Confuse among smali code and dalvik bytecode specification and real hex of opcode in dex file
Pergunta
I defined a java class named DefineFields
. It has an empty constructor. When I compile it, the hex code in classes.dex
file shows like this:
7010 050C 0000 0E00 (show in little endian)
after that i search the bytecode specification and i found it
(spec code) (hex of dex)
70 35c: invoke-direct (7010)
05 22x: move-wide/from16 (050C)
00 10x: nop (0000)
0E 10x: return-void (0E00)
I read the specification. But I can't completely understand what is 35c
. (I know c, x have explain table in spec.) Even more What I want to know is how can I explain the 10
hex in the 7010
and 0C
in the 050C
These things don't match specification opcode.
Solução
To answer the second part of your question, the values like "35c", "22x", "10x" refer to the instruction format. This determines the size of the instruction, and how the various parts of the instruction are packed into this space. These are defined in the instruction-formats document.
You are "parsing" the given instruction incorrectly. Instructions are not always 2 bytes in length. This is in fact the encoding for 2 instructions. The first instruction, with the opcode of 0x70, is the invoke-direct instruction, which has the format 35c.
The layout of a 35c instrucution is given in the instruction-formats document
A|G|op BBBB F|E|D|C
[A=5] op {vC, vD, vE, vF, vG}, meth@BBBB
[A=5] op {vC, vD, vE, vF, vG}, type@BBBB
[A=4] op {vC, vD, vE, vF}, kind@BBBB
[A=3] op {vC, vD, vE}, kind@BBBB
[A=2] op {vC, vD}, kind@BBBB
[A=1] op {vC}, kind@BBBB
[A=0] op {}, kind@BBBB
This is a 3-unit instruction, where each unit is 2-bytes. So 6 bytes in total. The hex values for this instruction are 7010 050C 0000
Note that each "group" of 2 bytes is shown as if it were in big-endian order. So, for `7010 050C 0000', the value of each "letter" would be:
7010 050C 0000
OOAG BBBB DCFE
OP = 0x70
A = 1
G = 0
B = 0x0C05
C = 0
D = 0
E = 0
F = 0
You can see from the format that the value of A
determines the number of arguments that are passed to the method. In this case, A
has a value of 1, so the applicable line is
[A=1] op {vC}, kind@BBBB
So B contains the method index of the method that is called. This refers to the method_id_item in the dex file at that particular index. And it is being passed a single argument, the value in the register v0.
For the 2nd instruction 0E00
, the opcode is 0E, which is return-void, with a format of 10x.
ØØ|op
This one is easy to decode. It doesn't contain any other information other than the opcode.