androguard.core.bytecodes package¶
The bytecodes modules are one very important core feature of Androguard. They contain parsers for APK, AXML, DEX, ODEX and DEY files as well for formats used inside these formats. These might be MUTF-8 for string encoding in DEX files as well as the widely used LEB128 encoding for numbers.
The most important modules might be androguard.core.bytecodes.apk.APK
and
androguard.core.bytecodes.dvm.DalvikVMFormat
.
Submodules¶
androguard.core.bytecodes.apk module¶
-
class
androguard.core.bytecodes.apk.
APK
(filename, raw=False, magic_file=None, skip_analysis=False, testzip=False)¶ Bases:
object
-
APK_SIG_KEY_SIGNATURE
= 1896449818¶
-
APK_SIG_MAGIC
= b'APK Sig Block 42'¶
-
PK_CENTRAL_DIR
= b'PK\x01\x02'¶
-
PK_END_OF_CENTRAL_DIR
= b'PK\x05\x06'¶
-
files
¶ Wrapper for the files object
Returns: dictionary of files and their mime type
-
format_value
(value)¶ Format a value with packagename, if not already set
Parameters: value – Returns:
-
get_activities
()¶ Return the android:name attribute of all activities
Return type: a list of string
-
get_all_dex
()¶ Return the raw data of all classes dex files
Return type: a generator
-
get_android_manifest_axml
()¶ Return the
AXMLPrinter
object which corresponds to the AndroidManifest.xml fileReturn type: AXMLPrinter
-
get_android_manifest_xml
()¶ Return the xml object which corresponds to the AndroidManifest.xml file
Return type: object
-
get_android_resources
()¶ Return the
ARSCParser
object which corresponds to the resources.arsc fileReturn type: ARSCParser
-
get_androidversion_code
()¶ Return the android version code
Return type: string
-
get_androidversion_name
()¶ Return the android version name
Return type: string
-
get_app_icon
(max_dpi=65536)¶ Return the first non-greater density than max_dpi icon file name, unless exact icon resolution is set in the manifest, in which case return the exact file
From https://developer.android.com/guide/practices/screens_support.html ldpi (low) ~120dpi mdpi (medium) ~160dpi hdpi (high) ~240dpi xhdpi (extra-high) ~320dpi xxhdpi (extra-extra-high) ~480dpi xxxhdpi (extra-extra-extra-high) ~640dpi
Return type: string
-
get_app_name
()¶ Return the appname of the APK
Return type: string
-
get_certificate
(filename)¶ Return a X.509 certificate object by giving the name in the apk file
Parameters: filename – filename of the signature file in the APK Returns: a x509 certificate
-
get_certificate_der
(filename)¶ Return the DER coded X.509 certificate from the signature file.
Parameters: filename – Signature filename in APK Returns: DER coded X.509 certificate as binary
-
get_certificates_der_v2
()¶ Return a list of DER coded X.509 certificates from the v2 signature
-
get_certificates_v2
()¶ Return a list of
cryptography.x509.Certificate
which are found in the v2 signing block. Note that we simply extract all certificates regardless of the signer. Therefore this is just a list of all certificates found in all signers.
-
get_declared_permissions
()¶ Returns list of the declared permissions.
Return type: list of strings
-
get_declared_permissions_details
()¶ Returns declared permissions with the details.
Return type: dict
-
get_details_permissions
()¶ Return permissions with details
Return type: dict of {permission: [protectionLevel, label, description]}
-
get_dex
()¶ Return the raw data of the classes dex file
Return type: a string
-
get_dex_names
()¶ Return the name of all classes dex files
Return type: a list of string
-
get_effective_target_sdk_version
()¶ Return the effective targetSdkVersion, always returns int > 0.
If the targetSdkVersion is not set, it defaults to 1. This is set based on defaults as defined in: https://developer.android.com/guide/topics/manifest/uses-sdk-element.html
Return type: int
-
get_element
(tag_name, attribute, **attribute_filter)¶ Return element in xml files which match with the tag name and the specific attribute
Parameters: - tag_name (string) – specify the tag name
- attribute (string) – specify the attribute
Return type: string
-
get_elements
(tag_name, attribute, with_namespace=True)¶ Return elements in xml files which match with the tag name and the specific attribute
Parameters: - tag_name – a string which specify the tag name
- attribute – a string which specify the attribute
-
get_file
(filename)¶ Return the raw data of the specified filename inside the APK
Return type: string
-
get_filename
()¶ Return the filename of the APK
Return type: string
-
get_files
()¶ Return the files inside the APK
Return type: a list of strings
-
get_files_crc32
()¶ Calculates and returns a dictionary of filenames and CRC32
Returns: dict of filename: CRC32
-
get_files_information
()¶ Return the files inside the APK with their associated types and crc32
Return type: string, string, int
-
get_files_types
()¶ Return the files inside the APK with their associated types (by using python-magic)
Return type: a dictionnary
-
get_intent_filters
(category, name)¶
-
get_libraries
()¶ Return the android:name attributes for libraries
Return type: list
-
get_main_activity
()¶ Return the name of the main activity
Return type: string
-
get_max_sdk_version
()¶ Return the android:maxSdkVersion attribute
Return type: string
-
get_min_sdk_version
()¶ Return the android:minSdkVersion attribute
Return type: string
-
get_package
()¶ Return the name of the package
Return type: string
-
get_permissions
()¶ Return permissions
Return type: list of string
-
get_providers
()¶ Return the android:name attribute of all providers
Return type: a list of string
-
get_raw
()¶ Return raw bytes of the APK
Return type: string
-
get_receivers
()¶ Return the android:name attribute of all receivers
Return type: a list of string
-
get_requested_aosp_permissions
()¶ Returns requested permissions declared within AOSP project.
Return type: list of strings
-
get_requested_aosp_permissions_details
()¶ Returns requested aosp permissions with details.
Return type: dictionary
-
get_requested_permissions
= DeprecationWarning(<function APK.get_requested_permissions>,)¶
-
get_requested_third_party_permissions
()¶ Returns list of requested permissions not declared within AOSP project.
Return type: list of strings
-
get_services
()¶ Return the android:name attribute of all services
Return type: a list of string
-
get_signature
()¶ Return the data of the first signature file found (v1 Signature / JAR Signature)
Return type: First signature name or None if not signed
-
get_signature_name
()¶ Return the name of the first signature file found.
-
get_signature_names
()¶ Return a list of the signature file names (v1 Signature / JAR Signature)
Return type: List of filenames matching a Signature
-
get_signatures
()¶ Return a list of the data of the signature files. Only v1 / JAR Signing.
Return type: list of bytes
-
get_target_sdk_version
()¶ Return the android:targetSdkVersion attribute
Return type: string
-
get_uses_implied_permission_list
()¶ Return all permissions implied by the target SDK or other permissions.
Return type: list of string
-
is_multidex
()¶ Test if the APK has multiple DEX files
Returns: True if multiple dex found, otherwise False
-
is_signed
()¶ Returns true if either a v1 or v2 (or both) signature was found.
-
is_signed_v1
()¶ Returns true if a v1 / JAR signature was found. Returning True does not mean that the file is properly signed! It just says that there is a signature file which needs to be validated.
-
is_signed_v2
()¶ Returns true of a v2 / APK signature was found. Returning True does not mean that the file is properly signed! It just says that there is a signature file which needs to be validated.
-
is_valid_APK
()¶ Return true if the APK is valid, false otherwise
Return type: boolean
-
new_zip
(filename, deleted_files=None, new_files={})¶ Create a new zip file
Parameters: - filename (string) – the output filename of the zip
- deleted_files (None or a string) – a regex pattern to remove specific file
- new_files (a dictionnary (key:filename, value:content of the file)) – a dictionnary of new files
-
show
()¶
-
-
exception
androguard.core.bytecodes.apk.
BrokenAPKError
¶
-
exception
androguard.core.bytecodes.apk.
Error
¶ Bases:
Exception
Base class for exceptions in this module.
-
exception
androguard.core.bytecodes.apk.
FileNotPresent
¶
-
androguard.core.bytecodes.apk.
parse_lxml_dom
(tree)¶
-
androguard.core.bytecodes.apk.
show_Certificate
(cert, short=False)¶ Print Fingerprints, Issuer and Subject of an X509 Certificate.
Parameters: - cert (
cryptography.x509.Certificate
) – X509 Certificate to print - short (Boolean) – Print in shortform for DN (Default: False)
- cert (
androguard.core.bytecodes.dvm module¶
-
class
androguard.core.bytecodes.dvm.
AnnotationElement
(buff, cm)¶ Bases:
object
This class can parse an annotation_element of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_element
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_name_idx
()¶ Return the element name, represented as an index into the string_ids section
Return type: int
-
get_obj
()¶
-
get_raw
()¶
-
get_value
()¶ Return the element value (EncodedValue)
Return type: a EncodedValue
object
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationItem
(buff, cm)¶ Bases:
object
This class can parse an annotation_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_item
- cm (
ClassManager
) – a ClassManager object
-
get_annotation
()¶ Return the encoded annotation contents
Return type: a EncodedAnnotation
object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_visibility
()¶ Return the intended visibility of this annotation
Return type: int
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationOffItem
(buff, cm)¶ Bases:
object
This class can parse an annotation_off_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_off_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationSetItem
(buff, cm)¶ Bases:
object
This class can parse an annotation_set_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_set_item
- cm (
ClassManager
) – a ClassManager object
-
get_annotation_off_item
()¶ Return the offset from the start of the file to an annotation
Return type: a list of AnnotationOffItem
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationSetRefItem
(buff, cm)¶ Bases:
object
This class can parse an annotation_set_ref_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_item
- cm (
ClassManager
) – a ClassManager object
-
get_annotations_off
()¶ Return the offset from the start of the file to the referenced annotation set or 0 if there are no annotations for this element.
Return type: int
-
get_obj
()¶
-
get_raw
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationSetRefList
(buff, cm)¶ Bases:
object
This class can parse an annotation_set_ref_list_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_list_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_list
()¶ Return elements of the list
Return type: AnnotationSetRefItem
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
AnnotationsDirectoryItem
(buff, cm)¶ Bases:
object
This class can parse an annotations_directory_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the annotations_directory_item
- cm (
ClassManager
) – a ClassManager object
-
get_annotated_fields_size
()¶ Return the count of fields annotated by this item
Return type: int
-
get_annotated_methods_size
()¶ Return the count of methods annotated by this item
Return type: int
-
get_annotated_parameters_size
()¶ Return the count of method parameter lists annotated by this item
Return type: int
-
get_class_annotations_off
()¶ Return the offset from the start of the file to the annotations made directly on the class, or 0 if the class has no direct annotations
Return type: int
-
get_field_annotations
()¶ Return the list of associated field annotations
Return type: a list of FieldAnnotation
-
get_length
()¶
-
get_method_annotations
()¶ Return the list of associated method annotations
Return type: a list of MethodAnnotation
-
get_obj
()¶
-
get_off
()¶
-
get_parameter_annotations
()¶ Return the list of associated method parameter annotations
Return type: a list of ParameterAnnotation
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ClassDataItem
(buff, cm)¶ Bases:
object
This class can parse a class_data_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the class_data_item
- cm (
ClassManager
) – a ClassManager object
-
get_direct_methods
()¶ Return the defined direct (any of static, private, or constructor) methods, represented as a sequence of encoded elements
Return type: a list of EncodedMethod
objects
-
get_direct_methods_size
()¶ Return the number of direct methods defined in this item
Return type: int
-
get_fields
()¶ Return static and instance fields
Return type: a list of EncodedField
objects
-
get_instance_fields
()¶ Return the defined instance fields, represented as a sequence of encoded elements
Return type: a list of EncodedField
objects
-
get_instance_fields_size
()¶ Return the number of instance fields defined in this item
Return type: int
-
get_length
()¶
-
get_methods
()¶ Return direct and virtual methods
Return type: a list of EncodedMethod
objects
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_static_fields
()¶ Return the defined static fields, represented as a sequence of encoded elements
Return type: a list of EncodedField
objects
-
get_static_fields_size
()¶ Return the number of static fields defined in this item
Return type: int
-
get_virtual_methods
()¶ Return the defined virtual (none of static, private, or constructor) methods, represented as a sequence of encoded elements
Return type: a list of EncodedMethod
objects
-
get_virtual_methods_size
()¶ Return the number of virtual methods defined in this item
Return type: int
-
reload
()¶
-
set_off
(off)¶
-
set_static_fields
(value)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ClassDefItem
(buff, cm)¶ Bases:
object
This class can parse a class_def_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the class_def_item
- cm (
ClassManager
) – a ClassManager object
-
get_access_flags
()¶ Return the access flags for the class (public, final, etc.)
Return type: int
-
get_access_flags_string
()¶ Return the access flags string of the class
Return type: string
-
get_annotations_off
()¶ Return the offset from the start of the file to the annotations structure for this class, or 0 if there are no annotations on this class.
Return type: int
-
get_ast
()¶
-
get_class_data
()¶ Return the associated class_data_item
Return type: a ClassDataItem
object
-
get_class_data_off
()¶ Return the offset from the start of the file to the associated class data for this item, or 0 if there is no class data for this class
Return type: int
-
get_class_idx
()¶ Return the index into the type_ids list for this class
Return type: int
-
get_fields
()¶ Return all fields of this class
Return type: a list of EncodedField
objects
-
get_interfaces
()¶ Return the name of the interface
Return type: string
-
get_interfaces_off
()¶ Return the offset from the start of the file to the list of interfaces, or 0 if there are none
Return type: int
-
get_length
()¶
-
get_methods
()¶ Return all methods of this class
Return type: a list of EncodedMethod
objects
-
get_name
()¶ Return the name of this class
Return type: int
-
get_obj
()¶
-
get_raw
()¶
-
get_source
()¶
-
get_source_ext
()¶
-
get_source_file_idx
()¶ Return the index into the string_ids list for the name of the file containing the original source for (at least most of) this class, or the special value NO_INDEX to represent a lack of this information
Return type: int
-
get_static_values_off
()¶ Return the offset from the start of the file to the list of initial values for static fields, or 0 if there are none (and all static fields are to be initialized with 0 or null)
Return type: int
-
get_superclass_idx
()¶ Return the index into the type_ids list for the superclass
Return type: int
-
get_superclassname
()¶ Return the name of the super class
Return type: string
-
reload
()¶
-
set_name
(value)¶
-
show
()¶
-
source
()¶ Return the source code of the entire class
Return type: string
-
class
androguard.core.bytecodes.dvm.
ClassHDefItem
(size, buff, cm)¶ Bases:
object
This class can parse a list of class_def_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the list of class_def_item
- cm (
ClassManager
) – a ClassManager object
-
get_class_idx
(idx)¶
-
get_length
()¶
-
get_method
(name_class, name_method)¶
-
get_names
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ClassManager
(vm, config)¶ Bases:
object
This class is used to access to all elements (strings, type, proto …) of the dex format
-
add_type_item
(type_item, c_item, item)¶
-
get_all_engine
()¶
-
get_ascii_string
(s)¶
-
get_class_data_item
(off)¶
-
get_code
(idx)¶
-
get_debug_off
(off)¶
-
get_encoded_array_item
(off)¶
-
get_engine
()¶
-
get_field
(idx)¶
-
get_field_ref
(idx)¶
-
get_item_by_offset
(offset)¶
-
get_lazy_analysis
()¶
-
get_method
(idx)¶
-
get_method_ref
(idx)¶
-
get_next_offset_item
(idx)¶
-
get_obj_by_offset
(offset)¶
-
get_odex_format
()¶
-
get_proto
(idx)¶
-
get_raw_string
(idx)¶
-
get_string
(idx)¶
-
get_string_by_offset
(offset)¶
-
get_type
(idx)¶
-
get_type_list
(off)¶
-
get_type_ref
(idx)¶
-
set_decompiler
(decompiler)¶
-
set_hook_class_name
(class_def, value)¶
-
set_hook_field_name
(encoded_field, value)¶
-
set_hook_method_name
(encoded_method, value)¶
-
set_hook_string
(idx, value)¶
-
-
class
androguard.core.bytecodes.dvm.
CodeItem
(size, buff, cm)¶ Bases:
object
-
get_code
(off)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
ConstString
(orig_ins, value)¶ Bases:
androguard.core.bytecodes.dvm.Instruction21c
Simulate a const-string instruction.
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_raw_string
()¶
-
-
class
androguard.core.bytecodes.dvm.
DBGBytecode
(cm, op_value)¶ Bases:
object
-
add
(value, ttype)¶
-
get_obj
()¶
-
get_op_value
()¶
-
get_raw
()¶
-
get_value
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
DCode
(class_manager, offset, size, buff)¶ Bases:
object
This class represents the instructions of a method
Parameters: - class_manager (
ClassManager
object) – the ClassManager - offset (int) – the offset of the buffer
- size (int) – the total size of the buffer
- buff (string) – a raw buffer where are the instructions
-
add_inote
(msg, idx, off=None)¶ Add a message to a specific instruction by using (default) the index of the address if specified
Parameters: - msg (string) – the message
- idx (int) – index of the instruction (the position in the list of the instruction)
- off (int) – address of the instruction
-
get_ins_off
(off)¶ Get a particular instruction by using the address
Parameters: off (int) – address of the instruction Return type: an Instruction
object
-
get_insn
()¶ Get the insn buffer
Return type: string
-
get_instruction
(idx, off=None)¶ Get a particular instruction by using (default) the index of the address if specified
Parameters: - idx (int) – index of the instruction (the position in the list of the instruction)
- off (int) – address of the instruction
Return type: an
Instruction
object
-
get_instructions
()¶ Get the instructions
Return type: a generator of each Instruction
(or a cached list of instructions if you have setup instructions)
-
get_length
()¶ Return the length of this object
Return type: int
-
get_raw
()¶ Return the raw buffer of this object
Return type: bytearray
-
is_cached_instructions
()¶
-
off_to_pos
(off)¶ Get the position of an instruction by using the address
Parameters: off (int) – address of the instruction Return type: int
-
reload
()¶
-
set_idx
(idx)¶ Set the start address of the buffer
Parameters: idx (int) – the index
-
set_insn
(insn)¶ Set a new raw buffer to disassemble
Parameters: insn (string) – the buffer
-
set_instructions
(instructions)¶ Set the instructions
Parameters: instructions (a list of Instruction
) – the list of instructions
-
show
()¶ Display (with a pretty print) this object
- class_manager (
-
class
androguard.core.bytecodes.dvm.
DalvikCode
(buff, cm)¶ Bases:
object
This class represents the instructions of a method
Parameters: - buff (string) – a raw buffer where are the instructions
- cm (
ClassManager
object) – the ClassManager
-
add_inote
(msg, idx, off=None)¶ Add a message to a specific instruction by using (default) the index of the address if specified
Parameters: - msg (string) – the message
- idx (int) – index of the instruction (the position in the list of the instruction)
- off (int) – address of the instruction
-
get_debug
()¶ Return the associated debug object
Return type: DebugInfoItem
-
get_debug_info_off
()¶ Get the offset from the start of the file to the debug info (line numbers + local variable info) sequence for this code, or 0 if there simply is no information
Return type: int
-
get_handlers
()¶ Get the bytes representing a list of lists of catch types and associated handler addresses.
Return type: EncodedCatchHandlerList
-
get_ins_size
()¶ Get the number of words of incoming arguments to the method that this code is for
Return type: int
-
get_insns_size
()¶ Get the size of the instructions list, in 16-bit code units
Return type: int
-
get_instruction
(idx, off=None)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_outs_size
()¶ Get the number of words of outgoing argument space required by this code for method invocation
Return type: int
-
get_raw
()¶ Get the reconstructed code as bytearray
Return type: bytearray
-
get_registers_size
()¶ Get the number of registers used by this code
Return type: int
-
get_size
()¶
-
get_tries
()¶ Get the array indicating where in the code exceptions are caught and how to handle them
Return type: a list of TryItem
objects
-
reload
()¶
-
set_idx
(idx)¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
DalvikOdexVMFormat
(buff, decompiler=None, config=None, using_api=None)¶ Bases:
androguard.core.bytecodes.dvm.DalvikVMFormat
This class can parse an odex file
Parameters: - buff (string) – a string which represents the odex file
- decompiler (object) – associate a decompiler object to display the java source code
Example: DalvikOdexVMFormat( read(“classes.odex”) )
-
get_buff
()¶
-
get_dependencies
()¶ Return the odex dependencies object
Return type: an OdexDependencies object
-
get_format_type
()¶ Return the type
Return type: a string
-
save
()¶ Do not use !
-
class
androguard.core.bytecodes.dvm.
DalvikVMFormat
(buff, decompiler=None, config=None, using_api=None)¶ Bases:
androguard.core.bytecode._Bytecode
This class can parse a classes.dex file of an Android application (APK).
Parameters: - buff (string) – a string which represents the classes.dex file
- decompiler (object) – associate a decompiler object to display the java source code
Example: DalvikVMFormat( read(“classes.dex”) )
-
colorize_operands
(operands, colors)¶
-
create_python_export
()¶ Export classes/methods/fields’ names in the python namespace
-
disassemble
(offset, size)¶ Disassembles a given offset in the DEX file
Parameters: - offset (int) – offset to disassemble in the file (from the beginning of the file)
- size –
-
fix_checksums
(buff)¶ Fix a dex format buffer by setting all checksums
Return type: string
-
get_BRANCH_DVM_OPCODES
()¶
-
get_all_fields
()¶ Return a list of field items
Return type: a list of FieldIdItem
objects
-
get_api_version
()¶ This method returns api version that should be used for loading api specific resources.
Return type: int
-
get_class
(name)¶ Return a specific class
Parameters: name – the name of the class Return type: a ClassDefItem
object
-
get_class_manager
()¶ This function returns a ClassManager object which allow you to get access to all index references (strings, methods, fields, ….)
Return type: ClassManager
object
-
get_classes
()¶ Return all classes
Return type: a list of ClassDefItem
objects
-
get_classes_def_item
()¶ This function returns the class def item
Return type: ClassHDefItem
object
-
get_classes_names
(update=False)¶ Return the names of classes
Parameters: update – True indicates to recompute the list. Maybe needed after using a MyClass.set_name(). Return type: a list of string
-
get_cm_field
(idx)¶ Get a specific field by using an index
Parameters: idx (int) – index of the field
-
get_cm_method
(idx)¶ Get a specific method by using an index
Parameters: idx (int) – index of the method
-
get_cm_string
(idx)¶ Get a specific string by using an index
Parameters: idx (int) – index of the string
-
get_cm_type
(idx)¶ Get a specific type by using an index
Parameters: idx (int) – index of the type
-
get_debug_info_item
()¶ This function returns the debug info item
Return type: DebugInfoItem
object
-
get_determineException
()¶
-
get_determineNext
()¶
-
get_field
(name)¶ Return a list all fields which corresponds to the regexp
Parameters: name – the name of the field (a python regexp) Return type: a list with all EncodedField
objects
-
get_field_descriptor
(class_name, field_name, descriptor)¶ Return the specific field
Parameters: - class_name (string) – the class name of the field
- field_name (string) – the name of the field
- descriptor (string) – the descriptor of the field
Return type: None or a
EncodedField
object
-
get_fields
()¶ Return all field objects
Return type: a list of EncodedField
objects
-
get_fields_class
(class_name)¶ Return all fields of a specific class
Parameters: class_name (string) – the class name Return type: a list with EncodedField
objects
-
get_fields_id_item
()¶ This function returns the field id item
Return type: FieldHIdItem
object
-
get_format
()¶
-
get_format_type
()¶ Return the type
Return type: a string
-
get_header_item
()¶ This function returns the header item
Return type: HeaderItem
object
-
get_len_methods
()¶ Return the number of methods
Return type: int
-
get_method
(name)¶ Return a list all methods which corresponds to the regexp
Parameters: name – the name of the method (a python regexp) Return type: a list with all EncodedMethod
objects
-
get_method_by_idx
(idx)¶ Return a specific method by using an index :param idx: the index of the method :type idx: int
Return type: None or an EncodedMethod
object
-
get_method_descriptor
(class_name, method_name, descriptor)¶ Return the specific method
Parameters: - class_name (string) – the class name of the method
- method_name (string) – the name of the method
- descriptor (string) – the descriptor of the method
Return type: None or a
EncodedMethod
object
-
get_methods
()¶ Return all method objects
Return type: a list of EncodedMethod
objects
-
get_methods_class
(class_name)¶ Return all methods of a specific class
Parameters: class_name (string) – the class name Return type: a list with EncodedMethod
objects
-
get_methods_descriptor
(class_name, method_name)¶ Return the specific methods of the class
Parameters: - class_name (string) – the class name of the method
- method_name (string) – the name of the method
Return type: None or a
EncodedMethod
object
-
get_methods_id_item
()¶ This function returns the method id item
Return type: MethodHIdItem
object
-
get_operand_html
(operand, registers_colors, colors, escape_fct, wrap_fct)¶
-
get_regex_strings
(regular_expressions)¶ Return all target strings matched the regex
Parameters: regular_expressions (string) – the python regex Return type: a list of strings matching the regex expression
-
get_string_data_item
()¶ This function returns the string data item
Return type: StringDataItem
object
-
get_strings
()¶ Return all strings
The strings will have escaped surrogates, if only a single high or low surrogate is found. Complete surrogates are put together into the representing 32bit character.
Return type: a list with all strings used in the format (types, names …)
-
get_strings_unicode
()¶ Return all strings
This method will return pure UTF-16 strings. This is the “exact” same string as used in Java. Those strings can be problematic for python, as they can contain surrogates as well as “broken” surrogate pairs, ie single high or low surrogates. Such a string can for example not be printed. To avoid such problems, there is an escape mechanism to detect such lonely surrogates and escape them in the string. Of course, this results in a different string than in the Java Source!
Use get_strings() as a general purpose and get_strings_unicode() if you require the exact string from the Java Source. You can always escape the string from get_strings_unicode() using the function androguard.core.bytecodes.mutf8.patch_string(s).
Return type: a list with all strings used in the format (types, names …)
-
get_vmanalysis
()¶ The Analysis Object should contain all the information required, inclduing the DalvikVMFormats.
-
list_classes_hierarchy
()¶
-
print_classes_hierarchy
()¶
-
save
()¶ Return the dex (with the modifications) into raw format (fix checksums) (beta: do not use !)
Return type: string
-
set_decompiler
(decompiler)¶
-
set_vmanalysis
(analysis)¶ The Analysis Object should contain all the information required, inclduing the DalvikVMFormats.
-
show
()¶ Show the all information in the object
-
class
androguard.core.bytecodes.dvm.
DebugInfoItem
(buff, cm)¶ Bases:
object
-
get_bytecodes
()¶
-
get_line_start
()¶
-
get_off
()¶
-
get_parameter_names
()¶
-
get_parameters_size
()¶
-
get_raw
()¶
-
get_translated_parameter_names
()¶
-
reload
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
DebugInfoItemEmpty
(buff, cm)¶ Bases:
object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
EncodedAnnotation
(buff, cm)¶ Bases:
object
This class can parse an encoded_annotation of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_annotation
- cm (
ClassManager
) – a ClassManager object
-
get_elements
()¶ Return the elements of the annotation, represented directly in-line (not as offsets)
Return type: a list of AnnotationElement
objects
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
get_size
()¶ Return the number of name-value mappings in this annotation
:rtype:int
-
get_type_idx
()¶ Return the type of the annotation. This must be a class (not array or primitive) type
Return type: int
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedArray
(buff, cm)¶ Bases:
object
This class can parse an encoded_array of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_array
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
get_size
()¶ Return the number of elements in the array
Return type: int
-
get_values
()¶ Return a series of size encoded_value byte sequences in the format specified by this section, concatenated sequentially
Return type: a list of EncodedValue
objects
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedArrayItem
(buff, cm)¶ Bases:
object
This class can parse an encoded_array_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_array_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_value
()¶ Return the bytes representing the encoded array value
Return type: a EncodedArray
object
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedCatchHandler
(buff, cm)¶ Bases:
object
This class can parse an encoded_catch_handler of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler
- cm (
ClassManager
) – a ClassManager object
-
get_catch_all_addr
()¶ Return the bytecode address of the catch-all handler. This element is only present if size is non-positive.
Return type: int
-
get_handlers
()¶ Return the stream of abs(size) encoded items, one for each caught type, in the order that the types should be tested.
Return type: a list of EncodedTypeAddrPair
objects
-
get_length
()¶
-
get_off
()¶
-
get_raw
()¶ Return type: bytearray
-
get_size
()¶ Return the number of catch types in this list
Return type: int
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedCatchHandlerList
(buff, cm)¶ Bases:
object
This class can parse an encoded_catch_handler_list of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler_list
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_list
()¶ Return the actual list of handler lists, represented directly (not as offsets), and concatenated sequentially
Return type: a list of EncodedCatchHandler
objects
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶ Return type: bytearray
-
get_size
()¶ Return the size of this list, in entries
Return type: int
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedField
(buff, cm)¶ Bases:
object
This class can parse an encoded_field of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded field
- cm (
ClassManager
) – a ClassManager object
-
adjust_idx
(val)¶
-
get_access_flags
()¶ Return the access flags of the field
Return type: int
-
get_access_flags_string
()¶ Return the access flags string of the field
Return type: string
-
get_class_name
()¶ Return the class name of the field
Return type: string
-
get_descriptor
()¶ Return the descriptor of the field
The descriptor of a field is the type of the field.
Return type: string
-
get_field_idx
()¶ Return the real index of the method
Return type: int
-
get_field_idx_diff
()¶ Return the index into the field_ids list for the identity of this field (includes the name and descriptor), represented as a difference from the index of previous element in the list
Return type: int
-
get_init_value
()¶ Return the init value object of the field
Return type: EncodedValue
-
get_name
()¶ Return the name of the field
Return type: string
-
get_obj
()¶
-
get_raw
()¶
-
get_size
()¶
-
load
()¶
-
reload
()¶
-
set_init_value
(value)¶ Setup the init value object of the field
Parameters: value ( EncodedValue
) – the init value
-
set_name
(value)¶
-
show
()¶ Display the information (with a pretty print) about the field
-
class
androguard.core.bytecodes.dvm.
EncodedMethod
(buff, cm)¶ Bases:
object
This class can parse an encoded_method of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_method
- cm (
ClassManager
) – a ClassManager object
-
access_flags
= None¶ access flags of the method
-
add_inote
(msg, idx, off=None)¶ Add a message to a specific instruction by using (default) the index of the address if specified
Parameters: - msg (string) – the message
- idx (int) – index of the instruction (the position in the list of the instruction)
- off (int) – address of the instruction
-
add_note
(msg)¶ Add a message to this method
Parameters: msg (string) – the message
-
adjust_idx
(val)¶
-
code_off
= None¶ offset of the code section
-
each_params_by_register
(nb, proto)¶ From the Dalvik Bytecode documentation:
> The N arguments to a method land in the last N registers > of the method’s invocation frame, in order. > Wide arguments consume two registers. > Instance methods are passed a this reference as their first argument.
This method will print a description of the register usage to stdout.
Parameters: - nb – number of registers
- proto – descriptor of method
-
get_access_flags
()¶ Return the access flags of the method
Return type: int
-
get_access_flags_string
()¶ Return the access flags string of the method
A description of all access flags can be found here: https://source.android.com/devices/tech/dalvik/dex-format#access-flags
Return type: string
-
get_address
()¶ Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native
Return type: int
-
get_class_name
()¶ Return the class name of the method
Return type: string
-
get_code
()¶ Return the code object associated to the method
Return type: DalvikCode
object or None if no Code
-
get_code_off
()¶ Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native
Return type: int
-
get_debug
()¶ Return the debug object associated to this method
Return type: DebugInfoItem
-
get_descriptor
()¶ Return the descriptor of the method A method descriptor will have the form (A A A …)R Where A are the arguments to the method and R is the return type. Basic types will have the short form, i.e. I for integer, V for void and class types will be named like a classname, e.g. Ljava/lang/String;.
Typical descriptors will look like this:
` (I)I // one integer argument, integer return (C)Z // one char argument, boolean as return (Ljava/lang/CharSequence; I)I // CharSequence and integer as argyument, integer as return (C)Ljava/lang/String; // char as argument, String as return. `
More information about type descriptors are found here: https://source.android.com/devices/tech/dalvik/dex-format#typedescriptor
Return type: string
-
get_information
()¶
-
get_instruction
(idx, off=None)¶ Get a particular instruction by using (default) the index of the address if specified
Parameters: - idx (int) – index of the instruction (the position in the list of the instruction)
- off (int) – address of the instruction
Return type: an
Instruction
object
-
get_instructions
()¶ Get the instructions
Return type: a generator of each Instruction
(or a cached list of instructions if you have setup instructions)
-
get_length
()¶ Return the length of the associated code of the method
Return type: int
-
get_locals
()¶
-
get_method_idx
()¶ Return the real index of the method
Return type: int
-
get_method_idx_diff
()¶ Return index into the method_ids list for the identity of this method (includes the name and descriptor), represented as a difference from the index of previous element in the lis
Return type: int
-
get_name
()¶ Return the name of the method
Return type: string
-
get_raw
()¶
-
get_size
()¶
-
get_source
()¶
-
get_triple
()¶
-
is_cached_instructions
()¶
-
load
()¶
-
method_idx_diff
= None¶ method index diff in the corresponding section
-
reload
()¶
-
set_code_idx
(idx)¶ Set the start address of the buffer to disassemble
Parameters: idx (int) – the index
-
set_instructions
(instructions)¶ Set the instructions
Parameters: instructions (a list of Instruction
) – the list of instructions
-
set_name
(value)¶
-
show
()¶ Display the information (with a pretty print) about the method
-
show_info
()¶ Display the basic information about the method
-
show_notes
()¶ Display the notes about the method
-
source
()¶ Return the source code of this method
Return type: string
-
class
androguard.core.bytecodes.dvm.
EncodedTypeAddrPair
(buff)¶ Bases:
object
This class can parse an encoded_type_addr_pair of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_type_addr_pair
- cm (
ClassManager
) – a ClassManager object
-
get_addr
()¶ Return the bytecode address of the associated exception handler
Return type: int
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
get_type_idx
()¶ Return the index into the type_ids list for the type of the exception to catch
Return type: int
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
EncodedValue
(buff, cm)¶ Bases:
object
This class can parse an encoded_value of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the encoded_value
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
get_value
()¶ Return the bytes representing the value, variable in length and interpreted differently for different value_type bytes, though always little-endian
Return type: an object representing the value
-
get_value_arg
()¶
-
get_value_type
()¶
-
show
()¶
-
exception
androguard.core.bytecodes.dvm.
Error
¶ Bases:
Exception
Base class for exceptions in this module.
-
class
androguard.core.bytecodes.dvm.
ExportObject
¶ Bases:
object
-
class
androguard.core.bytecodes.dvm.
FakeNop
(length)¶ Bases:
androguard.core.bytecodes.dvm.Instruction10x
Simulate a nop instruction.
-
get_length
()¶ Return the length of the instruction
Return type: int
-
-
class
androguard.core.bytecodes.dvm.
FieldAnnotation
(buff, cm)¶ Bases:
object
This class can parse a field_annotation of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the field_annotation
- cm (
ClassManager
) – a ClassManager object
-
get_annotations_off
()¶ Return the offset from the start of the file to the list of annotations for the field
Return type: int
-
get_field_idx
()¶ Return the index into the field_ids list for the identity of the field being annotated
Return type: int
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
FieldHIdItem
(size, buff, cm)¶ Bases:
object
This class can parse a list of field_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the list of field_id_item
- cm (
ClassManager
) – a ClassManager object
-
get
(idx)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
gets
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
FieldIdItem
(buff, cm)¶ Bases:
object
This class can parse a field_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the field_id_item
- cm (
ClassManager
) – a ClassManager object
-
get_class_idx
()¶ Return the index into the type_ids list for the definer of this field
Return type: int
-
get_class_name
()¶ Return the class name of the field
Return type: string
-
get_descriptor
()¶ Return the descriptor of the field
Return type: string
-
get_length
()¶
-
get_list
()¶
-
get_name
()¶ Return the name of the field
Return type: string
-
get_name_idx
()¶ Return the index into the string_ids list for the name of this field
Return type: int
-
get_obj
()¶
-
get_raw
()¶
-
get_type
()¶ Return the type of the field
Return type: string
-
get_type_idx
()¶ Return the index into the type_ids list for the type of this field
Return type: int
-
reload
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
FieldIdItemInvalid
¶ Bases:
object
-
get_class_name
()¶
-
get_descriptor
()¶
-
get_list
()¶
-
get_name
()¶
-
get_type
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
FillArrayData
(buff)¶ Bases:
object
This class can parse a FillArrayData instruction
Parameters: buff – a Buff object which represents a buffer where the instruction is stored -
add_note
(msg)¶ Add a note to this instruction
Parameters: msg (objects (string)) – the message
-
get_data
()¶ Return the data of this instruction (the payload)
Return type: string
-
get_formatted_operands
()¶
-
get_hex
()¶
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_notes
()¶ Get all notes from this instruction
Return type: a list of objects
-
get_op_value
()¶ Get the value of the opcode
Return type: int
-
get_operands
(idx=-1)¶
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶
-
show
(pos)¶ Print the instruction
-
show_buff
(pos)¶ Return the display of the instruction
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
HeaderItem
(size, buff, cm)¶ Bases:
object
This class can parse an header_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the header_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
Instruction
¶ Bases:
object
This class represents a dalvik instruction
-
get_formatted_operands
()¶
-
get_hex
()¶
-
get_kind
()¶ Return the ‘kind’ argument of the instruction
Return type: int
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_op_value
()¶ Return the value of the opcode
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
get_translated_kind
()¶ Return the translated value of the ‘kind’ argument
Return type: string
-
show
(idx)¶ Print the instruction
-
show_buff
(idx)¶ Return the display of the instruction
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction10t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 10t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction10x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 10x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction11n
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 11n format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction11x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 11x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction12x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 12x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction20bc
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 20bc format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction20t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 20t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction21c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 21c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_raw_string
()¶
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
get_string
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction21h
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 21h format
-
get_formatted_operands
()¶
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction21s
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 21s format
-
get_formatted_operands
()¶
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction21t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 21t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction22b
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22b format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction22c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction22cs
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22cs format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction22s
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22s format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction22t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction22x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 22x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction23x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 23x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction30t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 30t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction31c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 31c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_raw_string
()¶
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
get_string
()¶ Return the string associated to the ‘kind’ argument
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction31i
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 3li format
-
get_formatted_operands
()¶
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction31t
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 31t format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_off
()¶
-
-
class
androguard.core.bytecodes.dvm.
Instruction32x
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 32x format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction35c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 35c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction35mi
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 35mi format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction35ms
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 35ms format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction3rc
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 3rc format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction3rmi
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 3rmi format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction3rms
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 3rms format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction40sc
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 40sc format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction41c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 41c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction51l
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 51l format
-
get_formatted_operands
()¶
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_literals
()¶ Return the associated literals
Return type: list of int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
Instruction52c
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 52c format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
Instruction5rc
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents all instructions which have the 5rc format
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
get_ref_kind
()¶ Return the value of the ‘kind’ argument
Return type: value
-
-
class
androguard.core.bytecodes.dvm.
InstructionInvalid
(cm, buff)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
This class represents an invalid instruction
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
exception
androguard.core.bytecodes.dvm.
InvalidInstruction
¶
-
class
androguard.core.bytecodes.dvm.
LinearSweepAlgorithm
¶ Bases:
object
This class is used to disassemble a method. The algorithm used by this class is linear sweep.
-
get_instructions
(cm, size, insn, idx)¶ Parameters: - cm (
ClassManager
object) – a ClassManager object - size (int) – the total size of the buffer
- insn (string) – a raw buffer where are the instructions
- idx (int) – a start address in the buffer
Return type: a generator of
Instruction
objects- cm (
-
-
class
androguard.core.bytecodes.dvm.
MapItem
(buff, cm)¶ Bases:
object
-
get_item
()¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_offset
()¶
-
get_raw
()¶
-
get_size
()¶
-
get_type
()¶
-
parse
()¶
-
reload
()¶
-
set_item
(item)¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
MapList
(cm, off, buff)¶ Bases:
object
This class can parse the “map_list” of the dex format
https://source.android.com/devices/tech/dalvik/dex-format#map-list
-
get_class_manager
()¶
-
get_item_type
(ttype)¶ Get a particular item type
Parameters: ttype – a string which represents the desired type Return type: None or the item object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶ Print with a pretty display the MapList object
-
-
class
androguard.core.bytecodes.dvm.
MethodAnnotation
(buff, cm)¶ Bases:
object
This class can parse a method_annotation of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the method_annotation
- cm (
ClassManager
) – a ClassManager object
-
get_annotations_off
()¶ Return the offset from the start of the file to the list of annotations for the method
Return type: int
-
get_length
()¶
-
get_method_idx
()¶ Return the index into the method_ids list for the identity of the method being annotated
Return type: int
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
MethodHIdItem
(size, buff, cm)¶ Bases:
object
This class can parse a list of method_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the list of method_id_item
- cm (
ClassManager
) – a ClassManager object
-
get
(idx)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
MethodIdItem
(buff, cm)¶ Bases:
object
This class can parse a method_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the method_id_item
- cm (
ClassManager
) – a ClassManager object
-
get_class_idx
()¶ Return the index into the type_ids list for the definer of this method
Return type: int
-
get_class_name
()¶ Return the class name of the method
Return type: string
-
get_descriptor
()¶ Return the descriptor
Return type: string
-
get_length
()¶
-
get_list
()¶
-
get_name
()¶ Return the name of the method
Return type: string
-
get_name_idx
()¶ Return the index into the string_ids list for the name of this method
Return type: int
-
get_obj
()¶
-
get_proto
()¶ Return the prototype of the method
Return type: string
-
get_proto_idx
()¶ Return the index into the proto_ids list for the prototype of this method
Return type: int
-
get_raw
()¶
-
get_real_descriptor
()¶ Return the real descriptor (i.e. without extra spaces)
Return type: string
-
get_triple
()¶
-
reload
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
MethodIdItemInvalid
¶ Bases:
object
-
get_class_name
()¶
-
get_descriptor
()¶
-
get_list
()¶
-
get_name
()¶
-
get_proto
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
OdexDependencies
(buff)¶ Bases:
object
This class can parse the odex dependencies
Parameters: buff – a Buff object string which represents the odex dependencies -
get_dependencies
()¶ Return the list of dependencies
Return type: a list of strings
-
get_raw
()¶
-
-
class
androguard.core.bytecodes.dvm.
OdexHeaderItem
(buff)¶ Bases:
object
This class can parse the odex header
Parameters: buff – a Buff object string which represents the odex dependencies -
get_raw
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
OffObj
(o)¶ Bases:
object
-
class
androguard.core.bytecodes.dvm.
PackedSwitch
(buff)¶ Bases:
object
This class can parse a PackedSwitch instruction
Parameters: buff – a Buff object which represents a buffer where the instruction is stored -
add_note
(msg)¶ Add a note to this instruction
Parameters: msg (objects (string)) – the message
-
get_formatted_operands
()¶
-
get_hex
()¶
-
get_keys
()¶ Return the keys of the instruction
Return type: a list of long
-
get_length
()¶
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_notes
()¶ Get all notes from this instruction
Return type: a list of objects
-
get_op_value
()¶ Get the value of the opcode
Return type: int
-
get_operands
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_output
(idx=-1)¶ Return an additional output of the instruction
rtype: string
-
get_raw
()¶
-
get_targets
()¶ Return the targets (address) of the instruction
Return type: a list of long
-
get_values
()¶
-
show
(pos)¶ Print the instruction
-
show_buff
(pos)¶ Return the display of the instruction
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
ParameterAnnotation
(buff, cm)¶ Bases:
object
This class can parse a parameter_annotation of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the parameter_annotation
- cm (
ClassManager
) – a ClassManager object
-
get_annotations_off
()¶ Return the offset from the start of the file to the list of annotations for the method parameters
Return type: int
-
get_length
()¶
-
get_method_idx
()¶ Return the index into the method_ids list for the identity of the method whose parameters are being annotated
Return type: int
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ProtoHIdItem
(size, buff, cm)¶ Bases:
object
This class can parse a list of proto_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the list of proto_id_item
- cm (
ClassManager
) – a ClassManager object
-
get
(idx)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ProtoIdItem
(buff, cm)¶ Bases:
object
This class can parse a proto_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the proto_id_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_parameters_off
()¶ Return the offset from the start of the file to the list of parameter types for this prototype, or 0 if this prototype has no parameters
Return type: int
-
get_parameters_off_value
()¶ Return the string associated to the parameters_off
Return type: string
-
get_raw
()¶
-
get_return_type_idx
()¶ Return the index into the type_ids list for the return type of this prototype
Return type: int
-
get_return_type_idx_value
()¶ Return the string associated to the return_type_idx
Return type: string
-
get_shorty_idx
()¶ Return the index into the string_ids list for the short-form descriptor string of this prototype
Return type: int
-
get_shorty_idx_value
()¶ Return the string associated to the shorty_idx
Return type: string
-
reload
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
ProtoIdItemInvalid
¶ Bases:
object
-
get_params
()¶
-
get_return_type
()¶
-
get_shorty
()¶
-
show
()¶
-
-
class
androguard.core.bytecodes.dvm.
SparseSwitch
(buff)¶ Bases:
object
This class can parse a SparseSwitch instruction
Parameters: buff – a Buff object which represents a buffer where the instruction is stored -
add_note
(msg)¶ Add a note to this instruction
Parameters: msg (objects (string)) – the message
-
get_formatted_operands
()¶
-
get_hex
()¶
-
get_keys
()¶ Return the keys of the instruction
Return type: a list of long
-
get_length
()¶
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_notes
()¶ Get all notes from this instruction
Return type: a list of objects
-
get_op_value
()¶ Get the value of the opcode
Return type: int
-
get_operands
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶
-
get_targets
()¶ Return the targets (address) of the instruction
Return type: a list of long
-
get_values
()¶
-
show
(pos)¶ Print the instruction
-
show_buff
(pos)¶ Return the display of the instruction
Return type: string
-
-
class
androguard.core.bytecodes.dvm.
StringDataItem
(buff, cm)¶ Bases:
object
This class can parse a string_data_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the string_data_item
- cm (
ClassManager
) – a ClassManager object
-
get
()¶ Returns a printable string. In this case, all lonely surrogates are escaped, thus are represented in the string as 6 characters: ud853 Valid surrogates are encoded as 32bit values, ie. 𤽜.
-
get_data
()¶ Return a series of MUTF-8 code units (a.k.a. octets, a.k.a. bytes) followed by a byte of value 0
Return type: string
-
get_length
()¶ Get the length of the raw string including the ULEB128 coded length and the null byte terminator
Returns: int
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶ Returns the raw string including the ULEB128 coded length and null byte string terminator
Returns: bytes
-
get_unicode
()¶ Returns an Unicode String This is the actual string. Beware that some strings might be not decodeable with usual UTF-16 decoder, as they use surrogates that are not supported by python.
-
get_utf16_size
()¶ Return the size of this string, in UTF-16 code units
:rtype:int
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
StringIdItem
(buff, cm)¶ Bases:
object
This class can parse a string_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the string_id_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_string_data_off
()¶ Return the offset from the start of the file to the string data for this item
Return type: int
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
TryItem
(buff, cm)¶ Bases:
object
This class represents the try_item format
Parameters: - buff (string) – a raw buffer where are the try_item format
- cm (
ClassManager
object) – the ClassManager
-
get_handler_off
()¶ Get the offset in bytes from the start of the associated
EncodedCatchHandlerList
to theEncodedCatchHandler
for this entry.Return type: int
-
get_insn_count
()¶ Get the number of 16-bit code units covered by this entry
Return type: int
-
get_length
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_start_addr
()¶ Get the start address of the block of code covered by this entry. The address is a count of 16-bit code units to the start of the first covered instruction.
Return type: int
-
set_off
(off)¶
-
class
androguard.core.bytecodes.dvm.
TypeHIdItem
(size, buff, cm)¶ Bases:
object
This class can parse a list of type_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the list of type_id_item
- cm (
ClassManager
) – a ClassManager object
-
get
(idx)¶
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_raw
()¶
-
get_type
()¶ Return the list of type_id_item
Return type: a list of TypeIdItem
objects
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
TypeIdItem
(buff, cm)¶ Bases:
object
This class can parse a type_id_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the type_id_item
- cm (
ClassManager
) – a ClassManager object
-
get_descriptor_idx
()¶ Return the index into the string_ids list for the descriptor string of this type
Return type: int
-
get_descriptor_idx_value
()¶ Return the string associated to the descriptor
Return type: string
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
reload
()¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
TypeItem
(buff, cm)¶ Bases:
object
This class can parse a type_item of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the type_item
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_raw
()¶
-
get_string
()¶ Return the type string
Return type: string
-
get_type_idx
()¶ Return the index into the type_ids list
Return type: int
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
TypeList
(buff, cm)¶ Bases:
object
This class can parse a type_list of a dex file
Parameters: - buff (Buff object) – a string which represents a Buff object of the type_list
- cm (
ClassManager
) – a ClassManager object
-
get_length
()¶
-
get_obj
()¶
-
get_off
()¶
-
get_pad
()¶ Return the alignment string
Return type: string
-
get_raw
()¶
-
get_size
()¶ Return the size of the list, in entries
Return type: int
-
get_string
()¶ Return the concatenation of all strings
Return type: string
-
get_type_list_off
()¶ Return the offset of the item
Return type: int
-
reload
()¶
-
set_off
(off)¶
-
show
()¶
-
class
androguard.core.bytecodes.dvm.
Unresolved
(cm, data)¶ Bases:
androguard.core.bytecodes.dvm.Instruction
-
get_length
()¶ Return the length of the instruction
Return type: int
-
get_name
()¶ Return the name of the instruction
Return type: string
-
get_op_value
()¶ Return the value of the opcode
Return type: int
-
get_operands
(idx=-1)¶ Return all operands
Return type: list
-
get_output
(idx=-1)¶ Return an additional output of the instruction
Return type: string
-
get_raw
()¶ Return the object in a raw format
Return type: string
-
-
androguard.core.bytecodes.dvm.
clean_name_instruction
(instruction)¶
-
androguard.core.bytecodes.dvm.
determineException
(vm, m)¶
-
androguard.core.bytecodes.dvm.
determineNext
(i, end, m)¶
-
androguard.core.bytecodes.dvm.
get_access_flags_string
(value)¶ Transform an access flag field to the corresponding string
Parameters: value (int) – the value of the access flags Return type: string
-
androguard.core.bytecodes.dvm.
get_byte
(buff)¶
-
androguard.core.bytecodes.dvm.
get_bytecodes_method
(dex_object, ana_object, method)¶
-
androguard.core.bytecodes.dvm.
get_bytecodes_methodx
(method, mx)¶
-
androguard.core.bytecodes.dvm.
get_extented_instruction
(cm, op_value, buff)¶
-
androguard.core.bytecodes.dvm.
get_instruction
(cm, op_value, buff, odex=False)¶
-
androguard.core.bytecodes.dvm.
get_instruction_payload
(op_value, buff)¶
-
androguard.core.bytecodes.dvm.
get_kind
(cm, kind, value)¶ Return the value of the ‘kind’ argument
Parameters: - cm (
ClassManager
) – a ClassManager object - kind (int) – the type of the ‘kind’ argument
- value (int) – the value of the ‘kind’ argument
Return type: string
- cm (
-
androguard.core.bytecodes.dvm.
get_optimized_instruction
(cm, op_value, buff)¶
-
androguard.core.bytecodes.dvm.
get_params_info
(nb, proto)¶
-
androguard.core.bytecodes.dvm.
get_sbyte
(buff)¶
-
androguard.core.bytecodes.dvm.
get_type
(atype, size=None)¶ Retrieve the type of a descriptor (e.g : I)
-
androguard.core.bytecodes.dvm.
read_null_terminated_string
(f)¶ Read a null terminated string from a file-like object.
Parameters: f – file-like object Return type: bytearray
-
androguard.core.bytecodes.dvm.
readsleb128
(buff)¶
-
androguard.core.bytecodes.dvm.
readuleb128
(buff)¶
-
androguard.core.bytecodes.dvm.
readuleb128p1
(buff)¶
-
androguard.core.bytecodes.dvm.
readusleb128
(buff)¶
-
androguard.core.bytecodes.dvm.
static_operand_instruction
(instruction)¶
-
androguard.core.bytecodes.dvm.
writesleb128
(value)¶
-
androguard.core.bytecodes.dvm.
writeuleb128
(value)¶
androguard.core.bytecodes.axml module¶
-
class
androguard.core.bytecodes.axml.
ARSCComplex
(buff, parent=None)¶ Bases:
object
-
class
androguard.core.bytecodes.axml.
ARSCParser
(raw_buff)¶ Bases:
object
Parser for resource.arsc files
-
class
ResourceResolver
(android_resources, config=None)¶ Bases:
object
-
put_ate_value
(result, ate, config)¶
-
put_item_value
(result, item, config, complex_)¶
-
resolve
(res_id)¶
-
-
get_bool_resources
(package_name, locale='\x00\x00')¶
-
get_color_resources
(package_name, locale='\x00\x00')¶
-
get_dimen_resources
(package_name, locale='\x00\x00')¶
-
get_id
(package_name, rid, locale='\x00\x00')¶
-
get_id_resources
(package_name, locale='\x00\x00')¶
-
get_integer_resources
(package_name, locale='\x00\x00')¶
-
get_items
(package_name)¶
-
get_locales
(package_name)¶
-
get_packages_names
()¶
-
get_public_resources
(package_name, locale='\x00\x00')¶
-
get_res_configs
(rid, config=None)¶
-
get_res_id_by_key
(package_name, resource_type, key)¶
-
get_resolved_res_configs
(rid, config=None)¶
-
get_resolved_strings
()¶
-
get_resource_bool
(ate)¶
-
get_resource_color
(ate)¶
-
get_resource_dimen
(ate)¶
-
get_resource_id
(ate)¶
-
get_resource_integer
(ate)¶
-
get_resource_string
(ate)¶
-
get_resource_style
(ate)¶
-
get_string
(package_name, name, locale='\x00\x00')¶
-
get_string_resources
(package_name, locale='\x00\x00')¶
-
get_strings_resources
()¶
-
get_type_configs
(package_name, type_name=None)¶
-
get_types
(package_name, locale)¶
-
class
-
class
androguard.core.bytecodes.axml.
ARSCResStringPoolRef
(buff, parent=None)¶ Bases:
object
-
format_value
()¶
-
get_data
()¶
-
get_data_type
()¶
-
get_data_type_string
()¶
-
get_data_value
()¶
-
is_reference
()¶
-
-
class
androguard.core.bytecodes.axml.
ARSCResTableConfig
(buff=None, **kwargs)¶ Bases:
object
-
classmethod
default_config
()¶
-
get_country
()¶
-
get_density
()¶
-
get_language
()¶
-
classmethod
-
class
androguard.core.bytecodes.axml.
ARSCResTableEntry
(buff, mResId, parent=None)¶ Bases:
object
-
FLAG_COMPLEX
= 1¶
-
FLAG_PUBLIC
= 2¶
-
FLAG_WEAK
= 4¶
-
get_index
()¶
-
get_key_data
()¶
-
get_value
()¶
-
is_complex
()¶
-
is_public
()¶
-
is_weak
()¶
-
-
class
androguard.core.bytecodes.axml.
ARSCResType
(buff, parent=None)¶ Bases:
object
-
get_package_name
()¶
-
get_type
()¶
-
-
class
androguard.core.bytecodes.axml.
ARSCResTypeSpec
(buff, parent=None)¶ Bases:
object
-
class
androguard.core.bytecodes.axml.
AXMLParser
(raw_buff)¶ Bases:
object
-
doNext
()¶
-
getAttributeCount
()¶
-
getAttributeName
(index)¶
-
getAttributeOffset
(index)¶
-
getAttributePrefix
(index)¶
-
getAttributeValue
(index)¶ This function is only used to look up strings All other work is made by format_value # FIXME should unite those functions :param index: :return:
-
getAttributeValueData
(index)¶
-
getAttributeValueType
(index)¶
-
getName
()¶
-
getNamespaceCount
(pos)¶
-
getNamespacePrefix
(pos)¶
-
getNamespaceUri
(pos)¶
-
getPrefix
()¶
-
getPrefixByUri
(uri)¶
-
getText
()¶
-
getXMLNS
()¶
-
is_valid
()¶
-
reset
()¶
-
-
class
androguard.core.bytecodes.axml.
AXMLPrinter
(raw_buff)¶ Bases:
object
Converter for AXML Files into a XML string
-
getAttributeValue
(index)¶ Wrapper function for format_value to resolve the actual value of an attribute in a tag :param index: :return:
-
getPrefix
(prefix)¶
-
get_buff
()¶
-
get_xml
()¶
-
get_xml_obj
()¶
-
is_packed
()¶ Return True if we believe that the AXML file is packed If it is, we can not be sure that the AXML file can be read by a XML Parser
Returns: boolean
-
-
class
androguard.core.bytecodes.axml.
PackageContext
(current_package, stringpool_main, mTableStrings, mKeyStrings)¶ Bases:
object
-
get_mResId
()¶
-
get_package_name
()¶
-
set_mResId
(mResId)¶
-
-
class
androguard.core.bytecodes.axml.
StringBlock
(buff, header)¶ Bases:
object
StringBlock is a CHUNK inside an AXML File It contains all strings, which are used by referecing to ID’s
TODO might migrate this block into the ARSCParser, as it it not a “special” block but a normal tag.
-
decode16
(offset)¶
-
decode8
(offset)¶
-
decodeLength
(offset, sizeof_char)¶
-
decode_bytes
(data, encoding, str_len)¶
-
getString
(idx)¶
-
getStyle
(idx)¶
-
show
()¶
-
-
androguard.core.bytecodes.axml.
complexToFloat
(xcomplex)¶
-
androguard.core.bytecodes.axml.
format_value
(_type, _data, lookup_string=<function <lambda>>)¶
-
androguard.core.bytecodes.axml.
getPackage
(i)¶
-
androguard.core.bytecodes.axml.
get_arsc_info
(arscobj)¶
-
androguard.core.bytecodes.axml.
long2int
(l)¶
-
androguard.core.bytecodes.axml.
long2str
(l)¶ Convert an integer to a string.
-
androguard.core.bytecodes.axml.
str2long
(s)¶ Convert a string to a long integer.
androguard.core.bytecodes.mutf8 module¶
-
class
androguard.core.bytecodes.mutf8.
PeekIterator
(s)¶ Bases:
object
A quick’n’dirty variant of an Iterator that has a special function peek, which will return the next object but not consume it.
-
idx
= 0¶
-
next
()¶
-
peek
()¶
-
-
androguard.core.bytecodes.mutf8.
decode
(b)¶ Decode bytes as MUTF-8 See https://docs.oracle.com/javase/6/docs/api/java/io/DataInput.html#modified-utf-8 for more information
Surrogates will be returned as two 16 bit characters.
Parameters: b – bytes to decode Return type: unicode (py2), str (py3) of 16bit chars
-
androguard.core.bytecodes.mutf8.
patch_string
(s)¶ Reorganize a String in such a way that surrogates are printable and lonely surrogates are escaped.
Parameters: s – input string Returns: string with escaped lonely surrogates and 32bit surrogates