本文整理汇总了Python中androguard.core.bytecodes.dvm.DalvikVMFormat方法的典型用法代码示例。如果您正苦于以下问题:Python dvm.DalvikVMFormat方法的具体用法?Python dvm.DalvikVMFormat怎么用?Python dvm.DalvikVMFormat使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类androguard.core.bytecodes.dvm的用法示例。
在下文中一共展示了dvm.DalvikVMFormat方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: AnalyzeDex
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def AnalyzeDex(filename, session=None):
"""
Analyze an android dex file and setup all stuff for a more quickly analysis !
:param filename: the filename of the android dex file or a buffer which represents the dex file
:type filename: string
:param session: A session (Default None)
:rtype: return a tuple of (sha256hash, :class:`DalvikVMFormat`, :class:`Analysis`)
"""
log.debug("AnalyzeDex")
if not session:
session = get_default_session()
with open(filename, "rb") as fd:
data = fd.read()
return session.addDEX(filename, data) 示例2: androdis_main
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def androdis_main(offset, size, dex):
from androguard.core.bytecodes import dvm
with open(dex, "rb") as fp:
buf = fp.read()
d = dvm.DalvikVMFormat(buf)
if size == 0:
size = len(buf)
if d:
idx = offset
for nb, i in enumerate(d.disassemble(offset, size)):
print("%-8d(%08x)" % (nb, idx), end=' ')
i.show(idx)
print()
idx += i.get_length()
else:
print("Dex could not be loaded!", file=sys.stderr) 示例3: __init__
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def __init__(self, name):
"""
:param name: filename to load
"""
self.vma = analysis.Analysis()
# Proper detection which supports multidex inside APK
ftype = androconf.is_android(name)
if ftype == 'APK':
for d in apk.APK(name).get_all_dex():
self.vma.add(dvm.DalvikVMFormat(d))
elif ftype == 'DEX':
self.vma.add(dvm.DalvikVMFormat(read(name)))
elif ftype == 'DEY':
self.vma.add(dvm.DalvikOdexVMFormat(read(name)))
else:
raise ValueError("Format not recognised for filename '%s'" % name)
self.classes = dict((dvclass.orig_class.get_name(), dvclass.orig_class) for dvclass in self.vma.get_classes())
# TODO why not?
# util.merge_inner(self.classes) 示例4: __init__
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def __init__(self, vm, method):
"""
This class analyses in details a method of a class/dex file
It is a wrapper around a :class:`EncodedMethod` and enhances it
by using multiple :class:`BasicBlock`.
:type vm: a :class:`DalvikVMFormat` object
:type method: a :class:`EncodedMethod` object
"""
self.__vm = vm
self.method = method
self.basic_blocks = BasicBlocks(self.__vm)
self.exceptions = Exceptions(self.__vm)
self.code = self.method.get_code()
if self.code:
self._create_basic_block() 示例5: _analyze
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def _analyze(self):
for i in self.__files:
ret_type = androconf.is_android( i )
if ret_type == "APK":
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
elif ret_type == "DEX":
bc = dvm.DalvikVMFormat( read(i) )
elif ret_type == "DEY":
bc = dvm.DalvikOdexVMFormat( read(i) )
elif ret_type == "ELF":
from androguard.core.binaries import elf
bc = elf.ELF( read(i) )
else:
raise( "Unknown format" )
self.__bc.append( (i, BC( bc )) ) 示例6: main
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def main(options, arguments):
if options.input != None and options.database != None:
ret_type = androconf.is_android( options.input )
if ret_type == "APK":
a = apk.APK( options.input )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input) )
dx1 = analysis.VMAnalysis( d1 )
check_one_file(d1, dx1)
elif options.directory != None and options.database != None:
check_one_directory( options.directory )
elif options.database != None and options.listdatabase != None:
db = DBFormat( options.database )
db.show()
elif options.version != None:
print "Androappindb version %s" % androconf.ANDROGUARD_VERSION 示例7: main
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def main(options, arguments):
if options.input != None and options.output != None and options.name != None and options.subname != None:
edi = ElsimDBIn( options.output )
ret_type = androconf.is_android( options.input )
if ret_type == "APK":
a = apk.APK( options.input )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input) )
dx1 = analysis.VMAnalysis( d1 )
regexp_pattern = None
regexp_exclude_pattern = None
edi.add( d1, dx1, options.name, options.sname, regexp_pattern, regexp_exclude_pattern)
edi.save()
elif options.version != None:
print "Androapptodb version %s" % androconf.ANDROGUARD_VERSION 示例8: testDex
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def testDex(self):
with open("examples/android/TestsAndroguard/bin/classes.dex",
"r") as fd:
d = dvm.DalvikVMFormat(fd.read())
self.assertTrue(d)
classes = d.get_classes()
self.assertTrue(classes)
self.assertEqual(len(classes), 340)
methods = d.get_methods()
self.assertTrue(methods)
self.assertEqual(len(methods), 2600)
fields = d.get_fields()
self.assertTrue(fields)
self.assertEqual(len(fields), 803) 示例9: RunDecompiler
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def RunDecompiler(d, dx, decompiler_name):
"""
Run the decompiler on a specific analysis
:param d: the DalvikVMFormat object
:type d: :class:`DalvikVMFormat` object
:param dx: the analysis of the format
:type dx: :class:`VMAnalysis` object
:param decompiler: the type of decompiler to use ("dad", "dex2jad", "ded")
:type decompiler: string
"""
if decompiler_name is not None:
log.debug("Decompiler ...")
decompiler_name = decompiler_name.lower()
# TODO put this into the configuration object and make it more dynamic
# e.g. detect new decompilers and so on...
if decompiler_name == "dex2jad":
d.set_decompiler(decompiler.DecompilerDex2Jad(
d,
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "dex2fernflower":
d.set_decompiler(decompiler.DecompilerDex2Fernflower(
d,
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["BIN_FERNFLOWER"],
androconf.CONF["OPTIONS_FERNFLOWER"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "ded":
d.set_decompiler(decompiler.DecompilerDed(
d,
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "jadx":
d.set_decompiler(decompiler.DecompilerJADX(d, dx, jadx=androconf.CONF["BIN_JADX"]))
else:
d.set_decompiler(decompiler.DecompilerDAD(d, dx)) 示例10: _setup_objects
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def _setup_objects(self):
self.analyzed_files = collections.defaultdict(list)
self.analyzed_digest = dict()
self.analyzed_apk = dict()
# Stores Analysis Objects
# needs to be ordered to return the outermost element when searching for
# classes
self.analyzed_vms = collections.OrderedDict()
# Dict of digest and DalvikVMFormat/DalvikOdexFormat
# Actually not needed, as we have Analysis objects which store the DEX
# files as well, but we do not remove it here for legacy reasons
self.analyzed_dex = dict() 示例11: addDEX
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def addDEX(self, filename, data, dx=None):
"""
Add a DEX file to the Session and run analysis.
:param filename: the (file)name of the DEX file
:param data: binary data of the dex file
:param dx: an existing Analysis Object (optional)
:return: A tuple of SHA256 Hash, DalvikVMFormat Object and Analysis object
"""
digest = hashlib.sha256(data).hexdigest()
log.debug("add DEX:%s" % digest)
log.debug("Parsing format ...")
d = DalvikVMFormat(data)
log.debug("added DEX:%s" % digest)
self.analyzed_files[filename].append(digest)
self.analyzed_digest[digest] = filename
self.analyzed_dex[digest] = d
if dx is None:
dx = Analysis()
dx.add(d)
dx.create_xref()
# TODO: If multidex: this will called many times per dex, even if already set
for d in dx.vms:
# TODO: allow different decompiler here!
d.set_decompiler(DecompilerDAD(d, dx))
d.set_vmanalysis(dx)
self.analyzed_vms[digest] = dx
if self.export_ipython:
log.debug("Exporting in ipython")
d.create_python_export()
return digest, d, dx 示例12: get_objects_apk
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def get_objects_apk(self, filename=None, digest=None):
"""
Returns APK, DalvikVMFormat and Analysis of a specified APK.
You must specify either `filename` or `digest`.
It is possible to use both, but in this case only `digest` is used.
example::
s = Session()
digest = s.add("some.apk")
a, d, dx = s.get_objects_apk(digest=digest)
example::
s = Session()
filename = "some.apk"
digest = s.add(filename)
a, d, dx = s.get_objects_apk(filename=filename)
:param filename: the filename of the APK file, only used of digest is None
:param digest: the sha256 hash, as returned by :meth:`add` for the APK
:returns: a tuple of (APK, [DalvikVMFormat], Analysis)
"""
if not filename and not digest:
raise ValueError("Must give at least filename or digest!")
if digest is None:
digests = self.analyzed_files.get(filename)
# Negate to reduce tree
if not digests:
return None, None, None
digest = digests[0]
a = self.analyzed_apk[digest][0]
dx = self.analyzed_vms[digest]
return a, dx.vms, dx 示例13: get_objects_dex
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def get_objects_dex(self):
"""
Yields all dex objects inclduing their Analysis objects
:returns: tuple of (sha256, DalvikVMFormat, Analysis)
"""
# TODO: there is no variant like get_objects_apk
for digest, d in self.analyzed_dex.items():
yield digest, d, self.analyzed_vms[digest] 示例14: add
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def add(self, vm):
"""
Add a DalvikVMFormat to this Analysis
:param vm: :class:`dvm.DalvikVMFormat` to add to this Analysis
"""
self.vms.append(vm)
for current_class in vm.get_classes():
self.classes[current_class.get_name()] = ClassAnalysis(current_class)
for method in vm.get_methods():
self.methods[method] = MethodAnalysis(vm, method) 示例15: get_internal_classes
# 需要导入模块: from androguard.core.bytecodes import dvm [as 别名]
# 或者: from androguard.core.bytecodes.dvm import DalvikVMFormat [as 别名]
def get_internal_classes(self):
"""
Returns all external classes, that means all classes that are
defined in the given set of :class:`~DalvikVMFormat`.
:rtype: generator of :class:`~ClassAnalysis`
"""
for cls in self.classes.values():
if not cls.is_external():
yield cls