odex文件格式浅析
写了个winhex数据模板:
template "odex"
description "android odex file format"
hexadecimal
begin
char[8] odex-magic
uint32 dexOffset
uint32 dexLength
uint32 depsOffset
uint32 depsLength
uint32 optOffset
uint32 optLength
uint32 flags
uint32 checksum
char[8] dex-magic
uint32 checksum
hex 20 signature
uint32 fileSize
uint32 headerSize
uint32 endianTag
uint32 linkSize
uint32 linkOff
uint32 mapOff
uint32 stringIdsSize
uint32 stringIdsOff
uint32 typeIdsSize
uint32 typeIdsOff
uint32 protoIdsSize
uint32 protoIdsOff
uint32 fieldIdsSize
uint32 fieldIdsOff
uint32 methodIdsSize
uint32 methodIdsOff
uint32 classDefsSize
uint32 classDefsOff
uint32 dataSize
uint32 dataOff
end
来分析实例:
TotalSize=0x9E8
DexOptHeader:
dexOffset=0x28
dexLength=0x538
depsOffset=0x560
depsLength=0x3E9
optOffset=0x950
optLength=0x98
00000000 64 65 79 0A 30 33 36 00 28 00 00 00 38 05 00 00 dey 036 ( 8
00000010 60 05 00 00 E9 03 00 00 50 09 00 00 98 00 00 00 ` é P ˜
00000020 00 00 00 00 C9 9F 73 6F
DexHeader:
fileSize=0x538
headerSize=0x70
stringIdsSize=0x1E
stringIdsOff=0x70
typeIdsSize=0x9
typeIdsOff=0xE8
protoIdsSize=0x5
protoIdsOff=0x10C
fieldIdsSize=0x2
fieldIdsOff=0x148
methodIdsSize=0x2
methodIdsOff=0x158
classDefsSize=0x2
classDefsOff=0x1A0
dataSize=0x358
dataOff=0x1E0
64 65 78 0A 30 33 35 00 ÉŸsodex 035
00000030 B6 D3 B0 B4 85 F5 40 A0 A3 B7 A5 BA 24 85 0E B6 ¶Ó°´…õ@ £·¥º$… ¶
00000040 1E A7 59 38 FC 43 15 BE 38 05 00 00 70 00 00 00 §Y8üC ¾8 p
00000050 78 56 34 12 00 00 00 00 00 00 00 00 8C 04 00 00 xV4 Œ
00000060 1E 00 00 00 70 00 00 00 09 00 00 00 E8 00 00 00 p è
00000070 05 00 00 00 0C 01 00 00 02 00 00 00 48 01 00 00 H
00000080 09 00 00 00 58 01 00 00 02 00 00 00 A0 01 00 00 X
00000090 58 03 00 00 E0 01 00 00
DexStringId[30]:
90 02 00 00 9A 02 00 00 X à š
000000A0 A2 02 00 00 BD 02 00 00 C0 02 00 00 C5 02 00 00 ¢ ½ À Å
000000B0 D9 02 00 00 FD 02 00 00 27 03 00 00 3B 03 00 00 Ù ý ' ;
000000C0 4F 03 00 00 63 03 00 00 7F 03 00 00 9A 03 00 00 O c š
000000D0 AC 03 00 00 BE 03 00 00 D1 03 00 00 E9 03 00 00 ¬ ¾ Ñ é
000000E0 EE 03 00 00 F1 03 00 00 F5 03 00 00 FA 03 00 00 î ñ õ ú
000000F0 FD 03 00 00 00 04 00 00 03 04 00 00 10 04 00 00 ý
00000100 18 04 00 00 20 04 00 00 32 04 00 00 3C 04 00 00 2 <
DexTypeId[9]:
00000110 03 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00
00000120 08 00 00 00 09 00 00 00 0A 00 00 00 12 00 00 00
00000130 15 00 00 00
DexProtoId[5]:
03 00 00 00 00 00 00 00 00 00 00 00
00000140 04 00 00 00 00 00 00 00 78 02 00 00 12 00 00 00 x
00000150 07 00 00 00 00 00 00 00 13 00 00 00 07 00 00 00
00000160 80 02 00 00 14 00 00 00 07 00 00 00 88 02 00 00 € ˆ
DexFieldId[2]:
00000170 02 00 05 00 11 00 00 00 03 00 05 00 11 00 00 00
DexMethodId[2]:
00000180 01 00 01 00 16 00 00 00 01 00 01 00 17 00 00 00
00000190 02 00 02 00 01 00 00 00 02 00 04 00 1B 00 00 00
000001A0 03 00 02 00 00 00 00 00 03 00 02 00 01 00 00 00
000001B0 03 00 00 00 1C 00 00 00 04 00 02 00 01 00 00 00
000001C0 06 00 03 00 18 00 00 00
DexClassDef[2]:
02 00 00 00 11 00 03 00
000001D0 04 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00
000001E0 63 04 00 00 5D 04 00 00 03 00 00 00 11 00 03 00 c ]
000001F0 04 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00
00000200 73 04 00 00 60 04 00 00
data:
01 00 01 00 01 00 00 00 s `
00000210 42 04 00 00 04 00 00 00 F0 01 07 00 00 00 0E 00 B ð
00000220 05 00 03 00 02 00 00 00 47 04 00 00 1D 00 00 00 G
00000230 1A 00 0D 00 1A 01 0C 00 71 20 01 00 10 00 71 00 q q
00000240 06 00 00 00 0A 00 38 00 0A 00 1A 00 0D 00 1A 01 8
00000250 02 00 71 20 00 00 10 00 0E 00 1A 00 0D 00 1A 01 q
00000260 0B 00 71 20 01 00 10 00 28 F8 00 00 01 00 00 00 q (ø
00000270 01 00 00 00 52 04 00 00 06 00 00 00 1A 00 0F 00 R
00000280 71 10 08 00 00 00 0E 00 01 00 01 00 01 00 00 00 q
00000290 58 04 00 00 04 00 00 00 F0 01 07 00 00 00 0E 00 X ð
000002A0 02 00 00 00 05 00 05 00 01 00 00 00 05 00 00 00
000002B0 02 00 00 00 08 00 05 00 08 3C 63 6C 69 6E 69 74 <clinit
000002C0 3E 00 06 3C 69 6E 69 74 3E 00 19 46 61 69 6C 65 > <init> Faile
000002D0 64 20 74 6F 20 73 68 75 74 64 6F 77 6E 20 6D 6F d to shutdown mo
000002E0 64 65 6D 2E 00 01 49 00 03 49 4C 4C 00 12 4C 61 dem. I ILL La
000002F0 6E 64 72 6F 69 64 2F 75 74 69 6C 2F 4C 6F 67 3B ndroid/util/Log;
00000300 00 22 4C 63 6F 6D 2F 71 74 69 2F 73 65 72 76 65 "Lcom/qti/serve
00000310 72 2F 70 6F 77 65 72 2F 53 68 75 74 64 6F 77 6E r/power/Shutdown
00000320 4F 65 6D 3B 00 28 4C 63 6F 6D 2F 71 74 69 2F 73 Oem; (Lcom/qti/s
00000330 65 72 76 65 72 2F 70 6F 77 65 72 2F 53 75 62 53 erver/power/SubS
00000340 79 73 74 65 6D 53 68 75 74 64 6F 77 6E 3B 00 12 ystemShutdown;
00000350 4C 6A 61 76 61 2F 6C 61 6E 67 2F 4F 62 6A 65 63 Ljava/lang/Objec
00000360 74 3B 00 12 4C 6A 61 76 61 2F 6C 61 6E 67 2F 53 t; Ljava/lang/S
00000370 74 72 69 6E 67 3B 00 12 4C 6A 61 76 61 2F 6C 61 tring; Ljava/la
00000380 6E 67 2F 53 79 73 74 65 6D 3B 00 1A 4D 6F 64 65 ng/System; Mode
00000390 6D 20 73 68 75 74 64 6F 77 6E 20 73 75 63 63 65 m shutdown succe
000003A0 73 73 66 75 6C 2E 00 19 51 75 61 6C 63 6F 6D 6D ssful. Qualcomm
000003B0 20 72 65 62 6F 6F 74 2F 73 68 75 74 64 6F 77 6E reboot/shutdown
000003C0 2E 00 10 51 75 61 6C 63 6F 6D 6D 53 68 75 74 64 . QualcommShutd
000003D0 6F 77 6E 00 10 53 68 75 74 64 6F 77 6E 4F 65 6D own ShutdownOem
000003E0 2E 6A 61 76 61 00 11 53 75 62 53 79 73 74 65 6D .java SubSystem
000003F0 53 68 75 74 64 6F 77 6E 00 16 53 75 62 53 79 73 Shutdown SubSys
00000400 74 65 6D 53 68 75 74 64 6F 77 6E 2E 6A 61 76 61 temShutdown.java
00000410 00 03 54 41 47 00 01 56 00 02 56 4C 00 03 56 5A TAG V VL VZ
00000420 4C 00 01 5A 00 01 65 00 01 69 00 0B 6C 6F 61 64 L Z e i load
00000430 4C 69 62 72 61 72 79 00 06 72 65 61 73 6F 6E 00 Library reason
00000440 06 72 65 62 6F 6F 74 00 10 72 65 62 6F 6F 74 4F reboot rebootO
00000450 72 53 68 75 74 64 6F 77 6E 00 08 73 68 75 74 64 rShutdown shutd
00000460 6F 77 6E 00 04 74 68 69 73 00 11 00 07 0E 00 16 own this
00000470 02 1B 1A 07 0E 79 69 7A 1C 00 13 00 07 0E 5A 00 yiz Z
00000480 0D 00 07 0E 00 01 17 0D 01 17 0F 01 00 01 01 00
00000490 1A 02 81 80 04 E0 03 03 01 F8 03 01 00 03 00 01 € à ø
000004A0 1A 04 88 80 04 C4 04 01 81 80 04 E0 04 01 89 02 ˆ€ Ä € à ‰
000004B0 00 00 00 00 0E 00 00 00 00 00 00 00 01 00 00 00
000004C0 00 00 00 00 01 00 00 00 1E 00 00 00 70 00 00 00 p
000004D0 02 00 00 00 09 00 00 00 E8 00 00 00 03 00 00 00 è
000004E0 05 00 00 00 0C 01 00 00 04 00 00 00 02 00 00 00
000004F0 48 01 00 00 05 00 00 00 09 00 00 00 58 01 00 00 H X
00000500 06 00 00 00 02 00 00 00 A0 01 00 00 01 20 00 00
00000510 04 00 00 00 E0 01 00 00 01 10 00 00 03 00 00 00 à
00000520 78 02 00 00 02 20 00 00 1E 00 00 00 90 02 00 00 x
00000530 03 20 00 00 04 00 00 00 42 04 00 00 05 20 00 00 B
00000540 02 00 00 00 5D 04 00 00 00 20 00 00 02 00 00 00 ]
00000550 63 04 00 00 00 10 00 00 01 00 00 00 8C 04 00 00 c Œ
deps:
00000560 CA B3 27 48 8F D5 CE 0C 1C 00 00 00 11 00 00 00 ʳ'H ÕÎ
00000570 1C 00 00 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D /system/fram
00000580 65 77 6F 72 6B 2F 63 6F 72 65 2E 6F 64 65 78 00 ework/core.odex
00000590 14 DD 05 5A B9 5D 6F 25 74 0E 13 FF EE 55 53 31 Ý Z¹]o%t ÿîUS1
000005A0 B9 6F 4D 0B 21 00 00 00 2F 73 79 73 74 65 6D 2F ¹oM ! /system/
000005B0 66 72 61 6D 65 77 6F 72 6B 2F 63 6F 6E 73 63 72 framework/conscr
000005C0 79 70 74 2E 6F 64 65 78 00 0B 15 B6 40 FB 61 0C ypt.odex ¶@ûa
000005D0 15 BD B8 43 CA C3 A6 83 A9 EF DE C9 F7 1E 00 00 ½¸CÊ惩ïÞÉ÷
000005E0 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D 65 77 6F /system/framewo
000005F0 72 6B 2F 6F 6B 68 74 74 70 2E 6F 64 65 78 00 08 rk/okhttp.odex
00000600 DC 43 CC 14 DF B2 6D BA F3 04 05 51 8F 47 ED 04 ÜCÌ ß²mºó Q Gí
00000610 34 D2 96 22 00 00 00 2F 73 79 73 74 65 6D 2F 66 4Ò–" /system/f
00000620 72 61 6D 65 77 6F 72 6B 2F 63 6F 72 65 2D 6A 75 ramework/core-ju
00000630 6E 69 74 2E 6F 64 65 78 00 46 8E 68 AF D6 35 B7 nit.odex FŽh¯Ö5·
00000640 16 C7 7A 1A DE 97 E6 AC 90 6F 99 50 57 24 00 00 Çz Þ—æ¬ o™PW$
00000650 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D 65 77 6F /system/framewo
00000660 72 6B 2F 62 6F 75 6E 63 79 63 61 73 74 6C 65 2E rk/bouncycastle.
00000670 6F 64 65 78 00 EA 29 20 BE 8D 25 35 41 B7 D3 6E odex ê) ¾ %5A·Ón
00000680 71 EC 97 96 EB 72 A9 0F 35 1B 00 00 00 2F 73 79 qì—–ër© 5 /sy
00000690 73 74 65 6D 2F 66 72 61 6D 65 77 6F 72 6B 2F 65 stem/framework/e
000006A0 78 74 2E 6F 64 65 78 00 F6 70 FC DE 18 E8 06 C2 xt.odex öpüÞ è Â
000006B0 25 BA 2D EF 46 F2 46 3C 24 C0 57 B5 21 00 00 00 %º-ïFòF<$ÀWµ!
000006C0 2F 73 79 73 74 65 6D 2F 66 72 61 6D 65 77 6F 72 /system/framewor
000006D0 6B 2F 66 72 61 6D 65 77 6F 72 6B 2E 6F 64 65 78 k/framework.odex
000006E0 00 66 B3 E4 6F 32 68 F2 A5 CF 14 CA 5C 44 A4 34 f³äo2hò¥Ï Ê\D¤4
000006F0 76 B4 CA B4 64 22 00 00 00 2F 73 79 73 74 65 6D v´Ê´d" /system
00000700 2F 66 72 61 6D 65 77 6F 72 6B 2F 66 72 61 6D 65 /framework/frame
00000710 77 6F 72 6B 32 2E 6F 64 65 78 00 DA 17 53 BB 05 work2.odex Ú S»
00000720 1A E0 87 9C 5E 3F C0 EA B9 9F 0A AF 19 DA 63 28 à‡œ^?À깟 ¯ Úc(
00000730 00 00 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D 65 /system/frame
00000740 77 6F 72 6B 2F 74 65 6C 65 70 68 6F 6E 79 2D 63 work/telephony-c
00000750 6F 6D 6D 6F 6E 2E 6F 64 65 78 00 E1 86 DE A2 A0 ommon.odex á†Þ¢
00000760 CD D8 93 FF 71 F1 51 3E E0 FC 03 5B EF 92 7D 23 ÍØ“ÿqñQ>àü [ï’}#
00000770 00 00 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D 65 /system/frame
00000780 77 6F 72 6B 2F 76 6F 69 70 2D 63 6F 6D 6D 6F 6E work/voip-common
00000790 2E 6F 64 65 78 00 66 21 9E FC E9 07 D9 64 6D CD .odex f!žüé ÙdmÍ
000007A0 F0 C2 43 F1 F5 F8 1F D9 0B DE 22 00 00 00 2F 73 ðÂCñõø Ù Þ" /s
000007B0 79 73 74 65 6D 2F 66 72 61 6D 65 77 6F 72 6B 2F ystem/framework/
000007C0 6D 6D 73 2D 63 6F 6D 6D 6F 6E 2E 6F 64 65 78 00 mms-common.odex
000007D0 70 E3 B6 B6 8C AB 19 BB 02 F4 F3 94 73 98 CC FA p㶶Œ« » ôó”s˜Ìú
000007E0 CD E7 44 2A 26 00 00 00 2F 73 79 73 74 65 6D 2F ÍçD*& /system/
000007F0 66 72 61 6D 65 77 6F 72 6B 2F 61 6E 64 72 6F 69 framework/androi
00000800 64 2E 70 6F 6C 69 63 79 2E 6F 64 65 78 00 EA 56 d.policy.odex êV
00000810 59 C1 27 A5 72 65 CB 7D A7 D8 B4 85 82 77 EB F9 YÁ'¥reË}§Ø´…‚wëù
00000820 C4 AF 20 00 00 00 2F 73 79 73 74 65 6D 2F 66 72 į /system/fr
00000830 61 6D 65 77 6F 72 6B 2F 73 65 72 76 69 63 65 73 amework/services
00000840 2E 6F 64 65 78 00 02 E3 8A 01 CD 9C 7B 94 11 7C .odex ㊠͜{” |
00000850 29 8A 0D A6 0C 11 A1 F5 26 11 22 00 00 00 2F 73 )Š ¦ ¡õ& " /s
00000860 79 73 74 65 6D 2F 66 72 61 6D 65 77 6F 72 6B 2F ystem/framework/
00000870 61 70 61 63 68 65 2D 78 6D 6C 2E 6F 64 65 78 00 apache-xml.odex
00000880 28 9E 93 4D 21 CA 9A 5C 99 D6 E5 2D D6 02 42 74 (ž“M!Êš\™Öå-Ö Bt
00000890 CB EB FD CE 27 00 00 00 2F 73 79 73 74 65 6D 2F ËëýÎ' /system/
000008A0 66 72 61 6D 65 77 6F 72 6B 2F 77 65 62 76 69 65 framework/webvie
000008B0 77 63 68 72 6F 6D 69 75 6D 2E 6F 64 65 78 00 18 wchromium.odex
000008C0 3F 62 8C BF AE 17 F3 E4 66 47 E7 DC 44 7A 44 8C ?bŒ¿® óäfGçÜDzDŒ
000008D0 DE 9B 44 25 00 00 00 2F 73 79 73 74 65 6D 2F 66 Þ›D% /system/f
000008E0 72 61 6D 65 77 6F 72 6B 2F 71 63 6D 65 64 69 61 ramework/qcmedia
000008F0 70 6C 61 79 65 72 2E 6F 64 65 78 00 7A C1 2D 14 player.odex zÁ-
00000900 07 DA 72 AD DE A2 03 2C B8 50 5A 85 B1 45 6D 8C ÚrÞ¢ ,¸PZ…±EmŒ
00000910 21 00 00 00 2F 73 79 73 74 65 6D 2F 66 72 61 6D ! /system/fram
00000920 65 77 6F 72 6B 2F 57 66 64 43 6F 6D 6D 6F 6E 2E ework/WfdCommon.
00000930 6F 64 65 78 00 F2 4A 47 54 F1 01 89 6B D5 71 AB odex òJGTñ ‰kÕq«
00000940 40 80 03 D1 19 55 0D 22 E7 00 00 00 00 00 00 00 @€ Ñ U "ç
opt:
00000950 50 4B 4C 43 38 00 00 00 38 00 00 00 04 00 00 00 PKLC8 8
00000960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000970 00 00 00 00 00 00 00 00 2E E3 1B 05 DA 02 00 00 .ã Ú
00000980 A0 01 00 00 CA 67 9D D4 FE 02 00 00 C0 01 00 00 Êg Ôþ À
00000990 50 41 4D 52 44 00 00 00 02 00 00 00 0C 00 00 00 PAMRD
000009A0 2C 00 00 00 02 00 00 00 02 01 02 00 00 01 03 01 ,
000009B0 04 01 0D 00 0E 00 14 01 11 0A 03 09 01 09 0A 00
000009C0 01 09 0A 00 03 00 00 00 04 01 03 00 04 00 00 01
000009D0 0A 02 01 02 00 00 01 03 01 01 00 00 00 00 00 00
000009E0 44 4E 45 41 00 00 00 00 DNEA