Confuse among smali code and dalvik bytecode specification and real hex of opcode in dex file

Question

I defined a java class named DefineFields. It has an empty constructor. When I compile it, the hex code in classes.dex file shows like this:

7010 050C 0000 0E00 (show in little endian)

after that i search the bytecode specification and i found it

(spec code)                      (hex of dex) 
  70 35c: invoke-direct           (7010)     
  05 22x: move-wide/from16        (050C)
  00 10x: nop                     (0000)
  0E 10x: return-void             (0E00)

I read the specification. But I can't completely understand what is 35c. (I know c, x have explain table in spec.) Even more What I want to know is how can I explain the 10 hex in the 7010 and 0C in the 050C

These things don't match specification opcode.

Answer 1

To answer the second part of your question, the values like "35c", "22x", "10x" refer to the instruction format. This determines the size of the instruction, and how the various parts of the instruction are packed into this space. These are defined in the instruction-formats document.

You are "parsing" the given instruction incorrectly. Instructions are not always 2 bytes in length. This is in fact the encoding for 2 instructions. The first instruction, with the opcode of 0x70, is the invoke-direct instruction, which has the format 35c.

The layout of a 35c instrucution is given in the instruction-formats document

A|G|op BBBB F|E|D|C

[A=5] op {vC, vD, vE, vF, vG}, meth@BBBB
[A=5] op {vC, vD, vE, vF, vG}, type@BBBB
[A=4] op {vC, vD, vE, vF}, kind@BBBB
[A=3] op {vC, vD, vE}, kind@BBBB
[A=2] op {vC, vD}, kind@BBBB
[A=1] op {vC}, kind@BBBB
[A=0] op {}, kind@BBBB

This is a 3-unit instruction, where each unit is 2-bytes. So 6 bytes in total. The hex values for this instruction are 7010 050C 0000

Note that each "group" of 2 bytes is shown as if it were in big-endian order. So, for `7010 050C 0000', the value of each "letter" would be:

7010 050C 0000
OOAG BBBB DCFE

OP = 0x70 
A = 1
G = 0
B = 0x0C05
C = 0
D = 0
E = 0
F = 0

You can see from the format that the value of A determines the number of arguments that are passed to the method. In this case, A has a value of 1, so the applicable line is

[A=1] op {vC}, kind@BBBB

So B contains the method index of the method that is called. This refers to the method_id_item in the dex file at that particular index. And it is being passed a single argument, the value in the register v0.

For the 2nd instruction 0E00, the opcode is 0E, which is return-void, with a format of 10x.

ØØ|op

This one is easy to decode. It doesn't contain any other information other than the opcode.