2012年3月23日金曜日
Which Multiple Desktop Tool For Windows 7?
"MacOS has spaces. Windows had no out-of-the-box utility for multiple virtual desktops. Which Multiple Desktop Tool should one use on Windows 7?Sysinternals Desktops, mdesktop, Dexpot, Virtual Dimension, VirtuaWin,Finestra are the few options that I have shortlisted."So, if you use both Windows and multiple desktops, what's your favorite method?
モバイルブラウザ向けテストスイート、RingMarkを公開
RingMarkは、ブラウザの機能テストを行うための新しいテストスイートです。
特徴的なのは、そのUIです。3つの輪からなるデザインは、輪が内側に行くほど「実装が望まれる」機能のセットを表しています。このUIは、前述したコミュニティグループの話題と関連しており、「開発者にとって優先順位の高い機能から実装するよう、ブラウザベンダに呼び掛けていく」という役割を可視化したものだといえます。
Mozillaが新モバイルOS搭載デバイスとアプリマーケットを披露
Mozillaが「Boot to Gecko」(B2G)というプロジェクトで、モバイル向け新OSを開発していることは少し前から知られていました(mozilla vision 2012の講演スライド(PDF)がこちらにあります)。
今回ついに、Telefonicaというベンダと協力して開発された、B2G搭載デバイスがお披露目されました。Open web deviceと名付けられたその製品は、こちらで動作するデモを見られます。
こうして現実に動作する様子を見ると、ついにMozillaがOSベンダになろうとしているのだな、と想像できます。iOS、Android、Windows Phone、Blackberryなどと競合することになるわけですね。Boot to Geckoがどれくらいの成功を収めるか、その結果が分かるのは少し未来のことになるでしょう(Boot to Geckoの正式リリースは2012年中を予定)。しかし、とにかくWebとモバイルを中心として、OSレベルのプラットフォームにおいても一層競争が激化していくのは間違いないようです。
Internet Explorer 10の新しいプレビュー版が登場
Windows 8には、Internet Explorerの最新版であるバージョン10が搭載されることが決定しています(IE10はWindows7でも動作するようになる予定です)。
IE10は、昨年の9月に開発者向けプレビュー、11月にプラットフォームプレビューがリリースされていました。今回は5つ目のプレビュー版ということになります。
IE10の新機能については、こちらのページにコンパクトにまとまっています。英語ですが、HTML5/CSSや周辺のAPIに詳しい方なら、一見して把握できるでしょう。
個人的には、アプリケーションキャッシュやIndexed Database API、File APIといったオフラインWebアプリケーションの機能が充実したこと、そしてなんといってもWebSocketに対応したことに注目しています。これらのAPIは、Webアプリケーションの在り方を大きく変えていくのが間違いないだけに、IE10が対応したことでWebの有様が一変するのではないかと期待しています。
また、Internet Explorer 10の新機能をアピールするためのサンプルが集められたサイトとして、「Internet Explorer 10 Test Drive」があります。なかなか凝ったサンプルもありますので、一度見ておくことをお勧めします。
○ Windows 8のMetro対応アプリはHTML5で開発可能
すでにさまざまなところで紹介されている情報ですが、Windows 8では、Web技術を使ってWindowsアプリを作成することが可能です。マイクロソフト自身も、HTML5/JavaScriptで自社アプリケーションを開発していると宣言(外部サイト)しており、Web技術はWindowsアプリ開発において重要な位置を占めているといって間違いないでしょう。
今回のプレビューから利用可能になった、Windows専用のアプリストア「Windows Store」は、Windowsの膨大なユーザベースに対してアプリケーションを販売できる、非常に有力なチャネルと目されています。
陳腐化しないオープンな標準技術を習得してさえいれば、こうしたプラットフォームを利用できる可能性が開かれているというのは、技術者にとっても非常にうれしいことです。
2012年3月22日木曜日
dex2jar
http://code.google.com/p/dex2jar/
dex2jar contains 4 compment
- dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM. An example here
- dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format.
- dex-ir used by dex-translator, is designed to represent the dex instruction
- dex-tools tools to work with .class files. here are examples:
Android Reverse Engineering - A Kick Start
| See Also |
| Contents |
| Setting up the Ground |
| Well, it seems people are getting crazy about Android platform(everyone is trying to buy an Android phone!). I don�t have an Android cell phone but, lets see if I can get my hands dirty with this Linux+java clean room engineered platform. To begin our journey we need Android SDK, a target to test with and the necessary tools. You can download the necessary file from these locations: Android SDK: http://developer.Android.com/sdk/index.html Deurus Android crackme 03: http://crackmes.de/users/deurus/android_crackme03/ Smali and baksmali: http://code.google.com/p/smali/ Dex2jar: http://code.google.com/p/dex2jar/ Java decompiler: http://java.decompiler.free.fr/ Download and install Android SDK, SDK platform(latest is 2.2 at the time of writing), necessary Java packages and rest of the tools. Create a virtual device from SDK menu and start emulation. Within few minutes you can see the emulator booting up and showing the phone screen. Well, thats it! we have our emulator up and running. |
| Getting Started with the Game |
| Now we need to install the software(crackme, its legal!) to the emulator. For that you may have to get acquainted with Android debug bridge(adb). Installing a apk file is pretty simple, all you have to do is to run two commands from Android SDK directory/tools. |
 |
| After the installation you can see the crackme icon from application menu. |
 |
| Now run the crackme by clicking on it. If everything went as expected you will see the crackme application on the screen. |
 |
| Now we will play with it, pressing check button with no inputs pops a message 'Min 4 chars', and with a proper name it pops up 'Bad boy'. We have to remember these strings because we will be using them as our search keys when we disassemble the apk(actually dex) files. Also note that we have two hardware ids and we need to find out what those exactly means. |
| Real Android Reversing |
| As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name fromCrackme03.apk to Crackme03.zip and decompress it to any folder. |
 |
| Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots. |
 |
| If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching �Min 4 chars� in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130. |
 |
| Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number. |
| 01 //Read name from text box 02 const v23, 0x7f050004 03 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View; 04 move-result-object v9 05 06 //Read serial from text box 07 const v23, 0x7f050006 08 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View; 09 move-result-object v21 10 11 //Checking whether the name is of length greate than 4 12 const/16 v22, 0x4 13 move v0, v11 14 move/from16 v1, v22 15 if-ge v0, v1, :cond_51 16 17 //Popup showing Min 4 chars 18 const-string v23, "Min 4 chars" 19 const/16 v24, 0x1 20 .line 86 21 invoke-static/range {v22 .. v24}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast; 22 move-result-object v13 23 .line 88 24 .local v13, notificacionToast:Landroid/widget/Toast; 25 invoke-virtual {v13}, Landroid/widget/Toast;->show()V 26 27 //There is a little exception trick to make integer string from username 28 //It converts aaaa to 97979797 which is ascii equivalent 29 invoke-virtual {v10, v5}, Ljava/lang/String;->charAt(I)C 30 move-result v3 31 32 //Getting first 5 chars from ascii converted name 33 const/16 v22, 0x0 34 const/16 v23, 0x5 35 move-object v0, v12 36 move/from16 v1, v22 37 move/from16 v2, v23 38 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String; 39 40 //Converting it into integer abd xoring with 0x6B016 - Serial part 1 41 invoke-static {v12}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I 42 move-result v22 43 const v23, 0x6b016 44 xor-int v22, v22, v23 45 46 //Getting IMEI from TelephonyManager 47 //http://developer.Android.com/reference/Android/telephony/TelephonyManager.html 48 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; 49 move-result-object v6 50 .line 102 51 .local v6, imei2:Ljava/lang/String; 52 53 //Getting sim serial 54 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getSimSerialNumber()Ljava/lang/String; 55 move-result-object v16 56 .line 103 57 .local v16, simsn:Ljava/lang/String; 58 59 //Getting first 6 chars from IMEI, and similarly from sim serial (IMEI.Substring(0,6) will be used as Serial part 3) 60 const/16 v22, 0x0 61 const/16 v23, 0x6 62 move-object v0, v6 63 move/from16 v1, v22 64 move/from16 v2, v23 65 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String; 66 67 //Converting them to integer and xoring - Serial part2 68 invoke-static/range {v19 .. v19}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I 69 move-result v22 70 invoke-static/range {v20 .. v20}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I 71 move-result v23 72 xor-int v22, v22, v23 73 74 //Making a new StringBuilder object and formatting the string to part1-part2-part3 75 new-instance v22, Ljava/lang/StringBuilder; 76 invoke-static {v12}, Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String; 77 move-result-object v23 78 invoke-direct/range {v22 .. v23}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V 79 const-string v23, "-" 80 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 81 move-result-object v22 82 invoke-static/range {v17 .. v18}, Ljava/lang/String;->valueOf(J)Ljava/lang/String; 83 move-result-object v23 84 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 85 move-result-object v22 86 const-string v23, "-" 87 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 88 move-result-object v22 89 move-object/from16 v0, v22 90 move-object/from16 v1, v19 91 invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; 92 move-result-object v22 93 94 //Checking whether user entered serial and program made serials are equal. 95 invoke-virtual {v14, v15}, Ljava/lang/String;->equals(Ljava/lang/Object;) |
| As you can see, the algorithm is pretty straight forward. It is using name and two hardware ids as input and doing some operations on them to make a serial. We can easily recode it in any programming language we prefer to make it as a keygen. Anyway, I am not posting any keygen sources as it will spoil the whole phun! |
| Decoding the Algorithm |
| A demonstrative serial calculation routine is given below: |
| Name: aaaaa HW ID1: 0000000000000000 HW ID2: 89014103211118510720 |
| Here are stepwise instructions on generating final serial number |
|
| Final Verification of Reversing |
| Now we will put the same magic number into our Crackme application. |
 |
| Bingo! everything worked as expected. Now, for all those who thinks it is pretty hard to read all those disassembled instructions and manually converting them to higher language constructs, there are other options. As dalvik is based on design of Java, it is also susceptible to decompilation. There is no decompiler available at this moment, but there is hope. For now we can use another utility which converts dex files to jar files so that we can use Java decompilers to see much more abstracted code. From starting of this blog post you may have noticed the tool dex2jar. Use dex2jar to convert classes.dex to classes.dex.dex2jar.jar. Open it in a Java decompiler and you can see much better output than dalvik disassembly. Please note that dex2jar is still in development phase and the output is meaningless at many places. This should be used only to get a quick understanding of all the functions. |
| Conclusion |
| In this introductory article, Dhanesh explains reversing Andriod using the emulator and all available tools in sequence with pictorial elaborative steps. It is mainly based to set up your ground for further reversing work on Andriod Platform. |
| Well, thats it! We have analyzed an Android program and defeated its protection. Cheerio! |
| See Also |
Java Decompiler project
http://java.decompiler.free.fr
The "Java Decompiler project" aims to develop tools in order to decompile and analyze Java 5 "byte code" and the later versions.
JD-Core is a library that reconstructs Java source code from one or more ".class" files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type "enum", are supported. JD-GUI and JD-Eclipse include JD-Core library.
JD-GUI is a standalone graphical utility that displays Java source codes of ".class" files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.
JD-Core, JD-GUI and JD-Eclipse are free for non-commercial use. This means that JD-Core, JD-GUI and JD-Eclipse shall not be included or embedded into commercial software products. Nevertheless, these projects may be freely used for personal needs in a commercial or non-commercial environments.
Bytecode for the Dalvik VM
http://www.netmite.com/android/mydroid/dalvik/docs/dalvik-bytecode.html
General Design
- The machine model and calling conventions are meant to approximately imitate common real architectures and C-style calling conventions:
- The VM is register-based, and frames are fixed in size upon creation. Each frame consists of a particular number of registers (specified by the method) as well as any adjunct data needed to execute the method, such as (but not limited to) the program counter and a reference to the
.dexfile that contains the method. - The N arguments to a method land in the last N registers of the method's invocation frame.
- Registers are 32 bits wide. Adjacent register pairs are used for 64-bit values.
- In terms of bitwise representation,
(Object) null == (int) 0.
- The VM is register-based, and frames are fixed in size upon creation. Each frame consists of a particular number of registers (specified by the method) as well as any adjunct data needed to execute the method, such as (but not limited to) the program counter and a reference to the
- The storage unit in the instruction stream is a 16-bit unsigned quantity. Some bits in some instructions are ignored / must-be-zero.
- Instructions aren't gratuitously limited to a particular type. For example, instructions that move 32-bit register values without interpretation don't have to specify whether they are moving ints or floats.
- There are separately enumerated and indexed constant pools for references to strings, types, fields, and methods.
- Bitwise literal data is represented in-line in the instruction stream.
- Because, in practice, it is uncommon for a method to need more than 16 registers, and because needing more than eight registers isreasonably common, many instructions may only address the first 16 registers. When reasonably possible, instructions allow references to up to the first 256 registers. In cases where an instruction variant isn't available to address a desired register, it is expected that the register contents get moved from the original register to a low register (before the operation) and/or moved from a low result register to a high register (after the operation).
- When installed on a running system, some instructions may be altered, changing their format, as an install-time static linking optimization. This is to allow for faster execution once linkage is known. See the associated instruction formats document for the suggested variants. The word "suggested" is used advisedly; it is not mandatory to implement these.
- Human-syntax and mnemonics:
- Dest-then-source ordering for arguments.
- Some opcodes have a disambiguating suffix with respect to the type(s) they operate on: Type-general 64-bit opcodes are suffixed with
-wide. Type-specific opcodes are suffixed with their type (or a straightforward abbreviation), one of:-boolean-byte-char-short-int-long-float-double-object-string-class-void. Type-general 32-bit opcodes are unmarked. - Some opcodes have a disambiguating suffix to distinguish otherwise-identical operations that have different instruction layouts or options. These suffixes are separated from the main names with a slash ("
/") and mainly exist at all to make there be a one-to-one mapping with static constants in the code that generates and interprets executables (that is, to reduce ambiguity for humans).
- See the instruction formats document for more details about the various instruction formats (listed under "Op & Format") as well as details about the opcode syntax.
Summary of Instruction Set
| Op & Format | Mnemonic / Syntax | Arguments | Description |
|---|---|---|---|
| 00 10x | nop | Waste cycles. | |
| 01 12x | move vA, vB | A: destination register (4 bits)B: source register (4 bits) | Move the contents of one non-object register to another. |
| 02 22x | move/from16 vAA, vBBBB | A: destination register (8 bits)B: source register (16 bits) | Move the contents of one non-object register to another. |
| 03 32x | move/16 vAAAA, vBBBB | A: destination register (16 bits)B: source register (16 bits) | Move the contents of one non-object register to another. |
| 04 12x | move-wide vA, vB | A: destination register pair (4 bits)B: source register pair (4 bits) | Move the contents of one register-pair to another. Note: It is legal to move from |
| 05 22x | move-wide/from16 vAA, vBBBB | A: destination register pair (8 bits)B: source register pair (16 bits) | Move the contents of one register-pair to another. Note: Implementation considerations are the same as |
| 06 32x | move-wide/16 vAAAA, vBBBB | A: destination register pair (16 bits)B: source register pair (16 bits) | Move the contents of one register-pair to another. Note: Implementation considerations are the same as |
| 07 12x | move-object vA, vB | A: destination register (4 bits)B: source register (4 bits) | Move the contents of one object-bearing register to another. |
| 08 22x | move-object/from16 vAA, vBBBB | A: destination register (8 bits)B: source register (16 bits) | Move the contents of one object-bearing register to another. |
| 09 32x | move-object/16 vAAAA, vBBBB | A: destination register (16 bits)B: source register (16 bits) | Move the contents of one object-bearing register to another. |
| 0a 11x | move-result vAA | A: destination register (8 bits) | Move the single-word non-object result of the most recent invoke-kind into the indicated register. This must be done as the instruction immediately after aninvoke-kind whose (single-word, non-object) result is not to be ignored; anywhere else is invalid. |
| 0b 11x | move-result-wide vAA | A: destination register pair (8 bits) | Move the double-word result of the most recentinvoke-kind into the indicated register pair. This must be done as the instruction immediately after aninvoke-kind whose (double-word) result is not to be ignored; anywhere else is invalid. |
| 0c 11x | move-result-object vAA | A: destination register (8 bits) | Move the object result of the most recent invoke-kindinto the indicated register. This must be done as the instruction immediately after an invoke-kind orfilled-new-array whose (object) result is not to be ignored; anywhere else is invalid. |
| 0d 11x | move-exception vAA | A: destination register (8 bits) | Save a just-caught exception into the given register. This should be the first instruction of any exception handler whose caught exception is not to be ignored, and this instruction may only ever occur as the first instruction of an exception handler; anywhere else is invalid. |
| 0e 10x | return-void | Return from a void method. | |
| 0f 11x | return vAA | A: return value register (8 bits) | Return from a single-width (32-bit) non-object value-returning method. |
| 10 11x | return-wide vAA | A: return value register-pair (8 bits) | Return from a double-width (64-bit) value-returning method. |
| 11 11x | return-object vAA | A: return value register (8 bits) | Return from an object-returning method. |
| 12 11n | const/4 vA, #+B | A: destination register (4 bits)B: signed int (4 bits) | Move the given literal value (sign-extended to 32 bits) into the specified register. |
| 13 21s | const/16 vAA, #+BBBB | A: destination register (8 bits)B: signed int (16 bits) | Move the given literal value (sign-extended to 32 bits) into the specified register. |
| 14 31i | const vAA, #+BBBBBBBB | A: destination register (8 bits)B: arbitrary 32-bit constant | Move the given literal value into the specified register. |
| 15 21h | const/high16 vAA, #+BBBB0000 | A: destination register (8 bits)B: signed int (16 bits) | Move the given literal value (right-zero-extended to 32 bits) into the specified register. |
| 16 21s | const-wide/16 vAA, #+BBBB | A: destination register (8 bits)B: signed int (16 bits) | Move the given literal value (sign-extended to 64 bits) into the specified register-pair. |
| 17 31i | const-wide/32 vAA, #+BBBBBBBB | A: destination register (8 bits)B: signed int (32 bits) | Move the given literal value (sign-extended to 64 bits) into the specified register-pair. |
| 18 51l | const-wide vAA, #+BBBBBBBBBBBBBBBB | A: destination register (8 bits)B: arbitrary double-width (64-bit) constant | Move the given literal value into the specified register-pair. |
| 19 21h | const-wide/high16 vAA, #+BBBB000000000000 | A: destination register (8 bits)B: signed int (16 bits) | Move the given literal value (right-zero-extended to 64 bits) into the specified register-pair. |
| 1a 21c | const-string vAA, string@BBBB | A: destination register (8 bits)B: string index | Move a reference to the string specified by the given index into the specified register. |
| 1b 31c | const-string/jumbo vAA, string@BBBBBBBB | A: destination register (8 bits)B: string index | Move a reference to the string specified by the given index into the specified register. |
| 1c 21c | const-class vAA, type@BBBB | A: destination register (8 bits)B: type index | Move a reference to the class specified by the given index into the specified register. In the case where the indicated type is primitive, this will store a reference to the primitive type's degenerate class. |
| 1d 11x | monitor-enter vAA | A: reference-bearing register (8 bits) | Acquire the monitor for the indicated object. |
| 1e 11x | monitor-exit vAA | A: reference-bearing register (8 bits) | Release the monitor for the indicated object. Note: If this instruction needs to throw an exception, it must do so as if the pc has already advanced past the instruction. It may be useful to think of this as the instruction successfully executing (in a sense), and the exception getting thrown after the instruction but beforethe next one gets a chance to run. This definition makes it possible for a method to use a monitor cleanup catch-all (e.g., |
| 1f 21c | check-cast vAA, type@BBBB | A: reference-bearing register (8 bits)B: type index (16 bits) | Throw if the reference in the given register cannot be cast to the indicated type. The type must be a reference type (not a primitive type). |
| 20 22c | instance-of vA, vB, type@CCCC | A: destination register (4 bits)B: reference-bearing register (4 bits)C: type index (16 bits) | Store in the given destination register 1 if the indicated reference is an instance of the given type, or 0 if not. The type must be a reference type (not a primitive type). |
| 21 12x | array-length vA, vB | A: destination register (4 bits)B: array reference-bearing register (4 bits) | Store in the given destination register the length of the indicated array, in entries |
| 22 21c | new-instance vAA, type@BBBB | A: destination register (8 bits)B: type index | Construct a new instance of the indicated type, storing a reference to it in the destination. The type must refer to a non-array class. |
| 23 22c | new-array vA, vB, type@CCCC | A: destination register (8 bits)B: size registerC: type index | Construct a new array of the indicated type and size. The type must be an array type. |
| 24 35c | filled-new-array {vD, vE, vF, vG, vA}, type@CCCC | B: array size and argument word count (4 bits)C: type index (16 bits)D..G, A: argument registers (4 bits each) | Construct an array of the given type and size, filling it with the supplied contents. The type must be an array type. The array's contents must be single-word (that is, no arrays of long or double). The constructed instance is stored as a "result" in the same way that the method invocation instructions store their results, so the constructed instance must be moved to a register with a subsequent move-result-object instruction (if it is to be used). |
| 25 3rc | filled-new-array/range {vCCCC .. vNNNN}, type@BBBB | A: array size and argument word count (8 bits)B: type index (16 bits)C: first argument register (16 bits)N = A + C - 1 | Construct an array of the given type and size, filling it with the supplied contents. Clarifications and restrictions are the same as filled-new-array, described above. |
| 26 31t | fill-array-data vAA, +BBBBBBBB(with supplemental data as specified below in "fill-array-data Format") | A: array reference (8 bits)B: signed "branch" offset to table data (32 bits) | Fill the given array with the indicated data. The reference must be to an array of primitives, and the data table must match it in type and size. Note: The address of the table is guaranteed to be even (that is, 4-byte aligned). If the code size of the method is otherwise odd, then an extra code unit is inserted between the main code and the table whose value is the same as a |
| 27 11x | throw vAA | A: exception-bearing register (8 bits) | Throw the indicated exception. |
| 28 10t | goto +AA | A: signed branch offset (8 bits) | Unconditionally jump to the indicated instruction. Note: The branch offset may not be |
| 29 20t | goto/16 +AAAA | A: signed branch offset (16 bits) | Unconditionally jump to the indicated instruction. Note: The branch offset may not be |
| 2a 30t | goto/32 +AAAAAAAA | A: signed branch offset (32 bits) | Unconditionally jump to the indicated instruction. |
| 2b 31t | packed-switch vAA, +BBBBBBBB (with supplemental data as specified below in "packed-switch Format") | A: register to testB: signed "branch" offset to table data (32 bits) | Jump to a new instruction based on the value in the given register, using a table of offsets corresponding to each value in a particular integral range, or fall through to the next instruction if there is no match. Note: The address of the table is guaranteed to be even (that is, 4-byte aligned). If the code size of the method is otherwise odd, then an extra code unit is inserted between the main code and the table whose value is the same as a |
| 2c 31t | sparse-switch vAA, +BBBBBBBB (with supplemental data as specified below in "sparse-switch Format") | A: register to testB: signed "branch" offset to table data (32 bits) | Jump to a new instruction based on the value in the given register, using an ordered table of value-offset pairs, or fall through to the next instruction if there is no match. Note: Alignment and padding considerations are identical to |
| 2d..31 23x | cmpkind vAA, vBB, vCC 2d: cmpl-float (lt bias) 2e: cmpg-float (gt bias) 2f: cmpl-double (lt bias) 30: cmpg-double (gt bias) 31: cmp-long | A: destination register (8 bits)B: first source register or pairC: second source register or pair | Perform the indicated floating point or long comparison, storing 0 if the two arguments are equal, 1 if the second argument is larger, or -1 if the first argument is larger. The "bias" listed for the floating point operations indicates how NaN comparisons are treated: "Gt bias" instructions return 1 for NaN comparisons, and "lt bias" instructions return -1. For example, to check to see if floating point |
| 32..37 22t | if-test vA, vB, +CCCC 32: if-eq 33: if-ne 34: if-lt 35: if-ge 36: if-gt 37: if-le | A: first register to test (4 bits)B: second register to test (4 bits)C: signed branch offset (16 bits) | Branch to the given destination if the given two registers' values compare as specified. Note: The branch offset may not be |
| 38..3d 21t | if-testz vAA, +BBBB 38: if-eqz 39: if-nez 3a: if-ltz 3b: if-gez 3c: if-gtz 3d: if-lez | A: register to test (8 bits)B: signed branch offset (16 bits) | Branch to the given destination if the given register's value compares with 0 as specified. Note: The branch offset may not be |
| 3e..43 10x | (unused) | (unused) | |
| 44..51 23x | arrayop vAA, vBB, vCC 44: aget 45: aget-wide 46: aget-object 47: aget-boolean 48: aget-byte 49: aget-char 4a: aget-short 4b: aput 4c: aput-wide 4d: aput-object 4e: aput-boolean 4f: aput-byte 50: aput-char 51: aput-short | A: value register or pair; may be source or dest (8 bits)B: array register (8 bits)C: index register (8 bits) | Perform the identified array operation at the identified index of the given array, loading or storing into the value register. |
| 52..5f 22c | iinstanceop vA, vB, field@CCCC 52: iget 53: iget-wide 54: iget-object 55: iget-boolean 56: iget-byte 57: iget-char 58: iget-short 59: iput 5a: iput-wide 5b: iput-object 5c: iput-boolean 5d: iput-byte 5e: iput-char 5f: iput-short | A: value register or pair; may be source or dest (4 bits)B: object register (4 bits)C: instance field reference index (16 bits) | Perform the identified object instance field operation with the identified field, loading or storing into the value register. Note: These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset. |
| 60..6d 21c | sstaticop vAA, field@BBBB 60: sget 61: sget-wide 62: sget-object 63: sget-boolean 64: sget-byte 65: sget-char 66: sget-short 67: sput 68: sput-wide 69: sput-object 6a: sput-boolean 6b: sput-byte 6c: sput-char 6d: sput-short | A: value register or pair; may be source or dest (8 bits)B: static field reference index (16 bits) | Perform the identified object static field operation with the identified static field, loading or storing into the value register. Note: These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset. |
| 6e..72 35c | invoke-kind {vD, vE, vF, vG, vA}, meth@CCCC 6e: invoke-virtual 6f: invoke-super 70: invoke-direct 71: invoke-static 72: invoke-interface | B: argument word count (4 bits)C: method index (16 bits)D..G, A: argument registers (4 bits each) | Call the indicated method. The result (if any) may be stored with an appropriate move-result* variant as the immediately subsequent instruction.
Note: These opcodes are reasonable candidates for static linking, altering the method argument to be a more direct offset (or pair thereof). |
| 73 10x | (unused) | (unused) | |
| 74..78 3rc | invoke-kind/range {vCCCC .. vNNNN}, meth@BBBB 74: invoke-virtual/range 75: invoke-super/range 76: invoke-direct/range 77: invoke-static/range 78: invoke-interface/range | A: argument word count (8 bits)B: method index (16 bits)C: first argument register (16 bits)N = A + C - 1 | Call the indicated method. See first invoke-kinddescription above for details, caveats, and suggestions. |
| 79..7a 10x | (unused) | (unused) | |
| 7b..8f 12x | unop vA, vB 7b: neg-int 7c: not-int 7d: neg-long 7e: not-long 7f: neg-float 80: neg-double 81: int-to-long 82: int-to-float 83: int-to-double 84: long-to-int 85: long-to-float 86: long-to-double 87: float-to-int 88: float-to-long 89: float-to-double 8a: double-to-int 8b: double-to-long 8c: double-to-float 8d: int-to-byte 8e: int-to-char 8f: int-to-short | A: destination register or pair (4 bits)B: source register or pair (4 bits) | Perform the identified unary operation on the source register, storing the result in the destination register. |
| 90..af 23x | binop vAA, vBB, vCC 90: add-int 91: sub-int 92: mul-int 93: div-int 94: rem-int 95: and-int 96: or-int 97: xor-int 98: shl-int 99: shr-int 9a: ushr-int 9b: add-long 9c: sub-long 9d: mul-long 9e: div-long 9f: rem-long a0: and-long a1: or-long a2: xor-long a3: shl-long a4: shr-long a5: ushr-long a6: add-float a7: sub-float a8: mul-float a9: div-float aa: rem-float ab: add-double ac: sub-double ad: mul-double ae: div-double af: rem-double | A: destination register or pair (8 bits)B: first source register or pair (8 bits)C: second source register or pair (8 bits) | Perform the identified binary operation on the two source registers, storing the result in the first source register. |
| b0..cf 12x | binop/2addr vA, vB b0: add-int/2addr b1: sub-int/2addr b2: mul-int/2addr b3: div-int/2addr b4: rem-int/2addr b5: and-int/2addr b6: or-int/2addr b7: xor-int/2addr b8: shl-int/2addr b9: shr-int/2addr ba: ushr-int/2addr bb: add-long/2addr bc: sub-long/2addr bd: mul-long/2addr be: div-long/2addr bf: rem-long/2addr c0: and-long/2addr c1: or-long/2addr c2: xor-long/2addr c3: shl-long/2addr c4: shr-long/2addr c5: ushr-long/2addr c6: add-float/2addr c7: sub-float/2addr c8: mul-float/2addr c9: div-float/2addr ca: rem-float/2addr cb: add-double/2addr cc: sub-double/2addr cd: mul-double/2addr ce: div-double/2addr cf: rem-double/2addr | A: destination and first source register or pair (4 bits)B: second source register or pair (4 bits) | Perform the identified binary operation on the two source registers, storing the result in the first source register. |
| d0..d7 22s | binop/lit16 vA, vB, #+CCCC d0: add-int/lit16 d1: rsub-int (reverse subtract) d2: mul-int/lit16 d3: div-int/lit16 d4: rem-int/lit16 d5: and-int/lit16 d6: or-int/lit16 d7: xor-int/lit16 | A: destination register (4 bits)B: source register (4 bits)C: signed int constant (16 bits) | Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register. Note: |
| d8..e2 22b | binop/lit8 vAA, vBB, #+CC d8: add-int/lit8 d9: rsub-int/lit8 da: mul-int/lit8 db: div-int/lit8 dc: rem-int/lit8 dd: and-int/lit8 de: or-int/lit8 df: xor-int/lit8 e0: shl-int/lit8 e1: shr-int/lit8 e2: ushr-int/lit8 | A: destination register (8 bits)B: source register (8 bits)C: signed int constant (8 bits) | Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register. Note: See below for details on the semantics of |
| e3..ff 10x | (unused) | (unused) |
packed-switch Format
| Name | Format | Description |
|---|---|---|
| ident | ushort = 0x0100 | identifying pseudo-opcode |
| size | ushort | number of entries in the table |
| first_key | int | first (and lowest) switch case value |
| targets | int[] | list of size relative branch targets. The targets are relative to the address of the switch opcode, not of this table. |
Note: The total number of code units for an instance of this table is (size * 2) + 4.
sparse-switch Format
| Name | Format | Description |
|---|---|---|
| ident | ushort = 0x0200 | identifying pseudo-opcode |
| size | ushort | number of entries in the table |
| keys | int[] | list of size key values, sorted low-to-high |
| targets | int[] | list of size relative branch targets, each corresponding to the key value at the same index. The targets are relative to the address of the switch opcode, not of this table. |
Note: The total number of code units for an instance of this table is (size * 4) + 2.
fill-array-data Format
| Name | Format | Description |
|---|---|---|
| ident | ushort = 0x0300 | identifying pseudo-opcode |
| element_width | ushort | number of bytes in each element |
| size | uint | number of elements in the table |
| data | ubyte[] | data values |
Note: The total number of code units for an instance of this table is (size * element_width + 1) / 2 + 4.
Mathematical Operation Details
Note: Floating point operations must follow IEEE 754 rules, using round-to-nearest and gradual underflow, except where stated otherwise.
| Opcode | C Semantics | Notes |
|---|---|---|
| neg-int | int32 a; int32 result = -a; | Unary twos-complement. |
| not-int | int32 a; int32 result = ~a; | Unary ones-complement. |
| neg-long | int64 a; int64 result = -a; | Unary twos-complement. |
| not-long | int64 a; int64 result = ~a; | Unary ones-complement. |
| neg-float | float a; float result = -a; | Floating point negation. |
| neg-double | double a; double result = -a; | Floating point negation. |
| int-to-long | int32 a; int64 result = (int64) a; | Sign extension of int32 into int64. |
| int-to-float | int32 a; float result = (float) a; | Conversion of int32 to float, using round-to-nearest. This loses precision for some values. |
| int-to-double | int32 a; double result = (double) a; | Conversion of int32 to double. |
| long-to-int | int64 a; int32 result = (int32) a; | Truncation of int64 into int32. |
| long-to-float | int64 a; float result = (float) a; | Conversion of int64 to float, using round-to-nearest. This loses precision for some values. |
| long-to-double | int64 a; double result = (double) a; | Conversion of int64 to double, using round-to-nearest. This loses precision for some values. |
| float-to-int | float a; int32 result = (int32) a; | Conversion of float to int32, using round-toward-zero. NaN and -0.0 (negative zero) convert to the integer 0. Infinities and values with too large a magnitude to be represented get converted to either 0x7fffffff or -0x80000000 depending on sign. |
| float-to-long | float a; int64 result = (int64) a; | Conversion of float to int32, using round-toward-zero. The same special case rules as forfloat-to-int apply here, except that out-of-range values get converted to either0x7fffffffffffffff or -0x8000000000000000 depending on sign. |
| float-to-double | float a; double result = (double) a; | Conversion of float to double, preserving the value exactly. |
| double-to-int | double a; int32 result = (int32) a; | Conversion of double to int32, using round-toward-zero. The same special case rules as for float-to-int apply here. |
| double-to-long | double a; int64 result = (int64) a; | Conversion of double to int64, using round-toward-zero. The same special case rules as for float-to-long apply here. |
| double-to-float | double a; float result = (float) a; | Conversion of double to float, using round-to-nearest. This loses precision for some values. |
| int-to-byte | int32 a; int32 result = (a << 24) >> 24; | Truncation of int32 to int8, sign extending the result. |
| int-to-char | int32 a; int32 result = a & 0xffff; | Truncation of int32 to uint16, without sign extension. |
| int-to-short | int32 a; int32 result = (a << 16) >> 16; | Truncation of int32 to int16, sign extending the result. |
| add-int | int32 a, b; int32 result = a + b; | Twos-complement addition. |
| sub-int | int32 a, b; int32 result = a - b; | Twos-complement subtraction. |
| rsub-int | int32 a, b; int32 result = b - a; | Twos-complement reverse subtraction. |
| mul-int | int32 a, b; int32 result = a * b; | Twos-complement multiplication. |
| div-int | int32 a, b; int32 result = a / b; | Twos-complement division, rounded towards zero (that is, truncated to integer). This throwsArithmeticException if b == 0. |
| rem-int | int32 a, b; int32 result = a % b; | Twos-complement remainder after division. The sign of the result is the same as that of a, and it is more precisely defined as result == a - (a / b) * b. This throwsArithmeticException if b == 0. |
| and-int | int32 a, b; int32 result = a & b; | Bitwise AND. |
| or-int | int32 a, b; int32 result = a | b; | Bitwise OR. |
| xor-int | int32 a, b; int32 result = a ^ b; | Bitwise XOR. |
| shl-int | int32 a, b; int32 result = a << (b & 0x1f); | Bitwise shift left (with masked argument). |
| shr-int | int32 a, b; int32 result = a >> (b & 0x1f); | Bitwise signed shift right (with masked argument). |
| ushr-int | uint32 a, b; int32 result = a >> (b & 0x1f); | Bitwise unsigned shift right (with masked argument). |
| add-long | int64 a, b; int64 result = a + b; | Twos-complement addition. |
| sub-long | int64 a, b; int64 result = a - b; | Twos-complement subtraction. |
| mul-long | int64 a, b; int64 result = a * b; | Twos-complement multiplication. |
| div-long | int64 a, b; int64 result = a / b; | Twos-complement division, rounded towards zero (that is, truncated to integer). This throwsArithmeticException if b == 0. |
| rem-long | int64 a, b; int64 result = a % b; | Twos-complement remainder after division. The sign of the result is the same as that of a, and it is more precisely defined as result == a - (a / b) * b. This throwsArithmeticException if b == 0. |
| and-long | int64 a, b; int64 result = a & b; | Bitwise AND. |
| or-long | int64 a, b; int64 result = a | b; | Bitwise OR. |
| xor-long | int64 a, b; int64 result = a ^ b; | Bitwise XOR. |
| shl-long | int64 a, b; int64 result = a << (b & 0x3f); | Bitwise shift left (with masked argument). |
| shr-long | int64 a, b; int64 result = a >> (b & 0x3f); | Bitwise signed shift right (with masked argument). |
| ushr-long | uint64 a, b; int64 result = a >> (b & 0x3f); | Bitwise unsigned shift right (with masked argument). |
| add-float | float a, b; float result = a + b; | Floating point addition. |
| sub-float | float a, b; float result = a - b; | Floating point subtraction. |
| mul-float | float a, b; float result = a * b; | Floating point multiplication. |
| div-float | float a, b; float result = a / b; | Floating point division. |
| rem-float | float a, b; float result = a % b; | Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as result == a - roundTowardZero(a / b) * b. |
| add-double | double a, b; double result = a + b; | Floating point addition. |
| sub-double | double a, b; double result = a - b; | Floating point subtraction. |
| mul-double | double a, b; double result = a * b; | Floating point multiplication. |
| div-double | double a, b; double result = a / b; | Floating point division. |
| rem-double | double a, b; double result = a % b; | Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as result == a - roundTowardZero(a / b) * b. |
登録:
投稿 (Atom)