androguard.core.bytecodes package

Submodules

androguard.core.bytecodes.api_permissions module

androguard.core.bytecodes.apk module

class androguard.core.bytecodes.apk.APK(filename, raw=False, magic_file=None, skip_analysis=False, testzip=False)

Bases: object

This class can access to all elements in an APK file

Parameters:
  • filename (string) – specify the path of the file, or raw data
  • raw (boolean) – specify if the filename is a path or raw data (optional)
  • magic_file (string) – specify the magic file (optional)
  • skip_analysis (boolean) – Skip the analysis, e.g. no manifest files are read. (default: False)
  • testzip (boolean) – Test the APK for integrity, e.g. if the ZIP file is broken. Throw an exception on failure (default False)
Example:

APK(“myfile.apk”) APK(read(“myfile.apk”), raw=True)
format_value(value)
get_activities()

Return the android:name attribute of all activities

Return type:a list of string
get_all_dex()

Return the raw data of all classes dex files

Return type:a generator
get_android_manifest_axml()

Return the AXMLPrinter object which corresponds to the AndroidManifest.xml file

Return type:AXMLPrinter
get_android_manifest_xml()

Return the xml object which corresponds to the AndroidManifest.xml file

Return type:object
get_android_resources()

Return the ARSCParser object which corresponds to the resources.arsc file

Return type:ARSCParser
get_androidversion_code()

Return the android version code

Return type:string
get_androidversion_name()

Return the android version name

Return type:string
get_app_icon(max_dpi=65536)

Return the first non-greater density than max_dpi icon file name, unless exact icon resolution is set in the manifest, in which case return the exact file

Return type:string
get_app_name()

Return the appname of the APK

Return type:string
get_certificate(filename)

Return a X.509 certificate object by giving the name in the apk file

Parameters:filename – filename of the signature file in the APK
Returns:a x509 certificate
get_certificate_der(filename)

Return the DER coded X.509 certificate from the signature file.

Parameters:filename – Signature filename in APK
Returns:DER coded X.509 certificate as binary
get_declared_permissions()

Returns list of the declared permissions.

Return type:list of strings
get_declared_permissions_details()

Returns declared permissions with the details.

Return type:dict
get_details_permissions()

Return permissions with details

Return type:list of string
get_dex()

Return the raw data of the classes dex file

Return type:a string
get_element(tag_name, attribute, **attribute_filter)

Return element in xml files which match with the tag name and the specific attribute

Parameters:
  • tag_name (string) – specify the tag name
  • attribute (string) – specify the attribute
Return type:

string
get_elements(tag_name, attribute)

Return elements in xml files which match with the tag name and the specific attribute

Parameters:
  • tag_name – a string which specify the tag name
  • attribute – a string which specify the attribute
get_file(filename)

Return the raw data of the specified filename inside the APK

Return type:string
get_filename()

Return the filename of the APK

Return type:string
get_files()

Return the files inside the APK

Return type:a list of strings
get_files_crc32()

Calculates and returns a dictionary of filenames and CRC32

Returns:dict of filename: CRC32
get_files_information()

Return the files inside the APK with their associated types and crc32

Return type:string, string, int
get_files_types()

Return the files inside the APK with their associated types (by using python-magic)

Return type:a dictionnary
get_intent_filters(category, name)
get_libraries()

Return the android:name attributes for libraries

Return type:list
get_main_activity()

Return the name of the main activity

Return type:string
get_max_sdk_version()

Return the android:maxSdkVersion attribute

Return type:string
get_min_sdk_version()

Return the android:minSdkVersion attribute

Return type:string
get_package()

Return the name of the package

Return type:string
get_permissions()

Return permissions

Return type:list of string
get_providers()

Return the android:name attribute of all providers

Return type:a list of string
get_raw()

Return raw bytes of the APK

Return type:string
get_receivers()

Return the android:name attribute of all receivers

Return type:a list of string
get_requested_aosp_permissions()

Returns requested permissions declared within AOSP project.

Return type:list of strings
get_requested_aosp_permissions_details()

Returns requested aosp permissions with details.

Return type:dictionary
get_requested_permissions = DeprecationWarning(<function APK.get_requested_permissions>,)
get_requested_third_party_permissions()

Returns list of requested permissions not declared within AOSP project.

Return type:list of strings
get_services()

Return the android:name attribute of all services

Return type:a list of string
get_signature()

Return the data of the first signature file found.

get_signature_name()

Return the name of the first signature file found.

get_signature_names()

Return a list of the signature file names.

get_signatures()

Return a list of the data of the signature files.

get_target_sdk_version()

Return the android:targetSdkVersion attribute

Return type:string
is_valid_APK()

Return true if the APK is valid, false otherwise

Return type:boolean
new_zip(filename, deleted_files=None, new_files={})

Create a new zip file

Parameters:
  • filename (string) – the output filename of the zip
  • deleted_files (None or a string) – a regex pattern to remove specific file
  • new_files (a dictionnary (key:filename, value:content of the file)) – a dictionnary of new files
show()
exception androguard.core.bytecodes.apk.BrokenAPKError

Bases: androguard.core.bytecodes.apk.Error

exception androguard.core.bytecodes.apk.Error

Bases: Exception

Base class for exceptions in this module.

exception androguard.core.bytecodes.apk.FileNotPresent

Bases: androguard.core.bytecodes.apk.Error

androguard.core.bytecodes.apk.get_Name(name, short=False)

Return the distinguished name of an X509 Certificate

Parameters:
  • name (cryptography.x509.Name) – Name object to return the DN from
  • short (Boolean) – Use short form (Default: False)
Return type:

str
androguard.core.bytecodes.apk.show_Certificate(cert, short=False)

Print Fingerprints, Issuer and Subject of an X509 Certificate.

Parameters:
  • cert (cryptography.x509.Certificate) – X509 Certificate to print
  • short (Boolean) – Print in shortform for DN (Default: False)
androguard.core.bytecodes.apk.sign_apk(filename, keystore, storepass)

androguard.core.bytecodes.dvm module

class androguard.core.bytecodes.dvm.AnnotationElement(buff, cm)

Bases: object

This class can parse an annotation_element of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_element
  • cm (ClassManager) – a ClassManager object
get_length()
get_name_idx()

Return the element name, represented as an index into the string_ids section

Return type:int
get_obj()
get_raw()
get_value()

Return the element value (EncodedValue)

Return type:a EncodedValue object
show()
class androguard.core.bytecodes.dvm.AnnotationItem(buff, cm)

Bases: object

This class can parse an annotation_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_item
  • cm (ClassManager) – a ClassManager object
get_annotation()

Return the encoded annotation contents

Return type:a EncodedAnnotation object
get_length()
get_obj()
get_off()
get_raw()
get_visibility()

Return the intended visibility of this annotation

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationOffItem(buff, cm)

Bases: object

This class can parse an annotation_off_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_off_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
show()
class androguard.core.bytecodes.dvm.AnnotationSetItem(buff, cm)

Bases: object

This class can parse an annotation_set_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_item
  • cm (ClassManager) – a ClassManager object
get_annotation_off_item()

Return the offset from the start of the file to an annotation

Return type:a list of AnnotationOffItem
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationSetRefItem(buff, cm)

Bases: object

This class can parse an annotation_set_ref_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_item
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the referenced annotation set or 0 if there are no annotations for this element.

Return type:int
get_obj()
get_raw()
show()
class androguard.core.bytecodes.dvm.AnnotationSetRefList(buff, cm)

Bases: object

This class can parse an annotation_set_ref_list_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_list_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return elements of the list

Return type:AnnotationSetRefItem
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationsDirectoryItem(buff, cm)

Bases: object

This class can parse an annotations_directory_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotations_directory_item
  • cm (ClassManager) – a ClassManager object
get_annotated_fields_size()

Return the count of fields annotated by this item

Return type:int
get_annotated_methods_size()

Return the count of methods annotated by this item

Return type:int
get_annotated_parameters_size()

Return the count of method parameter lists annotated by this item

Return type:int
get_class_annotations_off()

Return the offset from the start of the file to the annotations made directly on the class, or 0 if the class has no direct annotations

Return type:int
get_field_annotations()

Return the list of associated field annotations

Return type:a list of FieldAnnotation
get_length()
get_method_annotations()

Return the list of associated method annotations

Return type:a list of MethodAnnotation
get_obj()
get_off()
get_parameter_annotations()

Return the list of associated method parameter annotations

Return type:a list of ParameterAnnotation
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ClassDataItem(buff, cm)

Bases: object

This class can parse a class_data_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the class_data_item
  • cm (ClassManager) – a ClassManager object
get_direct_methods()

Return the defined direct (any of static, private, or constructor) methods, represented as a sequence of encoded elements

Return type:a list of EncodedMethod objects
get_direct_methods_size()

Return the number of direct methods defined in this item

Return type:int
get_fields()

Return static and instance fields

Return type:a list of EncodedField objects
get_instance_fields()

Return the defined instance fields, represented as a sequence of encoded elements

Return type:a list of EncodedField objects
get_instance_fields_size()

Return the number of instance fields defined in this item

Return type:int
get_length()
get_methods()

Return direct and virtual methods

Return type:a list of EncodedMethod objects
get_obj()
get_off()
get_raw()
get_static_fields()

Return the defined static fields, represented as a sequence of encoded elements

Return type:a list of EncodedField objects
get_static_fields_size()

Return the number of static fields defined in this item

Return type:int
get_virtual_methods()

Return the defined virtual (none of static, private, or constructor) methods, represented as a sequence of encoded elements

Return type:a list of EncodedMethod objects
get_virtual_methods_size()

Return the number of virtual methods defined in this item

Return type:int
reload()
set_off(off)
set_static_fields(value)
show()
class androguard.core.bytecodes.dvm.ClassDefItem(buff, cm)

Bases: object

This class can parse a class_def_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the class_def_item
  • cm (ClassManager) – a ClassManager object
get_access_flags()

Return the access flags for the class (public, final, etc.)

Return type:int
get_access_flags_string()

Return the access flags string of the class

Return type:string
get_annotations_off()

Return the offset from the start of the file to the annotations structure for this class, or 0 if there are no annotations on this class.

Return type:int
get_ast()
get_class_data()

Return the associated class_data_item

Return type:a ClassDataItem object
get_class_data_off()

Return the offset from the start of the file to the associated class data for this item, or 0 if there is no class data for this class

Return type:int
get_class_idx()

Return the index into the type_ids list for this class

Return type:int
get_fields()

Return all fields of this class

Return type:a list of EncodedField objects
get_interfaces()

Return the name of the interface

Return type:string
get_interfaces_off()

Return the offset from the start of the file to the list of interfaces, or 0 if there are none

Return type:int
get_length()
get_methods()

Return all methods of this class

Return type:a list of EncodedMethod objects
get_name()

Return the name of this class

Return type:int
get_obj()
get_raw()
get_source()
get_source_ext()
get_source_file_idx()

Return the index into the string_ids list for the name of the file containing the original source for (at least most of) this class, or the special value NO_INDEX to represent a lack of this information

Return type:int
get_static_values_off()

Return the offset from the start of the file to the list of initial values for static fields, or 0 if there are none (and all static fields are to be initialized with 0 or null)

Return type:int
get_superclass_idx()

Return the index into the type_ids list for the superclass

Return type:int
get_superclassname()

Return the name of the super class

Return type:string
reload()
set_name(value)
show()
show_xref(c_a)

Display where the method is called or which method is called

source()

Return the source code of the entire class

Return type:string
class androguard.core.bytecodes.dvm.ClassHDefItem(size, buff, cm)

Bases: object

This class can parse a list of class_def_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of class_def_item
  • cm (ClassManager) – a ClassManager object
get_class_idx(idx)
get_length()
get_method(name_class, name_method)
get_names()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ClassManager(vm, config)

Bases: object

This class is used to access to all elements (strings, type, proto …) of the dex format

add_type_item(type_item, c_item, item)
get_all_engine()
get_ascii_string(s)
get_class_data_item(off)
get_code(idx)
get_debug_off(off)
get_encoded_array_item(off)
get_engine()
get_field(idx)
get_field_ref(idx)
get_item_by_offset(offset)
get_lazy_analysis()
get_method(idx)
get_method_ref(idx)
get_next_offset_item(idx)
get_obj_by_offset(offset)
get_odex_format()
get_proto(idx)
get_raw_string(idx)
get_string(idx)
get_string_by_offset(offset)
get_type(idx)
get_type_list(off)
get_type_ref(idx)
get_vmanalysis()
set_decompiler(decompiler)
set_hook_class_name(class_def, value)
set_hook_field_name(encoded_field, value)
set_hook_method_name(encoded_method, value)
set_hook_string(idx, value)
set_vmanalysis(vmanalysis)
class androguard.core.bytecodes.dvm.CodeItem(size, buff, cm)

Bases: object

get_code(off)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show(m_a=None)
class androguard.core.bytecodes.dvm.ConstString(orig_ins, value)

Bases: androguard.core.bytecodes.dvm.Instruction21c

Simulate a const-string instruction.

get_operands(idx=-1)

Return all operands

Return type:list
get_raw_string()
class androguard.core.bytecodes.dvm.DBGBytecode(cm, op_value)

Bases: object

add(value, ttype)
get_obj()
get_op_value()
get_raw()
get_value()
show()
class androguard.core.bytecodes.dvm.DCode(class_manager, offset, size, buff)

Bases: object

This class represents the instructions of a method

Parameters:
  • class_manager (ClassManager object) – the ClassManager
  • offset (int) – the offset of the buffer
  • size (int) – the total size of the buffer
  • buff (string) – a raw buffer where are the instructions
add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
get_ins_off(off)

Get a particular instruction by using the address

Parameters:off (int) – address of the instruction
Return type:an Instruction object
get_insn()

Get the insn buffer

Return type:string
get_instruction(idx, off=None)

Get a particular instruction by using (default) the index of the address if specified

Parameters:
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
Return type:

an Instruction object
get_instructions()

Get the instructions

Return type:a generator of each Instruction (or a cached list of instructions if you have setup instructions)
get_length()

Return the length of this object

Return type:int
get_raw()

Return the raw buffer of this object

Return type:string
is_cached_instructions()
off_to_pos(off)

Get the position of an instruction by using the address

Parameters:off (int) – address of the instruction
Return type:int
reload()
set_idx(idx)

Set the start address of the buffer

Parameters:idx (int) – the index
set_insn(insn)

Set a new raw buffer to disassemble

Parameters:insn (string) – the buffer
set_instructions(instructions)

Set the instructions

Parameters:instructions (a list of Instruction) – the list of instructions
show(m_a)

Display (with a pretty print) this object

Parameters:m_aMethodAnalysis object
class androguard.core.bytecodes.dvm.DREF

Bases: object

add(x, y)
class androguard.core.bytecodes.dvm.DalvikCode(buff, cm)

Bases: object

This class represents the instructions of a method

Parameters:
  • buff (string) – a raw buffer where are the instructions
  • cm (ClassManager object) – the ClassManager
add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
get_bc()

Return the associated code object

Return type:DCode
get_debug()

Return the associated debug object

Return type:DebugInfoItem
get_debug_info_off()

Get the offset from the start of the file to the debug info (line numbers + local variable info) sequence for this code, or 0 if there simply is no information

Return type:int
get_handlers()

Get the bytes representing a list of lists of catch types and associated handler addresses.

Return type:EncodedCatchHandlerList
get_ins_size()

Get the number of words of incoming arguments to the method that this code is for

Return type:int
get_insns_size()

Get the size of the instructions list, in 16-bit code units

Return type:int
get_instruction(idx, off=None)
get_length()
get_obj()
get_off()
get_outs_size()

Get the number of words of outgoing argument space required by this code for method invocation

Return type:int
get_raw()
get_registers_size()

Get the number of registers used by this code

Return type:int
get_size()
get_tries()

Get the array indicating where in the code exceptions are caught and how to handle them

Return type:a list of TryItem objects
get_tries_size()

Get the number of TryItem for this instance

Return type:int
reload()
set_idx(idx)
set_off(off)
show(m_a)
class androguard.core.bytecodes.dvm.DalvikOdexVMFormat(buff, decompiler=None, config=None, using_api=None)

Bases: androguard.core.bytecodes.dvm.DalvikVMFormat

This class can parse an odex file

Parameters:
  • buff (string) – a string which represents the odex file
  • decompiler (object) – associate a decompiler object to display the java source code
Example:

DalvikOdexVMFormat( read(“classes.odex”) )
get_buff()
get_dependencies()

Return the odex dependencies object

Return type:an OdexDependencies object
get_format_type()

Return the type

Return type:a string
save()

Do not use !

class androguard.core.bytecodes.dvm.DalvikVMFormat(buff, decompiler=None, config=None, using_api=None)

Bases: androguard.core.bytecode._Bytecode

This class can parse a classes.dex file of an Android application (APK).

Parameters:
  • buff (string) – a string which represents the classes.dex file
  • decompiler (object) – associate a decompiler object to display the java source code
Example:

DalvikVMFormat( read(“classes.dex”) )
colorize_operands(operands, colors)
create_python_export()

Export classes/methods/fields’ names in the python namespace

disassemble(offset, size)

Disassembles a given offset in the DEX file

Parameters:
  • offset (int) – offset to disassemble in the file (from the beginning of the file)
  • size
fix_checksums(buff)

Fix a dex format buffer by setting all checksums

Return type:string
get_BRANCH_DVM_OPCODES()
get_all_fields()

Return a list of field items

Return type:a list of FieldIdItem objects
get_api_version()

This method returns api version that should be used for loading api specific resources.

Return type:int
get_class(name)

Return a specific class

Parameters:name – the name of the class
Return type:a ClassDefItem object
get_class_manager()

This function returns a ClassManager object which allow you to get access to all index references (strings, methods, fields, ….)

Return type:ClassManager object
get_classes()

Return all classes

Return type:a list of ClassDefItem objects
get_classes_def_item()

This function returns the class def item

Return type:ClassDefItem object
get_classes_names(update=False)

Return the names of classes

Parameters:update – True indicates to recompute the list. Maybe needed after using a MyClass.set_name().
Return type:a list of string
get_cm_field(idx)

Get a specific field by using an index

Parameters:idx (int) – index of the field
get_cm_method(idx)

Get a specific method by using an index

Parameters:idx (int) – index of the method
get_cm_string(idx)

Get a specific string by using an index

Parameters:idx (int) – index of the string
get_cm_type(idx)

Get a specific type by using an index

Parameters:idx (int) – index of the type
get_codes_item()

This function returns the code item

Return type:CodeItem object
get_debug_info_item()

This function returns the debug info item

Return type:DebugInfoItem object
get_determineException()
get_determineNext()
get_field(name)

Return a list all fields which corresponds to the regexp

Parameters:name – the name of the field (a python regexp)
Return type:a list with all EncodedField objects
get_field_descriptor(class_name, field_name, descriptor)

Return the specific field

Parameters:
  • class_name (string) – the class name of the field
  • field_name (string) – the name of the field
  • descriptor (string) – the descriptor of the field
Return type:

None or a EncodedField object
get_fields()

Return all field objects

Return type:a list of EncodedField objects
get_fields_class(class_name)

Return all fields of a specific class

Parameters:class_name (string) – the class name
Return type:a list with EncodedField objects
get_fields_id_item()

This function returns the field id item

Return type:FieldIdItem object
get_format()
get_format_type()

Return the type

Return type:a string
get_header_item()

This function returns the header item

Return type:HeaderItem object
get_len_methods()

Return the number of methods

Return type:int
get_method(name)

Return a list all methods which corresponds to the regexp

Parameters:name – the name of the method (a python regexp)
Return type:a list with all EncodedMethod objects
get_method_by_idx(idx)

Return a specific method by using an index :param idx: the index of the method :type idx: int

Return type:None or an EncodedMethod object
get_method_descriptor(class_name, method_name, descriptor)

Return the specific method

Parameters:
  • class_name (string) – the class name of the method
  • method_name (string) – the name of the method
  • descriptor (string) – the descriptor of the method
Return type:

None or a EncodedMethod object
get_methods()

Return all method objects

Return type:a list of EncodedMethod objects
get_methods_class(class_name)

Return all methods of a specific class

Parameters:class_name (string) – the class name
Return type:a list with EncodedMethod objects
get_methods_descriptor(class_name, method_name)

Return the specific methods of the class

Parameters:
  • class_name (string) – the class name of the method
  • method_name (string) – the name of the method
Return type:

None or a EncodedMethod object
get_methods_id_item()

This function returns the method id item

Return type:MethodIdItem object
get_operand_html(operand, registers_colors, colors, escape_fct, wrap_fct)
get_regex_strings(regular_expressions)

Return all target strings matched the regex

Parameters:regular_expressions (string) – the python regex
Return type:a list of strings matching the regex expression
get_string_data_item()

This function returns the string data item

Return type:StringDataItem object
get_strings()

Return all strings

Return type:a list with all strings used in the format (types, names …)
list_classes_hierarchy()
print_classes_hierarchy()
save()

Return the dex (with the modifications) into raw format (fix checksums) (beta: do not use !)

Return type:string
set_decompiler(decompiler)
set_gvmanalysis(gvmanalysis)
set_vmanalysis(vmanalysis)
show()

Show the all information in the object

class androguard.core.bytecodes.dvm.DebugInfoItem(buff, cm)

Bases: object

get_bytecodes()
get_line_start()
get_off()
get_parameter_names()
get_parameters_size()
get_raw()
get_translated_parameter_names()
reload()
show()
class androguard.core.bytecodes.dvm.DebugInfoItemEmpty(buff, cm)

Bases: object

get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedAnnotation(buff, cm)

Bases: object

This class can parse an encoded_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_annotation
  • cm (ClassManager) – a ClassManager object
get_elements()

Return the elements of the annotation, represented directly in-line (not as offsets)

Return type:a list of AnnotationElement objects
get_length()
get_obj()
get_raw()
get_size()

Return the number of name-value mappings in this annotation

:rtype:int

get_type_idx()

Return the type of the annotation. This must be a class (not array or primitive) type

Return type:int
show()
class androguard.core.bytecodes.dvm.EncodedArray(buff, cm)

Bases: object

This class can parse an encoded_array of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_array
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_size()

Return the number of elements in the array

Return type:int
get_values()

Return a series of size encoded_value byte sequences in the format specified by this section, concatenated sequentially

Return type:a list of EncodedValue objects
show()
class androguard.core.bytecodes.dvm.EncodedArrayItem(buff, cm)

Bases: object

This class can parse an encoded_array_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_array_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
get_value()

Return the bytes representing the encoded array value

Return type:a EncodedArray object
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedCatchHandler(buff, cm)

Bases: object

This class can parse an encoded_catch_handler of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler
  • cm (ClassManager) – a ClassManager object
get_catch_all_addr()

Return the bytecode address of the catch-all handler. This element is only present if size is non-positive.

Return type:int
get_handlers()

Return the stream of abs(size) encoded items, one for each caught type, in the order that the types should be tested.

Return type:a list of EncodedTypeAddrPair objects
get_length()
get_off()
get_raw()
get_size()

Return the number of catch types in this list

Return type:int
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedCatchHandlerList(buff, cm)

Bases: object

This class can parse an encoded_catch_handler_list of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler_list
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return the actual list of handler lists, represented directly (not as offsets), and concatenated sequentially

Return type:a list of EncodedCatchHandler objects
get_obj()
get_off()
get_raw()
get_size()

Return the size of this list, in entries

Return type:int
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedField(buff, cm)

Bases: object

This class can parse an encoded_field of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded field
  • cm (ClassManager) – a ClassManager object
adjust_idx(val)
get_access_flags()

Return the access flags of the field

Return type:int
get_access_flags_string()

Return the access flags string of the field

Return type:string
get_class_name()

Return the class name of the field

Return type:string
get_descriptor()

Return the descriptor of the field

Return type:string
get_field_idx()

Return the real index of the method

Return type:int
get_field_idx_diff()

Return the index into the field_ids list for the identity of this field (includes the name and descriptor), represented as a difference from the index of previous element in the list

Return type:int
get_init_value()

Return the init value object of the field

Return type:EncodedValue
get_name()

Return the name of the field

Return type:string
get_obj()
get_raw()
get_size()
load()
reload()
set_init_value(value)

Setup the init value object of the field

Parameters:value (EncodedValue) – the init value
set_name(value)
show()

Display the information (with a pretty print) about the field

show_xref(f_a)

Display where this field is read or written

class androguard.core.bytecodes.dvm.EncodedMethod(buff, cm)

Bases: object

This class can parse an encoded_method of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_method
  • cm (ClassManager) – a ClassManager object
access_flags = None

access flags of the method

add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
add_note(msg)

Add a message to this method

Parameters:msg (string) – the message
adjust_idx(val)
code_off = None

offset of the code section

each_params_by_register(nb, proto)
get_access_flags()

Return the access flags of the method

Return type:int
get_access_flags_string()

Return the access flags string of the method

Return type:string
get_address()

Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native

Return type:int
get_class_name()

Return the class name of the method

Return type:string
get_code()

Return the code object associated to the method

Return type:DalvikCode object
get_code_off()

Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native

Return type:int
get_debug()

Return the debug object associated to this method

Return type:DebugInfoItem
get_descriptor()

Return the descriptor of the method

Return type:string
get_information()
get_instruction(idx, off=None)

Get a particular instruction by using (default) the index of the address if specified

Parameters:
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
Return type:

an Instruction object
get_instructions()

Get the instructions

Return type:a generator of each Instruction (or a cached list of instructions if you have setup instructions)
get_length()

Return the length of the associated code of the method

Return type:int
get_locals()
get_method_idx()

Return the real index of the method

Return type:int
get_method_idx_diff()

Return index into the method_ids list for the identity of this method (includes the name and descriptor), represented as a difference from the index of previous element in the lis

Return type:int
get_name()

Return the name of the method

Return type:string
get_raw()
get_size()
get_source()
get_triple()
is_cached_instructions()
load()
method_idx_diff = None

method index diff in the corresponding section

reload()
set_code_idx(idx)

Set the start address of the buffer to disassemble

Parameters:idx (int) – the index
set_instructions(instructions)

Set the instructions

Parameters:instructions (a list of Instruction) – the list of instructions
set_name(value)
show()

Display the information (with a pretty print) about the method

show_info()

Display the basic information about the method

show_notes()

Display the notes about the method

show_xref(m_a)
source()

Return the source code of this method

Return type:string
class androguard.core.bytecodes.dvm.EncodedTypeAddrPair(buff)

Bases: object

This class can parse an encoded_type_addr_pair of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_type_addr_pair
  • cm (ClassManager) – a ClassManager object
get_addr()

Return the bytecode address of the associated exception handler

Return type:int
get_length()
get_obj()
get_raw()
get_type_idx()

Return the index into the type_ids list for the type of the exception to catch

Return type:int
show()
class androguard.core.bytecodes.dvm.EncodedValue(buff, cm)

Bases: object

This class can parse an encoded_value of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_value
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_value()

Return the bytes representing the value, variable in length and interpreted differently for different value_type bytes, though always little-endian

Return type:an object representing the value
get_value_arg()
get_value_type()
show()
exception androguard.core.bytecodes.dvm.Error

Bases: Exception

Base class for exceptions in this module.

class androguard.core.bytecodes.dvm.ExportObject

Bases: object

class androguard.core.bytecodes.dvm.FakeNop(length)

Bases: androguard.core.bytecodes.dvm.Instruction10x

Simulate a nop instruction.

get_length()

Return the length of the instruction

Return type:int
class androguard.core.bytecodes.dvm.FieldAnnotation(buff, cm)

Bases: object

This class can parse a field_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the field_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the field

Return type:int
get_field_idx()

Return the index into the field_ids list for the identity of the field being annotated

Return type:int
get_length()
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.FieldHIdItem(size, buff, cm)

Bases: object

This class can parse a list of field_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of field_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
gets()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.FieldIdItem(buff, cm)

Bases: object

This class can parse a field_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the field_id_item
  • cm (ClassManager) – a ClassManager object
get_class_idx()

Return the index into the type_ids list for the definer of this field

Return type:int
get_class_name()

Return the class name of the field

Return type:string
get_descriptor()

Return the descriptor of the field

Return type:string
get_length()
get_list()
get_name()

Return the name of the field

Return type:string
get_name_idx()

Return the index into the string_ids list for the name of this field

Return type:int
get_obj()
get_raw()
get_type()

Return the type of the field

Return type:string
get_type_idx()

Return the index into the type_ids list for the type of this field

Return type:int
reload()
show()
class androguard.core.bytecodes.dvm.FieldIdItemInvalid

Bases: object

get_class_name()
get_descriptor()
get_list()
get_name()
get_type()
show()
class androguard.core.bytecodes.dvm.FillArrayData(buff)

Bases: object

This class can parse a FillArrayData instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_data()

Return the data of this instruction (the payload)

Return type:string
get_formatted_operands()
get_hex()
get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.HeaderItem(size, buff, cm)

Bases: object

This class can parse an header_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the header_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.Instruction

Bases: object

This class represents a dalvik instruction

get_formatted_operands()
get_hex()
get_kind()

Return the ‘kind’ argument of the instruction

Return type:int
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_name()

Return the name of the instruction

Return type:string
get_op_value()

Return the value of the opcode

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_translated_kind()

Return the translated value of the ‘kind’ argument

Return type:string
show(idx)

Print the instruction

show_buff(idx)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.Instruction10t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 10t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction10x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 10x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction11n(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 11n format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction11x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 11x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction12x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 12x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction20bc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 20bc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction20t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 20t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction21c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_raw_string()
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_string()
class androguard.core.bytecodes.dvm.Instruction21h(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21h format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction21s(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21s format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction21t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction22b(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22b format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction22c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction22cs(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22cs format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction22s(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22s format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction22t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction22x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction23x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 23x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction30t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 30t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction31c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 31c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_raw_string()
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_string()

Return the string associated to the ‘kind’ argument

Return type:string
class androguard.core.bytecodes.dvm.Instruction31i(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3li format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction31t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 31t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction32x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 32x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction35c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction35mi(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35mi format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction35ms(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35ms format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rmi(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rmi format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rms(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rms format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction40sc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 40sc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction41c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 41c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction51l(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 51l format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction52c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 52c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction5rc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 5rc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.InstructionInvalid(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents an invalid instruction

get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
exception androguard.core.bytecodes.dvm.InvalidInstruction

Bases: androguard.core.bytecodes.dvm.Error

class androguard.core.bytecodes.dvm.LinearSweepAlgorithm

Bases: object

This class is used to disassemble a method. The algorithm used by this class is linear sweep.

get_instructions(cm, size, insn, idx)
Parameters:
  • cm (ClassManager object) – a ClassManager object
  • size (int) – the total size of the buffer
  • insn (string) – a raw buffer where are the instructions
  • idx (int) – a start address in the buffer
Return type:

a generator of Instruction objects
class androguard.core.bytecodes.dvm.MapItem(buff, cm)

Bases: object

get_item()
get_length()
get_obj()
get_off()
get_offset()
get_raw()
get_size()
get_type()
next(buff, cm)
reload()
set_item(item)
show()
class androguard.core.bytecodes.dvm.MapList(cm, off, buff)

Bases: object

This class can parse the “map_list” of the dex format

get_class_manager()
get_item_type(ttype)

Get a particular item type

Parameters:ttype – a string which represents the desired type
Return type:None or the item object
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()

Print with a pretty display the MapList object

class androguard.core.bytecodes.dvm.MethodAnnotation(buff, cm)

Bases: object

This class can parse a method_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the method_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the method

Return type:int
get_length()
get_method_idx()

Return the index into the method_ids list for the identity of the method being annotated

Return type:int
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.MethodHIdItem(size, buff, cm)

Bases: object

This class can parse a list of method_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of method_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.MethodIdItem(buff, cm)

Bases: object

This class can parse a method_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the method_id_item
  • cm (ClassManager) – a ClassManager object
get_class_idx()

Return the index into the type_ids list for the definer of this method

Return type:int
get_class_name()

Return the class name of the method

Return type:string
get_descriptor()

Return the descriptor

Return type:string
get_length()
get_list()
get_name()

Return the name of the method

Return type:string
get_name_idx()

Return the index into the string_ids list for the name of this method

Return type:int
get_obj()
get_proto()

Return the prototype of the method

Return type:string
get_proto_idx()

Return the index into the proto_ids list for the prototype of this method

Return type:int
get_raw()
get_real_descriptor()

Return the real descriptor (i.e. without extra spaces)

Return type:string
get_triple()
reload()
show()
class androguard.core.bytecodes.dvm.MethodIdItemInvalid

Bases: object

get_class_name()
get_descriptor()
get_list()
get_name()
get_proto()
show()
class androguard.core.bytecodes.dvm.OdexDependencies(buff)

Bases: object

This class can parse the odex dependencies

Parameters:buff – a Buff object string which represents the odex dependencies
get_dependencies()

Return the list of dependencies

Return type:a list of strings
get_raw()
class androguard.core.bytecodes.dvm.OdexHeaderItem(buff)

Bases: object

This class can parse the odex header

Parameters:buff – a Buff object string which represents the odex dependencies
get_raw()
show()
class androguard.core.bytecodes.dvm.OffObj(o)

Bases: object

class androguard.core.bytecodes.dvm.PackedSwitch(buff)

Bases: object

This class can parse a PackedSwitch instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_formatted_operands()
get_hex()
get_keys()

Return the keys of the instruction

Return type:a list of long
get_length()
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)

Return an additional output of the instruction

Return type:string
get_output(idx=-1)

Return an additional output of the instruction

rtype:string
get_raw()
get_targets()

Return the targets (address) of the instruction

Return type:a list of long
get_values()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.ParameterAnnotation(buff, cm)

Bases: object

This class can parse a parameter_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the parameter_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the method parameters

Return type:int
get_length()
get_method_idx()

Return the index into the method_ids list for the identity of the method whose parameters are being annotated

Return type:int
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ProtoHIdItem(size, buff, cm)

Bases: object

This class can parse a list of proto_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of proto_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ProtoIdItem(buff, cm)

Bases: object

This class can parse a proto_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the proto_id_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_parameters_off()

Return the offset from the start of the file to the list of parameter types for this prototype, or 0 if this prototype has no parameters

Return type:int
get_parameters_off_value()

Return the string associated to the parameters_off

Return type:string
get_raw()
get_return_type_idx()

Return the index into the type_ids list for the return type of this prototype

Return type:int
get_return_type_idx_value()

Return the string associated to the return_type_idx

Return type:string
get_shorty_idx()

Return the index into the string_ids list for the short-form descriptor string of this prototype

Return type:int
get_shorty_idx_value()

Return the string associated to the shorty_idx

Return type:string
reload()
show()
class androguard.core.bytecodes.dvm.ProtoIdItemInvalid

Bases: object

get_params()
get_return_type()
get_shorty()
show()
class androguard.core.bytecodes.dvm.SparseSwitch(buff)

Bases: object

This class can parse a SparseSwitch instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_formatted_operands()
get_hex()
get_keys()

Return the keys of the instruction

Return type:a list of long
get_length()
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)

Return an additional output of the instruction

Return type:string
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()
get_targets()

Return the targets (address) of the instruction

Return type:a list of long
get_values()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.StringDataItem(buff, cm)

Bases: object

This class can parse a string_data_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the string_data_item
  • cm (ClassManager) – a ClassManager object
get()
get_data()

Return a series of MUTF-8 code units (a.k.a. octets, a.k.a. bytes) followed by a byte of value 0

Return type:string
get_length()

Get the length of the raw string including the ULEB128 coded length and the null byte terminator

Returns:int
get_obj()
get_off()
get_raw()

Returns the raw string including the ULEB128 coded length and null byte string terminator

Returns:bytes
get_utf16_size()

Return the size of this string, in UTF-16 code units

:rtype:int

reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.StringIdItem(buff, cm)

Bases: object

This class can parse a string_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the string_id_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
get_string_data_off()

Return the offset from the start of the file to the string data for this item

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.TryItem(buff, cm)

Bases: object

This class represents the try_item format

Parameters:
  • buff (string) – a raw buffer where are the try_item format
  • cm (ClassManager object) – the ClassManager
get_handler_off()

Get the offset in bytes from the start of the associated EncodedCatchHandlerList to the EncodedCatchHandler for this entry.

Return type:int
get_insn_count()

Get the number of 16-bit code units covered by this entry

Return type:int
get_length()
get_off()
get_raw()
get_start_addr()

Get the start address of the block of code covered by this entry. The address is a count of 16-bit code units to the start of the first covered instruction.

Return type:int
set_off(off)
class androguard.core.bytecodes.dvm.TypeHIdItem(size, buff, cm)

Bases: object

This class can parse a list of type_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of type_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
get_type()

Return the list of type_id_item

Return type:a list of TypeIdItem objects
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.TypeIdItem(buff, cm)

Bases: object

This class can parse a type_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_id_item
  • cm (ClassManager) – a ClassManager object
get_descriptor_idx()

Return the index into the string_ids list for the descriptor string of this type

Return type:int
get_descriptor_idx_value()

Return the string associated to the descriptor

Return type:string
get_length()
get_obj()
get_raw()
reload()
show()
class androguard.core.bytecodes.dvm.TypeItem(buff, cm)

Bases: object

This class can parse a type_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_string()

Return the type string

Return type:string
get_type_idx()

Return the index into the type_ids list

Return type:int
show()
class androguard.core.bytecodes.dvm.TypeList(buff, cm)

Bases: object

This class can parse a type_list of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_list
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return the list of TypeItem

Return type:a list of TypeItem objects
get_obj()
get_off()
get_pad()

Return the alignment string

Return type:string
get_raw()
get_size()

Return the size of the list, in entries

Return type:int
get_string()

Return the concatenation of all strings

Return type:string
get_type_list_off()

Return the offset of the item

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.Unresolved(cm, data)

Bases: androguard.core.bytecodes.dvm.Instruction

get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_op_value()

Return the value of the opcode

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.XREF

Bases: object

add(x, y)
androguard.core.bytecodes.dvm.clean_name_instruction(instruction)
androguard.core.bytecodes.dvm.determineException(vm, m)
androguard.core.bytecodes.dvm.determineNext(i, end, m)
androguard.core.bytecodes.dvm.get_access_flags_string(value)

Transform an access flags to the corresponding string

Parameters:value (int) – the value of the access flags
Return type:string
androguard.core.bytecodes.dvm.get_byte(buff)
androguard.core.bytecodes.dvm.get_bytecodes_method(dex_object, ana_object, method)
androguard.core.bytecodes.dvm.get_bytecodes_methodx(method, mx)
androguard.core.bytecodes.dvm.get_extented_instruction(cm, op_value, buff)
androguard.core.bytecodes.dvm.get_instruction(cm, op_value, buff, odex=False)
androguard.core.bytecodes.dvm.get_instruction_payload(op_value, buff)
androguard.core.bytecodes.dvm.get_kind(cm, kind, value)

Return the value of the ‘kind’ argument

Parameters:
  • cm (ClassManager) – a ClassManager object
  • kind (int) – the type of the ‘kind’ argument
  • value (int) – the value of the ‘kind’ argument
Return type:

string
androguard.core.bytecodes.dvm.get_optimized_instruction(cm, op_value, buff)
androguard.core.bytecodes.dvm.get_params_info(nb, proto)
androguard.core.bytecodes.dvm.get_sbyte(buff)
androguard.core.bytecodes.dvm.get_type(atype, size=None)

Retrieve the type of a descriptor (e.g : I)

androguard.core.bytecodes.dvm.mutf8_to_string(buff, length)

Decode a MUTF-8 Encoded string from the current position of a buffer

Parameters:
  • buff – Buffer object
  • length – length of characters to read
Returns:

a unicode str object
androguard.core.bytecodes.dvm.readsleb128(buff)
androguard.core.bytecodes.dvm.readuleb128(buff)
androguard.core.bytecodes.dvm.readuleb128p1(buff)
androguard.core.bytecodes.dvm.readusleb128(buff)
androguard.core.bytecodes.dvm.static_operand_instruction(instruction)
androguard.core.bytecodes.dvm.writesleb128(value)
androguard.core.bytecodes.dvm.writeuleb128(value)

androguard.core.bytecodes.dvm_permissions module

Module contents