asmdex issueshttps://gitlab.ow2.org/asm/asmdex/-/issues2018-04-26T15:00:50Zhttps://gitlab.ow2.org/asm/asmdex/-/issues/317628ArrayIndexOutOfBoundsException when reading a ClassNode from byte array2018-04-26T15:00:50ZDawid KeppoArrayIndexOutOfBoundsException when reading a ClassNode from byte arrayAs in the subject.
StackTrace: https://pastebin.com/MD41iELg
ASMUtils#getNode method:
https://pastebin.com/22Wvft8X
30 line in Main#hideCode method:
ClassNode cn = ASMUtils.getNode(IOUtils.toByteArray(jis));As in the subject.
StackTrace: https://pastebin.com/MD41iELg
ASMUtils#getNode method:
https://pastebin.com/22Wvft8X
30 line in Main#hideCode method:
ClassNode cn = ASMUtils.getNode(IOUtils.toByteArray(jis));https://gitlab.ow2.org/asm/asmdex/-/issues/317626Error while using ASM to manipulate some instruction.2018-03-22T07:22:36ZHaidar AliError while using ASM to manipulate some instruction.Please help me to resolve this issue. Attaching the jar for more detail. This jar is converted from apk using dex2jar tool.
[luavmandroid-dex2jar.jar](/uploads/abdcbd1a1deda2cf8c9a3e1a812bd555/luavmandroid-dex2jar.jar)
Error in accept ...Please help me to resolve this issue. Attaching the jar for more detail. This jar is converted from apk using dex2jar tool.
[luavmandroid-dex2jar.jar](/uploads/abdcbd1a1deda2cf8c9a3e1a812bd555/luavmandroid-dex2jar.jar)
Error in accept in Class ==>com/cm/util/d
java.lang.IllegalArgumentException: Lcom/cm/util/d<TK;TV;>.com/cm/util/h;: ';' expected at index 26
at org.objectweb.asm.util.CheckMethodAdapter.checkChar(Unknown Source)
at org.objectweb.asm.util.CheckMethodAdapter.checkClassTypeSignature(Unknown Source)
at org.objectweb.asm.util.CheckMethodAdapter.checkFieldTypeSignature(Unknown Source)
at org.objectweb.asm.util.CheckMethodAdapter.checkFieldSignature(Unknown Source)
at org.objectweb.asm.util.CheckClassAdapter.visitField(Unknown Source)
at org.objectweb.asm.tree.FieldNode.accept(Unknown Source)
at org.objectweb.asm.tree.ClassNode.accept(Unknown Source)
at com.kony.codeinjection.util.KonyPolicyAdapter.visitEnd(KonyPolicyAdapter.java:582)
at org.objectweb.asm.ClassReader.accept(Unknown Source)
at org.objectweb.asm.ClassReader.accept(Unknown Source)
at com.kony.codeinjection.Injector.inject(Injector.java:87)
at com.kony.codeinjection.util.JarUtil.CodeInjectJar(JarUtil.java:61)
at com.kony.codeinjection.MainRun.main(MainRun.java:178)
Error in accept in Class ==>com/dropbox/client2/DropboxAPIjava.lang.IllegalArgumentException: (Ljava/io/InputStream;J)Lcom/dropbox/client2/DropboxAPI<TSESS_T;>.com/dropbox/client2/d;: ';' expected at index 69https://gitlab.ow2.org/asm/asmdex/-/issues/317624Dex merging2017-09-30T14:22:54ZvipinDex merging```
Asmdex should provide a in built adapter to help in merging two dex
files. This is useful when instrumenting classes. Currently the workaround is
to use the dex merger from android sdk.
``````
Asmdex should provide a in built adapter to help in merging two dex
files. This is useful when instrumenting classes. Currently the workaround is
to use the dex merger from android sdk.
```https://gitlab.ow2.org/asm/asmdex/-/issues/317623Incorrect parm annotation position calculation2017-12-24T09:25:30ZbrianleIncorrect parm annotation position calculation```
Got the following exception when reading a DEX file.
Throwable occurred: java.lang.ArrayIndexOutOfBoundsException: 4714968
at org.ow2.asmdex.lowLevelUtils.DexFileReader.uint(DexFileReader.java:457)
at
org.ow2.asmdex.lowLevelUtils.D...```
Got the following exception when reading a DEX file.
Throwable occurred: java.lang.ArrayIndexOutOfBoundsException: 4714968
at org.ow2.asmdex.lowLevelUtils.DexFileReader.uint(DexFileReader.java:457)
at
org.ow2.asmdex.lowLevelUtils.DexFileReader.getAnnotationItemOffsetsFromAnnotationSetItem(DexFileRea
der.java:205)
at org.ow2.asmdex.ApplicationReader.readAndVisitAnnotations(ApplicationReader.java:1235)
at org.ow2.asmdex.ApplicationReader.visitMethods(ApplicationReader.java:777)
at org.ow2.asmdex.ApplicationReader.visitClass(ApplicationReader.java:614)
at org.ow2.asmdex.ApplicationReader.accept(ApplicationReader.java:442)
at org.ow2.asmdex.ApplicationReader.accept(ApplicationReader.java:343)
Note that 4714968 is also the DEX file size in bytes. The DEX file is attached. I attempted to create a
simple APK to reproduce the problem but it was unsuccessful.
Using the attached DEX file I was able to track it down to the point where method
setActionBarUpIndicator(Drawable upDrawable, @StringRes int contentDescRes) of
android.support.v4.app.ActionBarDrawerToggle$Delegate is visited. Specifically,
// Visits the parameter annotations.
if (parameterAnnotationOffsetsOfClass.containsKey(methodIndex)) {
dexFile.seek(parameterAnnotationOffsetsOfClass.get(methodIndex)); //
Now pointing on anotation_set_ref_list.
int nbAnnotations = dexFile.uint(); <== RETURN 2 ANNOTATIONS
for (int annotationIndex = 0; annotationIndex < nbAnnotations;
annotationIndex++) {
int annotationSetItemOffset = dexFile.uint(); <== THE OFFSET IS
ZERO
int saveReaderPosition = dexFile.getPos();
dexFile.seek(annotationSetItemOffset);
readAndVisitAnnotations(methodVisitor, annotationIndex,
VisitorType.methodVisitor);
dexFile.seek(saveReaderPosition);
}
}
Because the annotation offset is zero causing dexFile.getAnnotationItemOffsetsFromAnnotationSetItem() to
read the entire 4714968 bytes and crash.
Dex2Jar v2 is ok but an older version (dex2jar-0.0.9.13) also encounters the same problem:
com.googlecode.dex2jar.DexException: while accept method:
[Landroid/support/v4/app/ActionBarDrawerToggle$Delegate;.setActionBarUpIndicator(Landroid/graphics/
drawable/Drawable;I)V]
at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:701)
at com.googlecode.dex2jar.reader.DexFileReader.acceptClass(DexFileReader.java:448)
at com.googlecode.dex2jar.reader.DexFileReader.accept(DexFileReader.java:330)
at com.googlecode.dex2jar.v3.Dex2jar.doTranslate(Dex2jar.java:84)
at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:239)
at com.googlecode.dex2jar.v3.Dex2jar.to(Dex2jar.java:230)
at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:109)
at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:168)
at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:34)
Caused by: com.googlecode.dex2jar.DexException: while accept parameter annotation in method:
[Landroid/support/v4/app/ActionBarDrawerToggle$Delegate;.setActionBarUpIndicator(Landroid/graphics/
drawable/Drawable;I)V], parameter:[0]
at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:670)
... 8 more
Caused by: com.googlecode.dex2jar.DexException: Not support yet.
at com.googlecode.dex2jar.reader.Constant.ReadConstant(Constant.java:128)
at com.googlecode.dex2jar.reader.DexAnnotationReader.accept(DexAnnotationReader.java:58)
at com.googlecode.dex2jar.reader.DexFileReader.acceptMethod(DexFileReader.java:667)
```https://gitlab.ow2.org/asm/asmdex/-/issues/317582Corrupted Dex file created using simple reader-writer chain2017-12-24T09:25:30ZacattanCorrupted Dex file created using simple reader-writer chain```
Hi,
I'm trying to read a dex file and write it back without any modifications.
My code is very simple, as follows:
File dexFile = new File("classes.dex");
ApplicationReader ar = new ApplicationReader(Opcodes.ASM4, dexFile);
Applica...```
Hi,
I'm trying to read a dex file and write it back without any modifications.
My code is very simple, as follows:
File dexFile = new File("classes.dex");
ApplicationReader ar = new ApplicationReader(Opcodes.ASM4, dexFile);
ApplicationWriter awr = new ApplicationWriter(ar);
ar.accept(awr, 0);
FileOutputStream fos = new FileOutputStream("classes-mod.dex");
fos.write(awr.toByteArray());
fos.close();
However, the newly created dex file seems to be corrupted. When I run
dexdump, I get the following output:
Processing 'classes-mod.dex'...
E/dalvikvm( 4072): Invalid annotations_directory_item
E/dalvikvm( 4072): Trouble with item 332 @ offset 0x5d090
E/dalvikvm( 4072): Cross-item verify of section type 0006 failed
E/dalvikvm( 4072): ERROR: Byte swap + verify failed
ERROR: Failed structural verification of 'classes-mod.dex'
Also running baksmali produces errors.
Attached is the original dex file.
I also tried creating the ApplicationWriter without passing it the
ApplicationReader in the constructor, but the result was the same.
I apologize in advance - I'm a newbie using asmdex, perhaps I'm doing
something wrong...
Thanks!
Ariel
```https://gitlab.ow2.org/asm/asmdex/-/issues/317549asmdex rewrites try_end before try_start2017-12-24T09:25:30Zphikon521asmdex rewrites try_end before try_start```
If the last 2 smali instructions in the method are try_end & catchall, and
an additional instruction is added anywhere in the method then asmdex will
move the try_end & catchall above try_start.
NEW:===============================...```
If the last 2 smali instructions in the method are try_end & catchall, and
an additional instruction is added anywhere in the method then asmdex will
move the try_end & catchall above try_start.
NEW:================================================================
.method public static open()V
.locals 3
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/lang/Exception;
}
.end annotation
.prologue
.line 12
new-instance v1, Ljava/net/Socket;
invoke-static {}, Ljava/net/Socket;->createObject()Ljava/net/Socket;
move-result-object v1
.line 13
.local v1, "s":Ljava/net/Socket;
new-instance v0, Ljava/net/ConnectException;
invoke-direct {v0}, Ljava/net/ConnectException;-><init>()V
.line 16
.local v0, "c":Ljava/net/ConnectException;
:catchall_0
move-exception v2
throw v2
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
:try_start_0
throw v0
.end method
ORIGINAL:============================================================
.method public static open()V
.locals 3
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/lang/Exception;
}
.end annotation
.prologue
.line 12
new-instance v1, Ljava/net/Socket;
invoke-direct {v1}, Ljava/net/Socket;-><init>()V
.line 13
.local v1, "s":Ljava/net/Socket;
new-instance v0, Ljava/net/ConnectException;
invoke-direct {v0}, Ljava/net/ConnectException;-><init>()V
.line 15
.line 16
.local v0, "c":Ljava/net/ConnectException;
:catchall_0
move-exception v2
throw v2
:try_start_0
throw v0
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.end method
```https://gitlab.ow2.org/asm/asmdex/-/issues/316685wrong label offset after adding a line in a catch clause2017-12-24T09:25:30Zhanagiatwrong label offset after adding a line in a catch clause```
I’m trying to add simple log call to every catch clause in an apk.
When doing so, there are cases where the try end label is out of the files
scope. (For a very short method the try end label position is 65774 ).
I attached a small ...```
I’m trying to add simple log call to every catch clause in an apk.
When doing so, there are cases where the try end label is out of the files
scope. (For a very short method the try end label position is 65774 ).
I attached a small jar containing an application that inserts a simple hook in
every catch clause, and a sample apk (Boat_Browser) on which I experienced the
problem.
I also debuged ASMDEX and found the point where the label offset is changed to
the mysterious value.
The flow is simple:
1. org.ow2.asmdex.tree.ApplicationNode#accept
2. org.ow2.asmdex.tree.ClassNode#accept
3. org.ow2.asmdex.tree.MethodNode#accept(org.ow2.asmdex.ClassVisitor),
here before the line: instructions.accept(mv); everything is great, here for
every label we get to
a. org.ow2.asmdex.tree.LabelNode#accept
b. org.ow2.asmdex.MethodVisitor#visitLabel
c. org.ow2.asmdex.structureCommon.Label#setOffset , here the offset of
the last try catch start label is changed to a strange number (after the end
label & after the end of the method end which is strange because the code is
CodeItem codeItem = getCodeItem();
label.setOffset(codeItem.getSize()); ). In the apk attached you will find it in
clz.name.equals("Lcom/boatbrowser/free/bw;")&&method.name.equals("a")&&method.d
esc.equals("VLandroid/os/Bundle;)
the start label of the last try catch block was changed from 180 to 198 where
the method length is 188
.
Also attached is the source code for my small application (all is included in
the zip).
I tried debugging it and could not find the root cause for the problem.
You can run my application by running: java –jar my-app.jar <path to
Boat_Browser.apk>.
java.lang.RuntimeException: Try end offset 65769 is past the end of the code
block.
at
org.jf.baksmali.Adaptors.MethodDefinition.addTries(MethodDefinition.java:476)
at
org.jf.baksmali.Adaptors.MethodDefinition.getMethodItems(MethodDefinition.java:
316)
at org.jf.baksmali.Adaptors.MethodDefinition.
(MethodDefinition.java:132)
at
org.jf.baksmali.Adaptors.ClassDefinition.writeMethods(ClassDefinition.java:338)
at
org.jf.baksmali.Adaptors.ClassDefinition.writeDirectMethods(ClassDefinition.jav
a:294)
at
org.jf.baksmali.Adaptors.ClassDefinition.writeTo(ClassDefinition.java:116)
at org.jf.baksmali.baksmali.disassembleDexFile(baksmali.java:186)
at brut.androlib.src.SmaliDecoder.decode(SmaliDecoder.java:49)
at brut.androlib.src.SmaliDecoder.decode(SmaliDecoder.java:34)
```https://gitlab.ow2.org/asm/asmdex/-/issues/316499const-string ushort overflow for string item2017-12-24T09:25:30Zeros_leverconst-string ushort overflow for string item```
I was trying to instrument a huge DEX with more than 0xFFFF string items.
What happened is that the symbolicIndex reached values over the 65536 limit for
values whose original string index is supposed to fit in a ushort.
This causes...```
I was trying to instrument a huge DEX with more than 0xFFFF string items.
What happened is that the symbolicIndex reached values over the 65536 limit for
values whose original string index is supposed to fit in a ushort.
This causes an overflow of the ushort value when writing a const-string
instruction.
###################################################################
org.ow2.asmdex.structureWriter.ConstantPool:addStringToConstantPool
public void addStringToConstantPool(String string) {
if (string != null) {
if (useSymbolicElements) {
if (!symbolicStringsToIndexes.containsKey(string)) {
--> symbolicStringsToIndexes.put(string,
symbolicStringsToIndexes.size());
}
}
strings.add(string);
}
}
The symbolic index can exceed 0xFFFF
##################################################################
org.ow2.asmdex.instruction.InstructionFormat21C:write
public void write(ByteVector out, ConstantPool constantPool) {
test8BitsLimit(registerA);
// The format is AA|op BBBB.
out.putShort(((registerA & 0xff) << 8) + opcodeByte);
// The index may be a Type, or a String index.
int index;
if (opcodeByte == 0x1a) {
--> index = constantPool.getStringIndex(stringOrType);
} else if ((opcodeByte == 0x1c) || (opcodeByte == 0x1f) || (opcodeByte
== 0x22)) {
index = constantPool.getTypeIndex(stringOrType);
} else { // 0x60...0x6d
index = constantPool.getFieldIndex(field);
}
--> out.putShort(index);
}
symbolicIndex is read and written as a ushort (even if it does not fit)
##################################################################
org.ow2.asmdex.lowLevelUtils.ByteVector:putShort
public ByteVector putShort(final int s) {
int length = this.length;
if (length + 2 > data.length) {
enlarge(2);
}
byte[] data = this.data;
--> data[length++] = (byte) s; // Swapped.
--> data[length++] = (byte) (s >>> 8); // Swapped.
this.length = length;
return this;
}
No warnings are raised for the overflow.
```https://gitlab.ow2.org/asm/asmdex/-/issues/316421transforming const-string to const-string/jumbo generates an invalid dex2017-12-24T09:25:31Zvipintransforming const-string to const-string/jumbo generates an invalid dex```
public class JumboRewriter extends ClassVisitor {
private boolean jumboON = false;
public JumboRewriter(int api, ClassVisitor cv, boolean jumboON) {
super(api, cv);
this.jumboON = jumboON;
}
@Override
public MethodVisitor v...```
public class JumboRewriter extends ClassVisitor {
private boolean jumboON = false;
public JumboRewriter(int api, ClassVisitor cv, boolean jumboON) {
super(api, cv);
this.jumboON = jumboON;
}
@Override
public MethodVisitor visitMethod(int access, String name, String desc,
String[] signature, String[] exceptions) {
MethodVisitor mv = cv.visitMethod(access, name, desc,
signature, exceptions);
if(jumboON)
return new JumboMethodVisitor(Opcodes.ASM4, mv);
else
return mv;
}
}
import org.ow2.asmdex.MethodVisitor;
import org.ow2.asmdex.Opcodes;
public class JumboMethodVisitor extends MethodVisitor implements Opcodes{
public JumboMethodVisitor(int api, MethodVisitor mv) {
super(api, mv);
// TODO Auto-generated constructor stub
}
public void visitStringInsn(int opcode,
int destinationRegister,
java.lang.String string)
{
super.visitStringInsn(Opcodes.INSN_CONST_STRING_JUMBO,
destinationRegister, string);
}
}
----------------
File dexFile = new File(inputFile);
ApplicationWriter aw = new ApplicationWriter();
ApplicationVisitor avr = new ApplicationVisitorRaw(aw);
aw.visit();
ApplicationVisitorRaw.skipRHelper = skip;
ApplicationReader(Opcodes.ASM4, dexFile);
ar.accept(avr, 0);
ApplicationVisitorRaw.skipRHelper = false;
aw.visitEnd();
byte[] b = aw.toByteArray();
FileOutputStream fout = new FileOutputStream(outFile);
fout.write(b);
fout.close();
```