0

There are some codes in dexdump located in file DexClass.c

DexClassData* dexReadAndVerifyClassData(const u1** pData, const u1* pLimit) {
......

size_t resultSize = sizeof(DexClassData) +
    (header.staticFieldsSize * sizeof(DexField)) +
    (header.instanceFieldsSize * sizeof(DexField)) +
    (header.directMethodsSize * sizeof(DexMethod)) +
    (header.virtualMethodsSize * sizeof(DexMethod));

DexClassData* result = malloc(resultSize);
u1* ptr = ((u1*) result) + sizeof(DexClassData);// I have problem here!

......

result->header = header;

if (header.staticFieldsSize != 0) {
    result->staticFields = (DexField*) ptr;
    ptr += header.staticFieldsSize * sizeof(DexField);
} else {
    result->staticFields = NULL;
}

The codes "u1* ptr = ((u1*)result) + sizeof(DexClassData); " is to make the pointer ptr point to staticField(I think that, but I'm not sure), but why sizeof(DexClassData)? I think it supposes to be sizeof(DexClassDataHeader). I don't figure it out. Can somebody tell me?

typedef struct DexClassDataHeader
{
    u4  staticFieldSize;
    u4  instanceFieldSize;
    u4  directMethodSize;
    u4  virtualMethodSize;
}DexClassDataHeader;

typedef struct DexClassData 
{
    DexClassDataHeader  header;
    DexField*   staticField;
    DexField*   instanceFiled;
    DexMethod*  directMethod;
    DexMethod*  vitualMethod;
}DexClassData;
zombie
  • 13
  • 1
  • 7
  • For another take on the same structure, see Dex.java. https://android.googlesource.com/platform/libcore/+/master/dex/src/main/java/com/android/dex/Dex.java – Jesse Wilson Nov 23 '15 at 04:29

2 Answers2

0

The method Reads, verifies, and returns the entire class_data_item and not just Header.

The class structures is pointed by classDataOff in the DexFile which holds the offset to Class Data Structure which in turn holds important data about Class.

Since the method you mentioned is to verify the class_data_item, the pointer will point to the type of Class Data which will point to very important information about the class such as where the code is found, and how much code is in the For this reason, the sizeof(DexClassData) is called to read through all the properties of class.

While DexClassDataHeader holds meta data about the class such as size, static fields, instance fields, direct methods and virtual methods but it does not point to where the actual code that belongs to class is

This might be a good reading article on the topic

Pavitra Kansara
  • 819
  • 8
  • 14
0

The point of the code is to create a single self-contained chunk that begins with a struct full of pointers. It would be more straightforward to do this as a series of allocations, beginning with a DexClassData, followed by a chunk for the static fields, and another for the instance fields, and so on; and then just set pointers to all the allocated chunks. This requires multiple allocations and multiple frees.

The dexReadAndVerifyClassData() serializes all of this into a single allocation. It begins by creating enough space to hold all of the data. Then it sets pointers for the various chunks in DexClassData, walking through the storage by advancing ptr. Then it reads data for each category in, and verifies it.

Note that ptr is not used to walk through *pData, but rather to walk through result. It's not used to parse the memory-mapped file, but rather to lay out the storage for the returned data.

When the function returns, you have all of the data, plus a convenient set of pointers in DexClassData, in a single allocated block.

fadden
  • 51,356
  • 5
  • 116
  • 166