Android逆向之dex2oat的实现解析

目录

  • 简介
  • dex2oat介绍
  • 为什么要使用dex2oat进行转换
  • dex2oat代码
    • 1.dex2oat类定义
    • 2.OpenDexFiles函数定义
    • 3.dex2oat入口函数定义
  • 总结

    简介 在Android系统5.0及以上系统开始逐渐丢弃Dalvik虚拟机,由于ART虚拟机对内存分配和回收都做了算法优化,降低了内存碎片化程度,回收时间也得以缩短,所有android系统5.0及以上都在主推ART虚拟机。在ART虚拟机中ART则会将Dex通过dex2oat工具编译得到一个ELF文件,它是一个可执行的文件。所以下面我们就针对ART的dex2oat实现进行做分析。

    dex2oat介绍 Dex2oat的全称是:dalvik excutable file to optimized art file,它是一个对 android系统下的dex文件,进行编译优化的程序。通过dex2oat的编译优化,可以大大的提高android系统的启动的速度和使用手机过程的的流畅度。
    dex2oat在安卓手机环境下的存放位置为/system/bin/dex2oat

    Android逆向之dex2oat的实现解析
    文章图片

    dex2oat在开源系统中的路径为\art\dex2oat\dex2oat.cc。

    Android逆向之dex2oat的实现解析
    文章图片


    为什么要使用dex2oat进行转换 在android系统中,Android 虚拟机可以识别到的是dex文件,App应用在使用过程中如果每次将dex文件加载进行内存,解释性执行字节码,效率就会变得非常低, 从而影响到用户在使用安卓手机的体验。通过利用dex2oat进行优化处理, 那么可以在android系统运行之前,利用合适的时机将dex文件字节码,提前转化为虚拟机上可以执行运行的机器码,后续直接从效率更高的机器码中运行,则运行阶段更加流畅,优化用户体验。

    dex2oat代码
    1.dex2oat类定义
    class Dex2Oat { public: //创建函数,返回值为bool,static bool Create(Dex2Oat** p_dex2oat,const RuntimeOptions& runtime_options,const CompilerOptions& compiler_options,Compiler::Kind compiler_kind,InstructionSet instruction_set,InstructionSetFeatures instruction_set_features,VerificationResults* verification_results,DexFileToMethodInlinerMap* method_inliner_map,size_t thread_count)SHARED_TRYLOCK_FUNCTION(true, Locks::mutator_lock_) {//判断参数传递进来的释放为空CHECK(verification_results != nullptr); CHECK(method_inliner_map != nullptr); //用智能指针方式进行去实例化dex2oatstd::unique_ptr dex2oat(new Dex2Oat(&compiler_options,compiler_kind,instruction_set,instruction_set_features,verification_results,method_inliner_map,thread_count)); if (!dex2oat->CreateRuntime(runtime_options, instruction_set)) {*p_dex2oat = nullptr; return false; }*p_dex2oat = dex2oat.release(); return true; }//dex2oat的虚构函数,用于释放操作。~Dex2Oat() {delete runtime_; LogCompletionTime(); }void LogCompletionTime() {LOG(INFO) << "dex2oat took " << PrettyDuration(NanoTime() - start_ns_)<< " (threads: " << thread_count_ << ")"; }//从文件上获取到类名称std::set* ReadImageClassesFromFile(const char* image_classes_filename) {std::unique_ptr image_classes_file(new std::ifstream(image_classes_filename,std::ifstream::in)); if (image_classes_file.get() == nullptr) {LOG(ERROR) << "Failed to open image classes file " << image_classes_filename; return nullptr; }std::unique_ptr> result(ReadImageClasses(*image_classes_file)); image_classes_file->close(); return result.release(); } //读取imageclassesstd::set* ReadImageClasses(std::istream& image_classes_stream) {std::unique_ptr> image_classes(new std::set); while (image_classes_stream.good()) {std::string dot; std::getline(image_classes_stream, dot); if (StartsWith(dot, "#") || dot.empty()) {continue; }std::string descriptor(DotToDescriptor(dot.c_str())); image_classes->insert(descriptor); }return image_classes.release(); }// Reads the class names (java.lang.Object) and returns a set of descriptors (Ljava/lang/Object; )//从zip文件(apk其实就是个zip文件)读取类名称,读取到返回一个描述std::set* ReadImageClassesFromZip(const char* zip_filename,const char* image_classes_filename,std::string* error_msg) {//通过智能指针进行打开zip压缩包,也就是apk包std::unique_ptr zip_archive(ZipArchive::Open(zip_filename, error_msg)); //判断打开是否失败if (zip_archive.get() == nullptr) {return nullptr; }//进行遍历zip包获取zip包里面的文件信息std::unique_ptr zip_entry(zip_archive->Find(image_classes_filename, error_msg)); if (zip_entry.get() == nullptr) {*error_msg = StringPrintf("Failed to find '%s' within '%s': %s", image_classes_filename,zip_filename, error_msg->c_str()); return nullptr; }std::unique_ptr image_classes_file(zip_entry->ExtractToMemMap(zip_filename,image_classes_filename,error_msg)); if (image_classes_file.get() == nullptr) {*error_msg = StringPrintf("Failed to extract '%s' from '%s': %s", image_classes_filename,zip_filename, error_msg->c_str()); return nullptr; }const std::string image_classes_string(reinterpret_cast(image_classes_file->Begin()),image_classes_file->Size()); std::istringstream image_classes_stream(image_classes_string); return ReadImageClasses(image_classes_stream); }bool PatchOatCode(const CompilerDriver* compiler_driver, File* oat_file,const std::string& oat_location, std::string* error_msg) {// We asked to include patch information but we are not making an image. We need to fix// everything up manually.std::unique_ptr elf_file(ElfFile::Open(oat_file, PROT_READ|PROT_WRITE,MAP_SHARED, error_msg)); if (elf_file.get() == NULL) {LOG(ERROR) << error_msg; return false; }{ReaderMutexLock mu(Thread::Current(), *Locks::mutator_lock_); return ElfPatcher::Patch(compiler_driver, elf_file.get(), oat_location, error_msg); }}//创建一个oat文件,返回一个常量指针const CompilerDriver* CreateOatFile(const std::string& boot_image_option,const std::string& android_root,bool is_host,const std::vector& dex_files,File* oat_file,const std::string& oat_location,const std::string& bitcode_filename,bool image,std::unique_ptr>& image_classes,bool dump_stats,bool dump_passes,TimingLogger& timings,CumulativeLogger& compiler_phases_timings,std::string profile_file,SafeMap* key_value_store) {CHECK(key_value_store != nullptr); // Handle and ClassLoader creation needs to come after Runtime::Createjobject class_loader = nullptr; //获取自身进程Thread* self = Thread::Current(); //如果boot_image_option不为空的话,执行下面的代码if (!boot_image_option.empty()) {ClassLinker* class_linker = Runtime::Current()->GetClassLinker(); std::vector class_path_files(dex_files); OpenClassPathFiles(runtime_->GetClassPathString(), class_path_files); ScopedObjectAccess soa(self); //循环遍历并类文件大小,并进行dex文件进行注册for (size_t i = 0; i < class_path_files.size(); i++) {class_linker->RegisterDexFile(*class_path_files[i]); }soa.Env()->AllocObject(WellKnownClasses::dalvik_system_PathClassLoader); ScopedLocalRef class_loader_local(soa.Env(),soa.Env()->AllocObject(WellKnownClasses::dalvik_system_PathClassLoader)); class_loader = soa.Env()->NewGlobalRef(class_loader_local.get()); Runtime::Current()->SetCompileTimeClassPath(class_loader, class_path_files); }std::unique_ptr driver(new CompilerDriver(compiler_options_,verification_results_,method_inliner_map_,compiler_kind_,instruction_set_,instruction_set_features_,image,image_classes.release(),thread_count_,dump_stats,dump_passes,&compiler_phases_timings,profile_file)); driver->GetCompiler()->SetBitcodeFileName(*driver.get(), bitcode_filename); driver->CompileAll(class_loader, dex_files, &timings); TimingLogger::ScopedTiming t2("dex2oat OatWriter", &timings); std::string image_file_location; uint32_t image_file_location_oat_checksum = 0; uintptr_t image_file_location_oat_data_begin = 0; int32_t image_patch_delta = 0; if (!driver->IsImage()) {TimingLogger::ScopedTiming t3("Loading image checksum", &timings); gc::space::ImageSpace* image_space = Runtime::Current()->GetHeap()->GetImageSpace(); image_file_location_oat_checksum = image_space->GetImageHeader().GetOatChecksum(); image_file_location_oat_data_begin =reinterpret_cast(image_space->GetImageHeader().GetOatDataBegin()); image_file_location = image_space->GetImageFilename(); image_patch_delta = image_space->GetImageHeader().GetPatchDelta(); }if (!image_file_location.empty()) {key_value_store->Put(OatHeader::kImageLocationKey, image_file_location); }//oat写入操作OatWriter oat_writer(dex_files, image_file_location_oat_checksum,image_file_location_oat_data_begin,image_patch_delta,driver.get(),&timings,key_value_store); t2.NewTiming("Writing ELF"); if (!driver->WriteElf(android_root, is_host, dex_files, &oat_writer, oat_file)) {LOG(ERROR) << "Failed to write ELF file " << oat_file->GetPath(); return nullptr; }// Flush result to disk. Patching code will re-open the file (mmap), so ensure that our view// of the file already made it there and won't be re-ordered with writes from PatchOat or// image patching.oat_file->Flush(); if (!driver->IsImage() && driver->GetCompilerOptions().GetIncludePatchInformation()) {t2.NewTiming("Patching ELF"); std::string error_msg; if (!PatchOatCode(driver.get(), oat_file, oat_location, &error_msg)) {LOG(ERROR) << "Failed to fixup ELF file " << oat_file->GetPath() << ": " << error_msg; return nullptr; }}return driver.release(); }//创建一个映射文件,成功返回true,失败返回falsebool CreateImageFile(const std::string& image_filename,uintptr_t image_base,const std::string& oat_filename,const std::string& oat_location,const CompilerDriver& compiler)LOCKS_EXCLUDED(Locks::mutator_lock_) {uintptr_t oat_data_begin; {// ImageWriter is scoped so it can free memory before doing FixupElfImageWriter image_writer(compiler); if (!image_writer.Write(image_filename, image_base, oat_filename, oat_location)) {LOG(ERROR) << "Failed to create image file " << image_filename; return false; }oat_data_begin = image_writer.GetOatDataBegin(); }std::unique_ptr oat_file(OS::OpenFileReadWrite(oat_filename.c_str())); if (oat_file.get() == nullptr) {PLOG(ERROR) << "Failed to open ELF file: " << oat_filename; return false; }if (!ElfFixup::Fixup(oat_file.get(), oat_data_begin)) {LOG(ERROR) << "Failed to fixup ELF file " << oat_file->GetPath(); return false; }return true; } private: //定义一个显示的dex2oat构造函数explicit Dex2Oat(const CompilerOptions* compiler_options,Compiler::Kind compiler_kind,InstructionSet instruction_set,InstructionSetFeatures instruction_set_features,VerificationResults* verification_results,DexFileToMethodInlinerMap* method_inliner_map,size_t thread_count): compiler_options_(compiler_options),compiler_kind_(compiler_kind),instruction_set_(instruction_set),instruction_set_features_(instruction_set_features),verification_results_(verification_results),method_inliner_map_(method_inliner_map),runtime_(nullptr),thread_count_(thread_count),start_ns_(NanoTime()) {CHECK(compiler_options != nullptr); CHECK(verification_results != nullptr); CHECK(method_inliner_map != nullptr); }bool CreateRuntime(const RuntimeOptions& runtime_options, InstructionSet instruction_set)SHARED_TRYLOCK_FUNCTION(true, Locks::mutator_lock_) {if (!Runtime::Create(runtime_options, false)) {LOG(ERROR) << "Failed to create runtime"; return false; }Runtime* runtime = Runtime::Current(); runtime->SetInstructionSet(instruction_set); for (int i = 0; i < Runtime::kLastCalleeSaveType; i++) {Runtime::CalleeSaveType type = Runtime::CalleeSaveType(i); if (!runtime->HasCalleeSaveMethod(type)) {runtime->SetCalleeSaveMethod(runtime->CreateCalleeSaveMethod(type), type); }}runtime->GetClassLinker()->FixupDexCaches(runtime->GetResolutionMethod()); runtime->GetClassLinker()->RunRootClinits(); runtime_ = runtime; return true; }// Appends to dex_files any elements of class_path that it doesn't already// contain. This will open those dex files as necessary.static void OpenClassPathFiles(const std::string& class_path,std::vector& dex_files) {//通过定义l的vector向量的字符串std::vector parsed; Split(class_path, ':', parsed); // Take Locks::mutator_lock_ so that lock ordering on the ClassLinker::dex_lock_ is maintained.ScopedObjectAccess soa(Thread::Current()); for (size_t i = 0; i < parsed.size(); ++i) {//判断是否包含dex文件if (DexFilesContains(dex_files, parsed[i])) {continue; }std::string error_msg; //判断是否可以打得开dex文件if (!DexFile::Open(parsed[i].c_str(), parsed[i].c_str(), &error_msg, &dex_files)) {LOG(WARNING) << "Failed to open dex file '" << parsed[i] << "': " << error_msg; }}}//如果dex文件有指定位置的话,那么就返回为truestatic bool DexFilesContains(const std::vector& dex_files,const std::string& location) {//循环变量dex文件的大小,并进行判断location是否相等。for (size_t i = 0; i < dex_files.size(); ++i) {if (dex_files[i]->GetLocation() == location) {return true; }}return false; }//定义了个四个常量const CompilerOptions* const compiler_options_; const Compiler::Kind compiler_kind_; const InstructionSet instruction_set_; const InstructionSetFeatures instruction_set_features_; VerificationResults* const verification_results_; DexFileToMethodInlinerMap* const method_inliner_map_; Runtime* runtime_; size_t thread_count_; uint64_t start_ns_; DISALLOW_IMPLICIT_CONSTRUCTORS(Dex2Oat); };


    2.OpenDexFiles函数定义
    //OpenDexFiles打开dex文件,成功返回dex文件的大小static size_t OpenDexFiles(const std::vector& dex_filenames,const std::vector& dex_locations,std::vector& dex_files) {size_t failure_count = 0; //循环遍历dex文件的大小。for (size_t i = 0; i < dex_filenames.size(); i++) {const char* dex_filename = dex_filenames[i]; const char* dex_location = dex_locations[i]; ATRACE_BEGIN(StringPrintf("Opening dex file '%s'", dex_filenames[i]).c_str()); std::string error_msg; //判断文件是否存在,if (!OS::FileExists(dex_filename)) {LOG(WARNING) << "Skipping non-existent dex file '" << dex_filename << "'"; continue; }//真正的打开操作还是调用底层的open函数实现的。if (!DexFile::Open(dex_filename, dex_location, &error_msg, &dex_files)) {LOG(WARNING) << "Failed to open .dex from file '" << dex_filename << "': " << error_msg; ++failure_count; }ATRACE_END(); }return failure_count; }


    3.dex2oat入口函数定义
    下面dex2oat函数的整个流程
    做一个arm上的workaround。
    构造Dex2oat对象
    处理命令行参数
    判断对于文件是否有写的权限
    打印命令行参数
    判断dex2oat的setup是否完成
    根据是否image分别调用CompileImage或CompileApp的处理
    //dex2oat两次参数通过控制窗口方式进行输入确static int dex2oat(int argc, char** argv) {#if defined(__linux__) && defined(__arm__)//定义变量int major, minor; //定义获取主机信息结构体struct utsname uts; //调用uname判断是否可以显示系统信息if (uname(&uts) != -1 &&sscanf(uts.release, "%d.%d", &major, &minor) == 2 &&((major < 3) || ((major == 3) && (minor < 4)))) {// Kernels before 3.4 don't handle the ASLR well and we can run out of address// space (http://b/13564922). Work around the issue by inhibiting further mmap() randomization.int old_personality = personality(0xffffffff); if ((old_personality & ADDR_NO_RANDOMIZE) == 0) {int new_personality = personality(old_personality | ADDR_NO_RANDOMIZE); if (new_personality == -1) {LOG(WARNING) << "personality(. | ADDR_NO_RANDOMIZE) failed."; }}}#endif//参数传递赋值到全局变量original_argc = argc; original_argv = argv; //打印程序执行时间TimingLogger timings("compiler", false, false); CumulativeLogger compiler_phases_timings("compilation times"); InitLogging(argv); // Skip over argv[0].argv++; argc--; if (argc == 0) {Usage("No arguments specified"); }//到这里为止前面都是进行初始化及环境操作,真正的dex2oat功能在后面代码实现。//定义一系列的向量,字符串,常量为后面代码使用std::vector dex_filenames; std::vector dex_locations; int zip_fd = -1; std::string zip_location; std::string oat_filename; std::string oat_symbols; std::string oat_location; int oat_fd = -1; std::string bitcode_filename; const char* image_classes_zip_filename = nullptr; const char* image_classes_filename = nullptr; std::string image_filename; std::string boot_image_filename; uintptr_t image_base = 0; std::string android_root; std::vector runtime_args; int thread_count = sysconf(_SC_NPROCESSORS_CONF); Compiler::Kind compiler_kind = kUsePortableCompiler? Compiler::kPortable: Compiler::kQuick; const char* compiler_filter_string = nullptr; int huge_method_threshold = CompilerOptions::kDefaultHugeMethodThreshold; int large_method_threshold = CompilerOptions::kDefaultLargeMethodThreshold; int small_method_threshold = CompilerOptions::kDefaultSmallMethodThreshold; int tiny_method_threshold = CompilerOptions::kDefaultTinyMethodThreshold; int num_dex_methods_threshold = CompilerOptions::kDefaultNumDexMethodsThreshold; //从构建中获取默认的指令功能集。InstructionSetFeatures instruction_set_features =ParseFeatureList(Runtime::GetDefaultInstructionSetFeatures()); InstructionSet instruction_set = kRuntimeISA; // 配置文件的定义使用std::string profile_file; double top_k_profile_threshold = CompilerOptions::kDefaultTopKProfileThreshold; bool is_host = false; bool dump_stats = false; bool dump_timing = false; bool dump_passes = false; bool include_patch_information = CompilerOptions::kDefaultIncludePatchInformation; bool include_debug_symbols = kIsDebugBuild; bool dump_slow_timing = kIsDebugBuild; bool watch_dog_enabled = true; bool generate_gdb_information = kIsDebugBuild; // Checks are all explicit until we know the architecture.bool implicit_null_checks = false; bool implicit_so_checks = false; bool implicit_suspend_checks = false; //下面主要代码通过一系列进行执行打印命令行操作。//统计用户输入的参数总和for (int i = 0; i < argc; i++) {const StringPiece option(argv[i]); const bool log_options = false; if (log_options) {LOG(INFO) << "dex2oat: option[" << i << "]=" << argv[i]; }//判断字符串是否包含if (option.starts_with("--dex-file=")) {//将dex文件名称数据传入vector里面 dex_filenames.push_back(option.substr(strlen("--dex-file=")).data()); } else if (option.starts_with("--dex-location=")) {dex_locations.push_back(option.substr(strlen("--dex-location=")).data()); }//判断是否是zip文件,并对zip文件操作,并对字符串信息进行截取else if (option.starts_with("--zip-fd=")) {const char* zip_fd_str = option.substr(strlen("--zip-fd=")).data(); if (!ParseInt(zip_fd_str, &zip_fd)) {Usage("Failed to parse --zip-fd argument '%s' as an integer", zip_fd_str); }if (zip_fd < 0) {Usage("--zip-fd passed a negative value %d", zip_fd); }} else if (option.starts_with("--zip-location=")) {zip_location = option.substr(strlen("--zip-location=")).data(); } else if (option.starts_with("--oat-file=")) {oat_filename = option.substr(strlen("--oat-file=")).data(); } else if (option.starts_with("--oat-symbols=")) {oat_symbols = option.substr(strlen("--oat-symbols=")).data(); } else if (option.starts_with("--oat-fd=")) {const char* oat_fd_str = option.substr(strlen("--oat-fd=")).data(); if (!ParseInt(oat_fd_str, &oat_fd)) {Usage("Failed to parse --oat-fd argument '%s' as an integer", oat_fd_str); }if (oat_fd < 0) {Usage("--oat-fd passed a negative value %d", oat_fd); }} else if (option == "--watch-dog") {watch_dog_enabled = true; } else if (option == "--no-watch-dog") {watch_dog_enabled = false; } else if (option == "--gen-gdb-info") {generate_gdb_information = true; // Debug symbols are needed for gdb information.include_debug_symbols = true; } else if (option == "--no-gen-gdb-info") {generate_gdb_information = false; } else if (option.starts_with("-j")) {const char* thread_count_str = option.substr(strlen("-j")).data(); if (!ParseInt(thread_count_str, &thread_count)) {Usage("Failed to parse -j argument '%s' as an integer", thread_count_str); }} else if (option.starts_with("--oat-location=")) {oat_location = option.substr(strlen("--oat-location=")).data(); } else if (option.starts_with("--bitcode=")) {bitcode_filename = option.substr(strlen("--bitcode=")).data(); } else if (option.starts_with("--image=")) {image_filename = option.substr(strlen("--image=")).data(); } else if (option.starts_with("--image-classes=")) {image_classes_filename = option.substr(strlen("--image-classes=")).data(); } else if (option.starts_with("--image-classes-zip=")) {image_classes_zip_filename = option.substr(strlen("--image-classes-zip=")).data(); } else if (option.starts_with("--base=")) {const char* image_base_str = option.substr(strlen("--base=")).data(); char* end; image_base = strtoul(image_base_str, &end, 16); if (end == image_base_str || *end != '\0') {Usage("Failed to parse hexadecimal value for option %s", option.data()); }} else if (option.starts_with("--boot-image=")) {boot_image_filename = option.substr(strlen("--boot-image=")).data(); } else if (option.starts_with("--android-root=")) {android_root = option.substr(strlen("--android-root=")).data(); } else if (option.starts_with("--instruction-set=")) {StringPiece instruction_set_str = option.substr(strlen("--instruction-set=")).data(); if (instruction_set_str == "arm") {instruction_set = kThumb2; } else if (instruction_set_str == "arm64") {instruction_set = kArm64; } else if (instruction_set_str == "mips") {instruction_set = kMips; } else if (instruction_set_str == "x86") {instruction_set = kX86; } else if (instruction_set_str == "x86_64") {instruction_set = kX86_64; }} else if (option.starts_with("--instruction-set-features=")) {StringPiece str = option.substr(strlen("--instruction-set-features=")).data(); instruction_set_features = ParseFeatureList(str.as_string()); } else if (option.starts_with("--compiler-backend=")) {StringPiece backend_str = option.substr(strlen("--compiler-backend=")).data(); if (backend_str == "Quick") {compiler_kind = Compiler::kQuick; } else if (backend_str == "Optimizing") {compiler_kind = Compiler::kOptimizing; } else if (backend_str == "Portable") {compiler_kind = Compiler::kPortable; }} else if (option.starts_with("--compiler-filter=")) {compiler_filter_string = option.substr(strlen("--compiler-filter=")).data(); } else if (option.starts_with("--huge-method-max=")) {const char* threshold = option.substr(strlen("--huge-method-max=")).data(); if (!ParseInt(threshold, &huge_method_threshold)) {Usage("Failed to parse --huge-method-max '%s' as an integer", threshold); }if (huge_method_threshold < 0) {Usage("--huge-method-max passed a negative value %s", huge_method_threshold); }} else if (option.starts_with("--large-method-max=")) {const char* threshold = option.substr(strlen("--large-method-max=")).data(); if (!ParseInt(threshold, &large_method_threshold)) {Usage("Failed to parse --large-method-max '%s' as an integer", threshold); }if (large_method_threshold < 0) {Usage("--large-method-max passed a negative value %s", large_method_threshold); }} else if (option.starts_with("--small-method-max=")) {const char* threshold = option.substr(strlen("--small-method-max=")).data(); if (!ParseInt(threshold, &small_method_threshold)) {Usage("Failed to parse --small-method-max '%s' as an integer", threshold); }if (small_method_threshold < 0) {Usage("--small-method-max passed a negative value %s", small_method_threshold); }} else if (option.starts_with("--tiny-method-max=")) {const char* threshold = option.substr(strlen("--tiny-method-max=")).data(); if (!ParseInt(threshold, &tiny_method_threshold)) {Usage("Failed to parse --tiny-method-max '%s' as an integer", threshold); }if (tiny_method_threshold < 0) {Usage("--tiny-method-max passed a negative value %s", tiny_method_threshold); }} else if (option.starts_with("--num-dex-methods=")) {const char* threshold = option.substr(strlen("--num-dex-methods=")).data(); if (!ParseInt(threshold, &num_dex_methods_threshold)) {Usage("Failed to parse --num-dex-methods '%s' as an integer", threshold); }if (num_dex_methods_threshold < 0) {Usage("--num-dex-methods passed a negative value %s", num_dex_methods_threshold); }} else if (option == "--host") {is_host = true; } else if (option == "--runtime-arg") {if (++i >= argc) {Usage("Missing required argument for --runtime-arg"); }if (log_options) {LOG(INFO) << "dex2oat: option[" << i << "]=" << argv[i]; }runtime_args.push_back(argv[i]); } else if (option == "--dump-timing") {dump_timing = true; } else if (option == "--dump-passes") {dump_passes = true; } else if (option == "--dump-stats") {dump_stats = true; } else if (option == "--include-debug-symbols" || option == "--no-strip-symbols") {include_debug_symbols = true; } else if (option == "--no-include-debug-symbols" || option == "--strip-symbols") {include_debug_symbols = false; generate_gdb_information = false; // Depends on debug symbols, see above.} else if (option.starts_with("--profile-file=")) {profile_file = option.substr(strlen("--profile-file=")).data(); VLOG(compiler) << "dex2oat: profile file is " << profile_file; } else if (option == "--no-profile-file") {// No profile} else if (option.starts_with("--top-k-profile-threshold=")) {ParseDouble(option.data(), '=', 0.0, 100.0, &top_k_profile_threshold); } else if (option == "--print-pass-names") {PassDriverMEOpts::PrintPassNames(); } else if (option.starts_with("--disable-passes=")) {std::string disable_passes = option.substr(strlen("--disable-passes=")).data(); PassDriverMEOpts::CreateDefaultPassList(disable_passes); } else if (option.starts_with("--print-passes=")) {std::string print_passes = option.substr(strlen("--print-passes=")).data(); PassDriverMEOpts::SetPrintPassList(print_passes); } else if (option == "--print-all-passes") {PassDriverMEOpts::SetPrintAllPasses(); } else if (option.starts_with("--dump-cfg-passes=")) {std::string dump_passes = option.substr(strlen("--dump-cfg-passes=")).data(); PassDriverMEOpts::SetDumpPassList(dump_passes); } else if (option == "--include-patch-information") {include_patch_information = true; } else if (option == "--no-include-patch-information") {include_patch_information = false; } else {Usage("Unknown argument %s", option.data()); }}//判断oat文件是否存在if (oat_filename.empty() && oat_fd == -1) {Usage("Output must be supplied with either --oat-file or --oat-fd"); }if (!oat_filename.empty() && oat_fd != -1) {Usage("--oat-file should not be used with --oat-fd"); }//判断oat符号表是否为空if (!oat_symbols.empty() && oat_fd != -1) {Usage("--oat-symbols should not be used with --oat-fd"); }if (!oat_symbols.empty() && is_host) {Usage("--oat-symbols should not be used with --host"); }if (oat_fd != -1 && !image_filename.empty()) {Usage("--oat-fd should not be used with --image"); }//判断android_root是否为空if (android_root.empty()) {const char* android_root_env_var = getenv("ANDROID_ROOT"); if (android_root_env_var == nullptr) {Usage("--android-root unspecified and ANDROID_ROOT not set"); }android_root += android_root_env_var; }bool image = (!image_filename.empty()); if (!image && boot_image_filename.empty()) {boot_image_filename += android_root; boot_image_filename += "/framework/boot.art"; }std::string boot_image_option; if (!boot_image_filename.empty()) {boot_image_option += "-Ximage:"; boot_image_option += boot_image_filename; }if (image_classes_filename != nullptr && !image) {Usage("--image-classes should only be used with --image"); }if (image_classes_filename != nullptr && !boot_image_option.empty()) {Usage("--image-classes should not be used with --boot-image"); }if (image_classes_zip_filename != nullptr && image_classes_filename == nullptr) {Usage("--image-classes-zip should be used with --image-classes"); }if (dex_filenames.empty() && zip_fd == -1) {Usage("Input must be supplied with either --dex-file or --zip-fd"); }if (!dex_filenames.empty() && zip_fd != -1) {Usage("--dex-file should not be used with --zip-fd"); }if (!dex_filenames.empty() && !zip_location.empty()) {Usage("--dex-file should not be used with --zip-location"); }if (dex_locations.empty()) {for (size_t i = 0; i < dex_filenames.size(); i++) {dex_locations.push_back(dex_filenames[i]); }} else if (dex_locations.size() != dex_filenames.size()) {Usage("--dex-location arguments do not match --dex-file arguments"); }if (zip_fd != -1 && zip_location.empty()) {Usage("--zip-location should be supplied with --zip-fd"); }if (boot_image_option.empty()) {if (image_base == 0) {Usage("Non-zero --base not specified"); }}std::string oat_stripped(oat_filename); std::string oat_unstripped; if (!oat_symbols.empty()) {oat_unstripped += oat_symbols; } else {oat_unstripped += oat_filename; }if (compiler_filter_string == nullptr) {if (instruction_set == kMips64) {// TODO: fix compiler for Mips64.compiler_filter_string = "interpret-only"; } else if (image) {compiler_filter_string = "speed"; } else {#if ART_SMALL_MODEcompiler_filter_string = "interpret-only"; #elsecompiler_filter_string = "speed"; #endif}}CHECK(compiler_filter_string != nullptr); CompilerOptions::CompilerFilter compiler_filter = CompilerOptions::kDefaultCompilerFilter; if (strcmp(compiler_filter_string, "verify-none") == 0) {compiler_filter = CompilerOptions::kVerifyNone; } else if (strcmp(compiler_filter_string, "interpret-only") == 0) {compiler_filter = CompilerOptions::kInterpretOnly; } else if (strcmp(compiler_filter_string, "space") == 0) {compiler_filter = CompilerOptions::kSpace; } else if (strcmp(compiler_filter_string, "balanced") == 0) {compiler_filter = CompilerOptions::kBalanced; } else if (strcmp(compiler_filter_string, "speed") == 0) {compiler_filter = CompilerOptions::kSpeed; } else if (strcmp(compiler_filter_string, "everything") == 0) {compiler_filter = CompilerOptions::kEverything; } else {Usage("Unknown --compiler-filter value %s", compiler_filter_string); }// Set the compilation target's implicit checks options.switch (instruction_set) {case kArm:case kThumb2:case kArm64:case kX86:case kX86_64:implicit_null_checks = true; implicit_so_checks = true; break; default:// Defaults are correct.break; }std::unique_ptr compiler_options(new CompilerOptions(compiler_filter,huge_method_threshold,large_method_threshold,small_method_threshold,tiny_method_threshold,num_dex_methods_threshold,generate_gdb_information,include_patch_information,top_k_profile_threshold,include_debug_symbols,implicit_null_checks,implicit_so_checks,implicit_suspend_checks#ifdef ART_SEA_IR_MODE, compiler_options.sea_ir_ =true; #endif)); // NOLINT(whitespace/parens)// Done with usage checks, enable watchdog if requestedWatchDog watch_dog(watch_dog_enabled); // Check early that the result of compilation can be writtenstd::unique_ptr oat_file; bool create_file = !oat_unstripped.empty(); // as opposed to using open file descriptorif (create_file) {oat_file.reset(OS::CreateEmptyFile(oat_unstripped.c_str())); if (oat_location.empty()) {oat_location = oat_filename; }} else {oat_file.reset(new File(oat_fd, oat_location)); oat_file->DisableAutoClose(); oat_file->SetLength(0); }if (oat_file.get() == nullptr) {PLOG(ERROR) << "Failed to create oat file: " << oat_location; return EXIT_FAILURE; }if (create_file && fchmod(oat_file->Fd(), 0644) != 0) {PLOG(ERROR) << "Failed to make oat file world readable: " << oat_location; return EXIT_FAILURE; }//开始真正的执行dex2oat工作了timings.StartTiming("dex2oat Setup"); LOG(INFO) << CommandLine(); RuntimeOptions runtime_options; std::vector boot_class_path; art::MemMap::Init(); // For ZipEntry::ExtractToMemMap.if (boot_image_option.empty()) {//打开zip文件中的dex文件size_t failure_count = OpenDexFiles(dex_filenames, dex_locations, boot_class_path); if (failure_count > 0) {LOG(ERROR) << "Failed to open some dex files: " << failure_count; return EXIT_FAILURE; }runtime_options.push_back(std::make_pair("bootclasspath", &boot_class_path)); } else {runtime_options.push_back(std::make_pair(boot_image_option.c_str(), nullptr)); }for (size_t i = 0; i < runtime_args.size(); i++) {runtime_options.push_back(std::make_pair(runtime_args[i], nullptr)); }std::unique_ptr verification_results(new VerificationResults(compiler_options.get())); DexFileToMethodInlinerMap method_inliner_map; QuickCompilerCallbacks callbacks(verification_results.get(), &method_inliner_map); runtime_options.push_back(std::make_pair("compilercallbacks", &callbacks)); runtime_options.push_back(std::make_pair("imageinstructionset",reinterpret_cast(GetInstructionSetString(instruction_set)))); Dex2Oat* p_dex2oat; //创建一个dex2oatif (!Dex2Oat::Create(&p_dex2oat,runtime_options,*compiler_options,compiler_kind,instruction_set,instruction_set_features,verification_results.get(),&method_inliner_map,thread_count)) {LOG(ERROR) << "Failed to create dex2oat"; return EXIT_FAILURE; }std::unique_ptr dex2oat(p_dex2oat); Thread* self = Thread::Current(); self->TransitionFromRunnableToSuspended(kNative); WellKnownClasses::Init(self->GetJniEnv()); // If --image-classes was specified, calculate the full list of classes to include in the imagestd::unique_ptr> image_classes(nullptr); if (image_classes_filename != nullptr) {std::string error_msg; if (image_classes_zip_filename != nullptr) {image_classes.reset(dex2oat->ReadImageClassesFromZip(image_classes_zip_filename,image_classes_filename,&error_msg)); } else {image_classes.reset(dex2oat->ReadImageClassesFromFile(image_classes_filename)); }if (image_classes.get() == nullptr) {LOG(ERROR) << "Failed to create list of image classes from '" << image_classes_filename <<"': " << error_msg; return EXIT_FAILURE; }} else if (image) {image_classes.reset(new std::set); }std::vector dex_files; if (boot_image_option.empty()) {dex_files = Runtime::Current()->GetClassLinker()->GetBootClassPath(); } else {if (dex_filenames.empty()) {ATRACE_BEGIN("Opening zip archive from file descriptor"); std::string error_msg; std::unique_ptr zip_archive(ZipArchive::OpenFromFd(zip_fd, zip_location.c_str(),&error_msg)); if (zip_archive.get() == nullptr) {LOG(ERROR) << "Failed to open zip from file descriptor for '" << zip_location << "': "<< error_msg; return EXIT_FAILURE; }if (!DexFile::OpenFromZip(*zip_archive.get(), zip_location, &error_msg, &dex_files)) {LOG(ERROR) << "Failed to open dex from file descriptor for zip file '" << zip_location<< "': " << error_msg; return EXIT_FAILURE; }ATRACE_END(); } else {size_t failure_count = OpenDexFiles(dex_filenames, dex_locations, dex_files); if (failure_count > 0) {LOG(ERROR) << "Failed to open some dex files: " << failure_count; return EXIT_FAILURE; }}const bool kSaveDexInput = false; if (kSaveDexInput) {for (size_t i = 0; i < dex_files.size(); ++i) {const DexFile* dex_file = dex_files[i]; std::string tmp_file_name(StringPrintf("/data/local/tmp/dex2oat.%d.%zd.dex", getpid(), i)); std::unique_ptr tmp_file(OS::CreateEmptyFile(tmp_file_name.c_str())); if (tmp_file.get() == nullptr) {PLOG(ERROR) << "Failed to open file " << tmp_file_name<< ". Try: adb shell chmod 777 /data/local/tmp"; continue; }//进行对dex文件写入操作tmp_file->WriteFully(dex_file->Begin(), dex_file->Size()); LOG(INFO) << "Wrote input to " << tmp_file_name; }}}// Ensure opened dex files are writable for dex-to-dex transformations.for (const auto& dex_file : dex_files) {if (!dex_file->EnableWrite()) {PLOG(ERROR) << "Failed to make .dex file writeable '" << dex_file->GetLocation() << "'\n"; }}if (!image && compiler_options->IsCompilationEnabled()) {size_t num_methods = 0; for (size_t i = 0; i != dex_files.size(); ++i) {const DexFile* dex_file = dex_files[i]; CHECK(dex_file != nullptr); num_methods += dex_file->NumMethodIds(); }if (num_methods <= compiler_options->GetNumDexMethodsThreshold()) {compiler_options->SetCompilerFilter(CompilerOptions::kSpeed); VLOG(compiler) << "Below method threshold, compiling anyways"; }}// Fill some values into the key-value store for the oat header.std::unique_ptr > key_value_store(new SafeMap()); // Insert some compiler things.std::ostringstream oss; for (int i = 0; i < argc; ++i) {if (i > 0) {oss << ' '; }oss << argv[i]; }key_value_store->Put(OatHeader::kDex2OatCmdLineKey, oss.str()); oss.str(""); // Reset.oss << kRuntimeISA; key_value_store->Put(OatHeader::kDex2OatHostKey, oss.str()); //编译dex文件功能,主要将dex文件转换我oat文件std::unique_ptr compiler(dex2oat->CreateOatFile(boot_image_option,android_root,is_host,dex_files,oat_file.get(),oat_location,bitcode_filename,image,image_classes,dump_stats,dump_passes,timings,compiler_phases_timings,profile_file,key_value_store.get())); if (compiler.get() == nullptr) {LOG(ERROR) << "Failed to create oat file: " << oat_location; return EXIT_FAILURE; }VLOG(compiler) << "Oat file written successfully (unstripped): " << oat_location; if (image) {//打印运行时间日志 TimingLogger::ScopedTiming t("dex2oat ImageWriter", &timings); //创建一个oat映射文件bool image_creation_success = dex2oat->CreateImageFile(image_filename,image_base,oat_unstripped,oat_location,*compiler.get()); if (!image_creation_success) {return EXIT_FAILURE; }VLOG(compiler) << "Image written successfully: " << image_filename; }if (is_host) {timings.EndTiming(); if (dump_timing || (dump_slow_timing && timings.GetTotalNs() > MsToNs(1000))) {LOG(INFO) << Dumpable(timings); }if (dump_passes) {LOG(INFO) << Dumpable(*compiler.get()->GetTimingsLogger()); }return EXIT_SUCCESS; }if (oat_unstripped != oat_stripped) {//记录程序执行时间TimingLogger::ScopedTiming t("dex2oat OatFile copy", &timings); oat_file.reset(); //用智能指针方式进行打开读取文件std::unique_ptr in(OS::OpenFileForReading(oat_unstripped.c_str())); std::unique_ptr out(OS::CreateEmptyFile(oat_stripped.c_str())); size_t buffer_size = 8192; std::unique_ptr buffer(new uint8_t[buffer_size]); while (true) {int bytes_read = TEMP_FAILURE_RETRY(read(in->Fd(), buffer.get(), buffer_size)); if (bytes_read <= 0) {break; }bool write_ok = out->WriteFully(buffer.get(), bytes_read); CHECK(write_ok); }oat_file.reset(out.release()); VLOG(compiler) << "Oat file copied successfully (stripped): " << oat_stripped; }#if ART_USE_PORTABLE_COMPILER// We currently only generate symbols on Portableif (!compiler_options.GetIncludeDebugSymbols()) {timings.NewSplit("dex2oat ElfStripper"); // Strip unneeded sections for targetoff_t seek_actual = lseek(oat_file->Fd(), 0, SEEK_SET); CHECK_EQ(0, seek_actual); std::string error_msg; CHECK(ElfStripper::Strip(oat_file.get(), &error_msg)) << error_msg; // 成功的编译成oat文件VLOG(compiler) << "Oat file written successfully (stripped): " << oat_location; } else {VLOG(compiler) << "Oat file written successfully without stripping: " << oat_location; }#endif// ART_USE_PORTABLE_COMPILERtimings.EndTiming(); if (dump_timing || (dump_slow_timing && timings.GetTotalNs() > MsToNs(1000))) {LOG(INFO) << Dumpable(timings); }if (dump_passes) {LOG(INFO) << Dumpable(compiler_phases_timings); }if (!kIsDebugBuild && (RUNNING_ON_VALGRIND == 0)) {dex2oat->LogCompletionTime(); exit(EXIT_SUCCESS); }return EXIT_SUCCESS; }// NOLINT(readability/fn_size)}// namespace art


    总结 【Android逆向之dex2oat的实现解析】基于以上的分析,我们可以指定dex2oat在我们现在android系统运行过程中占据很重要的地位,因为app安装,手机屏幕滑动,系统启动等等都需要和dex2oat打交道,同时dex2oat在加壳和脱壳方面应用场景,在脱壳方面通过修改dex2oat代码可以进行更好的脱壳。

      推荐阅读