15的处field id列表中field_id_item的数量为0x1。Field id的结构为field_id_item：NameFormatDescriptionclass_idxushortindex into the type_ids list for the definer of this field. This must be a class type, and not an array or primitive type.type_idxushortindex into the type_ids list for the type of this fieldname_idxuintindex into the string_ids list for the name of this field. The string must conform to the syntax for MemberName, defined above.class_idx为类的类型，即该字段所属的类。type_idx为此字段的类型。name_idx为此字段的名字。从文件的0xe8得到filed id列表如下，共有1个field_id_item。0003 0000 000a 0000该字段所属的类为：Ljava/lang/System;此字段的类型为：Ljava/io/PrintStream;此字段的名字为：out6. method_id_item批注18得出method id列表的位置为0xf0，批注17的处method id列表中method_id_item的数量为0x4。Method id的结构为method_id_item：NameFormatDescriptionclass_idxushortindex into the type_ids list for the definer of this method. This must be a class or array type, and not a primitive to_idxushortindex into the proto_ids list for the prototype of this methodname_idxuintindex into the string_ids list for the name of this method. The string must conform to the syntax for MemberName, defined above.class_idx为类的类型，即该方法所属的类。proto_idx此方法原型。name_idx此方法名字。从文件的0xf0得到method id列表如下，共有4个method_id_item。0000 0001 000b 0000 类：Ljava/io/PrintStream; 原型：VL 名字：println0001 0000 0000 0000 类：Ljava/lang/Object; 原型：V 名字：0004 0000 0000 0000 类：Ljava/lang/System;原型：V 名字：0004 0002 0009 0000 类：Ljava/lang/System;原型：VL 名字： main7. class_def_item批注20得出class definitions列表的位置为0x110，批注19的处class definitions列表中 class_def_item的数量为0x1。class definitions的结构为class_def_item：NameFormatDescriptionclass_idxuintindex into the type_ids list for this class. This must be a class type, and not an array or primitive type.access_flagsuintaccess flags for the class (public, final, etc.). See access_flags Definitions for details.superclass_idxuintindex into the type_ids list for the superclass, or the constant value NO_INDEX uint NO_INDEX = 0xffffffff;if this class has no superclass (i.e., it is a root class such as Object). If present, this must be a class type, and not an array or primitive erfaces_offuintoffset from the start of the file to the list of interfaces, or 0 if there are none. This offset should be in the data section, and the data there should be in the format specified by type_list below. Each of the elements of the list must be a class type (not an array or primitive type), and there must not be any duplicates.接口列表的偏移，如果为0表示没有接口。此偏移量应该在数据段中，并且类型详细说明在type_list中。表中的每一个元素都必须是类类型（而不能是一个数组或基本类型），并且不能有任何重复。source_file_idxuintindex into the string_ids list for the name of the file containing the original source for (at least most of) this class, or the special value NO_INDEX to represent a lack of this information. The debug_info_item of any given method may override this source file, but the expectation is that most classes will only come from one source file.类源码所在的文件的名称索引(至少大部分是这样的)，此索引对应string_ids数组中的索引。或者是一个特殊值NO_INDEX表示缺少这种文件的信息。annotations_offuintoffset from the start of the file to the annotations structure for this class, or 0 if there are no annotations on this class. This offset, if non-zero, should be in the data section, and the data there should be in the format specified by annotations_directory_item below, with all items referring to this class as the definer.注释结构的偏移，如果为0，则表示此类没有注解。如果不为零，应在数据段，该数据应在规定的“annotations_directory_item”下面的格式，所有项目指的是这个类的定义者。class_data_offuintoffset from the start of the file to the associated class data for this item, or 0 if there is no class data for this class. (This may be the case, for example, if this class is a marker interface.) The offset, if non-zero, should be in the data section, and the data there should be in the format specified by class_data_item below, with all items referring to this class as the definer.与此类相关的类数据的偏移，如果为0，这说明没有此类的类数据(例如:此类是一个标记接口)。如果不为零，应在数据段，该数据应在规定的“class_data_item”下面的格式，所有项目指的是这个类的定义者。static_values_offuintoffset from the start of the file to the list of initial values for static fields, or 0 if there are none (and all static fields are to be initialized with 0 or null). This offset should be in the data section, and the data there should be in the format specified by encoded_array_item below. The size of the array must be no larger than the number of static fields declared by this class, and the elements correspond to the static fields in the same order as declared in the corresponding field_list. The type of each array element must match the declared type of its corresponding field. If there are fewer elements in the array than there are static fields, then the leftover fields are initialized with a type-appropriate 0 or null.静态字段初始值的偏移，如果为0，则说明没有静态数据(所有的静态数据都初始化为0或null)。这个偏移位置在数据段中，数据保存在encoded_array_item的格式中。数组中元素的个数不能大于类中静态字段的个数，元素的排序对应field_list中的排序。每个数组元素的类型必须匹配与之对应的字段声明的类型。如果有比有静态字段的数组中的元素少，那么剩下的字段都被初始化一个适合不同类型的0或null。0004 0000 0000 0000 0001 0000 0000 0000000d 0000 0000 0000 0227 0000 0000 0000class_idx类的类型：Ltest;access_flags访问权限：superclass_idx父类：Ljava/lang/Object;interfaces_off没有接口source_file_idx文件名test.javaannotations_off没有注释class_data_off指向class_data_item，机构如下。static_values_off暂时无class_data_itemNameFormatDescriptionstatic_fields_sizeuleb128the number of static fields defined in this iteminstance_fields_sizeuleb128the number of instance fields defined in this itemdirect_methods_sizeuleb128the number of direct methods defined in this itemvirtual_methods_sizeuleb128the number of virtual methods defined in this itemstatic_fieldsencoded_fieldstatic_fields_sizethe defined static fields, represented as a sequence of encoded elements. The fields must be sorted by field_idx in increasing order.instance_fieldsencoded_fieldinstance_fields_sizethe defined instance fields, represented as a sequence of encoded elements. The fields must be sorted by field_idx in increasing order.direct_methodsencoded_methoddirect_methods_sizethe defined direct (any of static, private, or constructor) methods, represented as a sequence of encoded elements. The methods must be sorted by method_idx in increasing order.所定义的直接方法（任何静态的，私有的，或构造函数），表示为一个序列编码的元素。该方法必须按method_idx的递增的顺序。virtual_methodsencoded_methodvirtual_methods_sizethe defined virtual (none of static, private, or constructor) methods, represented as a sequence of encoded elements. This list should not include inherited methods unless overridden by the class that this item represents. The methods must be sorted by method_idx in increasing order.定义的虚拟方法（不是静态的，私有的，或构造函数），表示为一个序列编码