KUNAI Static Analyzer
Kunai is a library for doing static binary analysis of Dalvik.
Loading...
Searching...
No Matches
dex_analysis.hpp
1//--------------------------------------------------------------------*- C++ -*-
2// Kunai-static-analyzer: library for doing analysis of dalvik files
3// @author Farenain <kunai.static.analysis@gmail.com>
4// @author Ernesto Java <javaernesto@gmail.com>
5//
6// @file dex_analysis.hpp
7// @brief This file offer all the analysis funcionality in just one class
8// we will use all the utilities from analysis.hpp
9
10#ifndef KUNAI_DEX_ANALYSIS_DEX_ANALYSIS_HPP
11#define KUNAI_DEX_ANALYSIS_DEX_ANALYSIS_HPP
12
13#include "Kunai/DEX/analysis/analysis.hpp"
14#include "Kunai/DEX/DVM/dex_disassembler.hpp"
15
16namespace KUNAI
17{
18namespace DEX
19{
20 class Analysis
21 {
23 std::vector<Parser*> parsers;
24
27 std::unordered_map<std::string,
28 std::unique_ptr<ClassAnalysis>> classes;
29
33 std::unordered_map<std::string,
34 std::unique_ptr<ExternalClass>> external_classes;
35
38 std::unordered_map<std::string,
39 std::unique_ptr<StringAnalysis>> strings;
40
43 std::unordered_map<std::string,
44 std::unique_ptr<MethodAnalysis>> methods;
45
48 std::unordered_map<std::string,
49 std::unique_ptr<ExternalMethod>> external_methods;
50
52 std::unordered_map<std::string, MethodAnalysis*> methods_hashes;
53
55 std::unordered_map<std::string,
56 MethodAnalysis*> method_hashes;
57
58 std::vector<FieldAnalysis*> all_fields;
59
61 DexDisassembler * disassembler;
62
64 bool created_xrefs = false;
65
75 void _create_xrefs(ClassDef * current_class);
76
83 MethodAnalysis* _resolve_method(std::string & class_name,
84 std::string & method_name, std::string & method_descriptor);
85
86 public:
87 Analysis(Parser * parser, DexDisassembler * disassembler, bool create_xrefs) :
88 created_xrefs(!create_xrefs), disassembler(disassembler)
89 {
90 if (parser)
91 add(parser);
92 }
93
97 void add(Parser * parser);
98
105 void create_xrefs();
106
110 ClassAnalysis* get_class_analysis(std::string &class_name)
111 {
112 auto it = classes.find(class_name);
113
114 if (it != classes.end())
115 return it->second.get();
116
117 return nullptr;
118 }
119
122 const std::unordered_map<std::string, std::unique_ptr<ClassAnalysis>>&
123 get_classes() const
124 {
125 return classes;
126 }
127
130 std::unordered_map<std::string, std::unique_ptr<ClassAnalysis>>&
131 get_classes()
132 {
133 return classes;
134 }
135
138 const std::unordered_map<std::string, std::unique_ptr<ExternalClass>>&
139 get_external_classes() const
140 {
141 return external_classes;
142 }
143
146 std::unordered_map<std::string, std::unique_ptr<ExternalClass>>&
147 get_external_classes()
148 {
149 return external_classes;
150 }
151
155 MethodAnalysis * get_method(std::variant<EncodedMethod*, ExternalMethod*> method)
156 {
157 std::string method_key;
158
159 if (method.index() == 0)
160 method_key = std::get<EncodedMethod*>(method)->getMethodID()->pretty_method();
161 else
162 method_key = std::get<ExternalMethod*>(method)->pretty_method_name();
163
164 auto it = methods.find(method_key);
165
166 if (it == methods.end())
167 return nullptr;
168
169 return it->second.get();
170 }
171
177 MethodAnalysis* get_method_analysis_by_name(std::string &class_name,
178 std::string &method_name,
179 std::string &method_descriptor)
180 {
181 std::string m_hash = class_name+method_name+method_descriptor;
182
183 auto it = method_hashes.find(m_hash);
184
185 if (it == method_hashes.end())
186 return nullptr;
187
188 return it->second;
189 }
190
196 MethodID* get_method_id_by_name(std::string &class_name,
197 std::string &method_name,
198 std::string &method_descriptor)
199 {
200 auto m_a = get_method_analysis_by_name(class_name, method_name, method_descriptor);
201
202 if (m_a && (!m_a->external()))
203 return std::get<EncodedMethod*>(m_a->get_encoded_method())->getMethodID();
204
205 return nullptr;
206 }
207
210 const std::unordered_map<std::string, std::unique_ptr<MethodAnalysis>>&
211 get_methods() const
212 {
213 return methods;
214 }
215
218 std::unordered_map<std::string, std::unique_ptr<MethodAnalysis>>&
219 get_methods()
220 {
221 return methods;
222 }
223
226 const std::unordered_map<std::string, std::unique_ptr<ExternalMethod>>&
227 get_external_methods() const
228 {
229 return external_methods;
230 }
231
234 std::unordered_map<std::string, std::unique_ptr<ExternalMethod>>&
235 get_external_methods()
236 {
237 return external_methods;
238 }
239
243 FieldAnalysis* get_field_analysis(EncodedField* field)
244 {
245 auto class_analysis = get_class_analysis(reinterpret_cast<DVMClass*>(field->get_field()->get_class())->get_name());
246
247 if (class_analysis)
248 return class_analysis->get_field_analysis(field);
249
250 return nullptr;
251 }
252
255 std::vector<FieldAnalysis*>& get_fields();
256
259 const std::unordered_map<std::string,
260 std::unique_ptr<StringAnalysis>>& get_string_analysis() const
261 {
262 return strings;
263 }
264
267 std::unordered_map<std::string,
268 std::unique_ptr<StringAnalysis>>& get_string_analysis()
269 {
270 return strings;
271 }
272
279 std::vector<ClassAnalysis*> find_classes(std::string& name, bool no_external);
280
289 std::vector<MethodAnalysis*> find_methods(std::string& class_name,
290 std::string& method_name,
291 std::string& descriptor,
292 std::string& accessflags,
293 bool no_external);
294
298 std::vector<StringAnalysis*> find_strings(std::string& str);
299
307 std::vector<FieldAnalysis*> find_fields(std::string& class_name,
308 std::string& field_name,
309 std::string& field_type,
310 std::string& accessflags);
311 };
312} // namespace DEX
313} // namespace KUNAI
314
315
316#endif
KUNAI::DEX::Analysis
Definition dex_analysis.hpp:21
KUNAI::DEX::Analysis::get_external_methods
const std::unordered_map< std::string, std::unique_ptr< ExternalMethod > > & get_external_methods() const
Return a constant reference to the ExternalMethods.
Definition dex_analysis.hpp:227
KUNAI::DEX::Analysis::get_field_analysis
FieldAnalysis * get_field_analysis(EncodedField *field)
Get a field given an encoded field.
Definition dex_analysis.hpp:243
KUNAI::DEX::Analysis::get_classes
const std::unordered_map< std::string, std::unique_ptr< ClassAnalysis > > & get_classes() const
Get a constant reference to the classes.
Definition dex_analysis.hpp:123
KUNAI::DEX::Analysis::get_class_analysis
ClassAnalysis * get_class_analysis(std::string &class_name)
Get a ClassAnalysis object by the class name.
Definition dex_analysis.hpp:110
KUNAI::DEX::Analysis::add
void add(Parser *parser)
Add all the classes and methods from a parser to the analysis class.
KUNAI::DEX::Analysis::create_xrefs
void create_xrefs()
Create class, method, string and field cross references if you are using multiple DEX files,...
KUNAI::DEX::Analysis::find_methods
std::vector< MethodAnalysis * > find_methods(std::string &class_name, std::string &method_name, std::string &descriptor, std::string &accessflags, bool no_external)
Find MethodAnalysis object by name with regular expression. This time is necessary to specify more va...
KUNAI::DEX::Analysis::get_external_classes
std::unordered_map< std::string, std::unique_ptr< ExternalClass > > & get_external_classes()
Get a reference to external classes.
Definition dex_analysis.hpp:147
KUNAI::DEX::Analysis::get_methods
const std::unordered_map< std::string, std::unique_ptr< MethodAnalysis > > & get_methods() const
Return a constant reference to the method analysis.
Definition dex_analysis.hpp:211
KUNAI::DEX::Analysis::find_classes
std::vector< ClassAnalysis * > find_classes(std::string &name, bool no_external)
Find classes by name with regular expression, the method returns a list of ClassAnalysis object that ...
KUNAI::DEX::Analysis::find_fields
std::vector< FieldAnalysis * > find_fields(std::string &class_name, std::string &field_name, std::string &field_type, std::string &accessflags)
Find FieldAnalysis objects using regular expressions find those that are in classes.
KUNAI::DEX::Analysis::find_strings
std::vector< StringAnalysis * > find_strings(std::string &str)
Find the strings that match a provided regular expression.
KUNAI::DEX::Analysis::get_external_methods
std::unordered_map< std::string, std::unique_ptr< ExternalMethod > > & get_external_methods()
Return a reference to the ExternalMethods.
Definition dex_analysis.hpp:235
KUNAI::DEX::Analysis::get_methods
std::unordered_map< std::string, std::unique_ptr< MethodAnalysis > > & get_methods()
Return a reference to the method analysis.
Definition dex_analysis.hpp:219
KUNAI::DEX::Analysis::get_external_classes
const std::unordered_map< std::string, std::unique_ptr< ExternalClass > > & get_external_classes() const
Get a constant reference to external classes.
Definition dex_analysis.hpp:139
KUNAI::DEX::Analysis::get_method_id_by_name
MethodID * get_method_id_by_name(std::string &class_name, std::string &method_name, std::string &method_descriptor)
Obtain a MethodID by different values.
Definition dex_analysis.hpp:196
KUNAI::DEX::Analysis::get_fields
std::vector< FieldAnalysis * > & get_fields()
Get all the fields from all the classes.
KUNAI::DEX::Analysis::get_method
MethodAnalysis * get_method(std::variant< EncodedMethod *, ExternalMethod * > method)
Get a MethodAnalysis pointer given an Encoded or External Method.
Definition dex_analysis.hpp:155
KUNAI::DEX::Analysis::get_string_analysis
std::unordered_map< std::string, std::unique_ptr< StringAnalysis > > & get_string_analysis()
Get a reference to the StringAnalysis map.
Definition dex_analysis.hpp:268
KUNAI::DEX::Analysis::get_method_analysis_by_name
MethodAnalysis * get_method_analysis_by_name(std::string &class_name, std::string &method_name, std::string &method_descriptor)
Obtain a method anaylsis by different values.
Definition dex_analysis.hpp:177
KUNAI::DEX::Analysis::get_classes
std::unordered_map< std::string, std::unique_ptr< ClassAnalysis > > & get_classes()
Get a reference to the classes.
Definition dex_analysis.hpp:131
KUNAI::DEX::Analysis::get_string_analysis
const std::unordered_map< std::string, std::unique_ptr< StringAnalysis > > & get_string_analysis() const
Get a constant reference to the StringAnalysis objects.
Definition dex_analysis.hpp:260
KUNAI::DEX::ClassAnalysis
Specification of the class analysis, this class contains fields, strings, methods....
Definition analysis.hpp:765
KUNAI::DEX::ClassDef
Definition of class with all the ids and offsets for all the other data.
Definition classes.hpp:152
KUNAI::DEX::DVMClass
Classes of the DVM.
Definition types.hpp:174
KUNAI::DEX::DVMClass::get_name
const std::string & get_name() const
Get the name of the class.
Definition types.hpp:206
KUNAI::DEX::DexDisassembler
Disassembler for DEX data.
Definition dex_disassembler.hpp:27
KUNAI::DEX::EncodedField
Class that represent field information it contains a FieldID and also the access flags.
Definition encoded.hpp:266
KUNAI::DEX::EncodedField::get_field
const FieldID * get_field() const
Get a constant pointer to the FieldID.
Definition encoded.hpp:288
KUNAI::DEX::FieldAnalysis
specification of a field analysis
Definition analysis.hpp:379
KUNAI::DEX::FieldID::get_class
const DVMType * get_class() const
Get a constant pointer to the class where field is.
Definition fields.hpp:65
KUNAI::DEX::MethodAnalysis
Specification of the method analysis, a method contains instructions, exceptions data,...
Definition analysis.hpp:491
KUNAI::DEX::MethodID
MethodID represents a single method from DEX file.
Definition methods.hpp:28
KUNAI::DEX::Parser
Definition parser.hpp:29
KUNAI
utilities
Definition analysis.hpp:23
Generated by doxygen 1.9.8