-
Notifications
You must be signed in to change notification settings - Fork 9
/
dalvikplugin.h
80 lines (74 loc) · 2.24 KB
/
dalvikplugin.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/*
* (c) 2013, Tim "diff" Strazzere - [email protected]
* [email protected] - http://www.strazzere.com
*
* -> You are free to use this code as long as you keep the original copyright <-
* An IDA plugin to display Dakvik header information
*
* Outline, concept and lots of code adapted (i.e. stolen) from fG!'s Mach-O plugin
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* dalvikplugin.h
*
*/
// IDA SDK includes
#include <ida.hpp>
#include <idp.hpp>
#include <loader.hpp>
#include <bytes.hpp>
#include <kernwin.hpp>
// Macro taken directly from fG!'s Mach-O plugin macros header
#define COMMENT_DWORD(addr, msg) \
doDwrd(addr, 4); set_cmt(addr, msg, 0);
// Structure to keep all information about the our sample view
struct sample_info_t
{
TForm *form;
TCustomControl *cv;
strvec_t sv;
sample_info_t(TForm *f) : form(f), cv(NULL) {}
};
// Bare-bones structs for dalvik headers
typedef uint32_t u4;
typedef struct {
char dex[3];
char newline[1];
char ver[3];
char zero[1];
} dex_magic;
typedef struct {
dex_magic magic;
u4 checksum[1];
unsigned char signature[20];
u4 file_size[1];
u4 header_size[1];
u4 endian_tag[1];
u4 link_size[1];
u4 link_off[1];
u4 map_off[1];
u4 string_ids_size[1];
u4 string_ids_off[1];
u4 type_ids_size[1];
u4 type_ids_off[1];
u4 proto_ids_size[1];
u4 proto_ids_off[1];
u4 field_ids_size[1];
u4 field_ids_off[1];
u4 method_ids_size[1];
u4 method_ids_off[1];
u4 class_defs_size[1];
u4 class_defs_off[1];
u4 data_size[1];
u4 data_off[1];
} dex_header;