I've just pushed in the mercurial repository of androguard a new tool called androdump to dump from a virtual machine (JVM, DVM) the original .class or .dex files, and to do the analysis with androguard.
The tool will be really improved in future, but it's usable for python coders, and you can be interesting ;) I've implemented JVM memory dump for Linux by using python-ptrace, and I'm using androguard to analyze the class file.
For example, if you run a java program :
pouik@camelot:~/androguard/examples/java/test2$ java Test2
x = 1094795585 z = 1111638594 T = HELLO TEST2 !!!!
If you have the right to attach to this process, you can used androdump :
pouik@camelot:~/androguard$ ps aux |grep java
pouik 21008 0.1 0.5 673840 10688 pts/5 Sl+ 10:28 0:02 java Test2
pouik 21548 0.0 0.0 3060 812 pts/2 S+ 11:00 0:00 grep java
pouik@camelot:~/androguard$ ./androdump.py -i 21008
HEADER 0x6f990000-0x6fee0000 (rw-p)
Test2 ()V
Test2 get_x ()I
Test2 main ([Ljava/lang/String;)V
Test2bis ()V
Test2bis get_T ()Ljava/lang/String;
In the current version of androdump, I display only information about methods :
j = jvm.JVMFormat( i )
for method in j.get_methods() :
print method.get_class_name(), method.get_name(), method.get_descriptor()
But you can do what you want because it's a classical JVMFormat ! I will add more interesting functions in the next change to have a more usable tool ;)
No comments:
Post a Comment