This repository has been archived by the owner on Mar 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathdex_bytecode.cc
executable file
·309 lines (285 loc) · 9.73 KB
/
dex_bytecode.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "slicer/dex_bytecode.h"
#include "slicer/common.h"
#include <assert.h>
#include <array>
namespace dex {
Opcode OpcodeFromBytecode(u2 bytecode) {
Opcode opcode = Opcode(bytecode & 0xff);
return opcode;
}
// Table that maps each opcode to the index type implied by that opcode
static constexpr std::array<InstructionDescriptor, kNumPackedOpcodes>
gInstructionDescriptors = {{
#define INSTRUCTION_DESCR(o, c, p, format, index, flags, e, vflags) \
{ \
vflags, \
format, \
index, \
flags, \
},
#include "slicer/dex_instruction_list.h"
DEX_INSTRUCTION_LIST(INSTRUCTION_DESCR)
#undef DEX_INSTRUCTION_LIST
#undef INSTRUCTION_DESCR
}};
InstructionIndexType GetIndexTypeFromOpcode(Opcode opcode) {
return gInstructionDescriptors[opcode].index_type;
}
InstructionFormat GetFormatFromOpcode(Opcode opcode) {
return gInstructionDescriptors[opcode].format;
}
OpcodeFlags GetFlagsFromOpcode(Opcode opcode) {
return gInstructionDescriptors[opcode].flags;
}
VerifyFlags GetVerifyFlagsFromOpcode(Opcode opcode) {
return gInstructionDescriptors[opcode].verify_flags;
}
size_t GetWidthFromFormat(InstructionFormat format) {
switch (format) {
case k10x:
case k12x:
case k11n:
case k11x:
case k10t:
return 1;
case k20t:
case k20bc:
case k21c:
case k22x:
case k21s:
case k21t:
case k21h:
case k23x:
case k22b:
case k22s:
case k22t:
case k22c:
case k22cs:
return 2;
case k30t:
case k31t:
case k31c:
case k32x:
case k31i:
case k35c:
case k35ms:
case k35mi:
case k3rc:
case k3rms:
case k3rmi:
return 3;
case k45cc:
case k4rcc:
return 4;
case k51l:
return 5;
}
}
size_t GetWidthFromBytecode(const u2* bytecode) {
size_t width = 0;
if (*bytecode == kPackedSwitchSignature) {
width = 4 + bytecode[1] * 2;
} else if (*bytecode == kSparseSwitchSignature) {
width = 2 + bytecode[1] * 4;
} else if (*bytecode == kArrayDataSignature) {
u2 elemWidth = bytecode[1];
u4 len = bytecode[2] | (((u4)bytecode[3]) << 16);
// The plus 1 is to round up for odd size and width.
width = 4 + (elemWidth * len + 1) / 2;
} else {
width = GetWidthFromFormat(
GetFormatFromOpcode(OpcodeFromBytecode(bytecode[0])));
}
return width;
}
// Dalvik opcode names.
static constexpr std::array<const char*, kNumPackedOpcodes> gOpcodeNames = {
#define INSTRUCTION_NAME(o, c, pname, f, i, a, e, v) pname,
#include "slicer/dex_instruction_list.h"
DEX_INSTRUCTION_LIST(INSTRUCTION_NAME)
#undef DEX_INSTRUCTION_LIST
#undef INSTRUCTION_NAME
};
const char* GetOpcodeName(Opcode opcode) { return gOpcodeNames[opcode]; }
// Helpers for DecodeInstruction()
static u4 InstA(u2 inst) { return (inst >> 8) & 0x0f; }
static u4 InstB(u2 inst) { return inst >> 12; }
static u4 InstAA(u2 inst) { return inst >> 8; }
// Helper for DecodeInstruction()
static u4 FetchU4(const u2* ptr) { return ptr[0] | (u4(ptr[1]) << 16); }
// Helper for DecodeInstruction()
static u8 FetchU8(const u2* ptr) {
return FetchU4(ptr) | (u8(FetchU4(ptr + 2)) << 32);
}
// Decode a Dalvik bytecode and extract the individual fields
Instruction DecodeInstruction(const u2* bytecode) {
u2 inst = bytecode[0];
Opcode opcode = OpcodeFromBytecode(inst);
InstructionFormat format = GetFormatFromOpcode(opcode);
Instruction dec = {};
dec.opcode = opcode;
switch (format) {
case k10x: // op
return dec;
case k12x: // op vA, vB
dec.vA = InstA(inst);
dec.vB = InstB(inst);
return dec;
case k11n: // op vA, #+B
dec.vA = InstA(inst);
dec.vB = s4(InstB(inst) << 28) >> 28; // sign extend 4-bit value
return dec;
case k11x: // op vAA
dec.vA = InstAA(inst);
return dec;
case k10t: // op +AA
dec.vA = s1(InstAA(inst)); // sign-extend 8-bit value
return dec;
case k20t: // op +AAAA
dec.vA = s2(bytecode[1]); // sign-extend 16-bit value
return dec;
case k20bc: // [opt] op AA, thing@BBBB
case k21c: // op vAA, thing@BBBB
case k22x: // op vAA, vBBBB
dec.vA = InstAA(inst);
dec.vB = bytecode[1];
return dec;
case k21s: // op vAA, #+BBBB
case k21t: // op vAA, +BBBB
dec.vA = InstAA(inst);
dec.vB = s2(bytecode[1]); // sign-extend 16-bit value
return dec;
case k21h: // op vAA, #+BBBB0000[00000000]
dec.vA = InstAA(inst);
// The value should be treated as right-zero-extended, but we don't
// actually do that here. Among other things, we don't know if it's
// the top bits of a 32- or 64-bit value.
dec.vB = bytecode[1];
return dec;
case k23x: // op vAA, vBB, vCC
dec.vA = InstAA(inst);
dec.vB = bytecode[1] & 0xff;
dec.vC = bytecode[1] >> 8;
return dec;
case k22b: // op vAA, vBB, #+CC
dec.vA = InstAA(inst);
dec.vB = bytecode[1] & 0xff;
dec.vC = s1(bytecode[1] >> 8); // sign-extend 8-bit value
return dec;
case k22s: // op vA, vB, #+CCCC
case k22t: // op vA, vB, +CCCC
dec.vA = InstA(inst);
dec.vB = InstB(inst);
dec.vC = s2(bytecode[1]); // sign-extend 16-bit value
return dec;
case k22c: // op vA, vB, thing@CCCC
case k22cs: // [opt] op vA, vB, field offset CCCC
dec.vA = InstA(inst);
dec.vB = InstB(inst);
dec.vC = bytecode[1];
return dec;
case k30t: // op +AAAAAAAA
dec.vA = FetchU4(bytecode + 1);
return dec;
case k31t: // op vAA, +BBBBBBBB
case k31c: // op vAA, string@BBBBBBBB
dec.vA = InstAA(inst);
dec.vB = FetchU4(bytecode + 1);
return dec;
case k32x: // op vAAAA, vBBBB
dec.vA = bytecode[1];
dec.vB = bytecode[2];
return dec;
case k31i: // op vAA, #+BBBBBBBB
dec.vA = InstAA(inst);
dec.vB = FetchU4(bytecode + 1);
return dec;
case k35c: // op {vC, vD, vE, vF, vG}, thing@BBBB
case k35ms: // [opt] invoke-virtual+super
case k35mi: { // [opt] inline invoke
dec.vA = InstB(inst); // This is labeled A in the spec.
dec.vB = bytecode[1];
u2 regList = bytecode[2];
// Copy the argument registers into the arg[] array, and
// also copy the first argument (if any) into vC. (The
// Instruction structure doesn't have separate
// fields for {vD, vE, vF, vG}, so there's no need to make
// copies of those.) Note that cases 5..2 fall through.
switch (dec.vA) {
case 5:
// A fifth arg is verboten for inline invokes
SLICER_CHECK(format != k35mi);
// Per note at the top of this format decoder, the
// fifth argument comes from the A field in the
// instruction, but it's labeled G in the spec.
dec.arg[4] = InstA(inst);
FALLTHROUGH_INTENDED;
case 4:
dec.arg[3] = (regList >> 12) & 0x0f;
FALLTHROUGH_INTENDED;
case 3:
dec.arg[2] = (regList >> 8) & 0x0f;
FALLTHROUGH_INTENDED;
case 2:
dec.arg[1] = (regList >> 4) & 0x0f;
FALLTHROUGH_INTENDED;
case 1:
dec.vC = dec.arg[0] = regList & 0x0f;
FALLTHROUGH_INTENDED;
case 0:
// Valid, but no need to do anything
return dec;
}
}
SLICER_CHECK(!"Invalid arg count in 35c/35ms/35mi");
case k3rc: // op {vCCCC .. v(CCCC+AA-1)}, meth@BBBB
case k3rms: // [opt] invoke-virtual+super/range
case k3rmi: // [opt] execute-inline/range
dec.vA = InstAA(inst);
dec.vB = bytecode[1];
dec.vC = bytecode[2];
return dec;
case k45cc: {
// AG op BBBB FEDC HHHH
dec.vA = InstB(inst); // This is labelled A in the spec.
dec.vB = bytecode[1]; // vB meth@BBBB
u2 regList = bytecode[2];
dec.vC = regList & 0xf;
dec.arg[0] = (regList >> 4) & 0xf; // vD
dec.arg[1] = (regList >> 8) & 0xf; // vE
dec.arg[2] = (regList >> 12); // vF
dec.arg[3] = InstA(inst); // vG
dec.arg[4] = bytecode[3]; // vH proto@HHHH
}
return dec;
case k4rcc:
// AA op BBBB CCCC HHHH
dec.vA = InstAA(inst);
dec.vB = bytecode[1];
dec.vC = bytecode[2];
dec.arg[4] = bytecode[3]; // vH proto@HHHH
return dec;
case k51l: // op vAA, #+BBBBBBBBBBBBBBBB
dec.vA = InstAA(inst);
dec.vB_wide = FetchU8(bytecode + 1);
return dec;
}
SLICER_FATAL("Can't decode unexpected format 0x%02x (op=0x%02x)", format,
opcode);
}
} // namespace dex