 上传我的文档
 上传文档
 下载
 收藏
该文档贡献者很忙，什么也没留下。
 下载此文档
Hash函数的攻击方法（The attack method of a Hash function）
下载积分：2000
内容提示：Hash函数的攻击方法（The attack method of a Hash function）
文档格式：DOC|
浏览次数：3|
上传日期： 18:49:21|
文档星级：
全文阅读已结束，如果下载本文需要使用
 2000 积分
下载此文档
该用户还上传了这些文档
Hash函数的攻击方法（The attack method of a Hash fu
关注微信公众号This article describes how to fix MySQL connection error: (“Warning: PDO::__construct(): The server requested authentication method unknown to the client [mysql_old_password]”), experienced during MySQL or MariaDB authentication (typically during establishing a database connection).
Error typically looks like this (aside from the paths):
Or in CMS installs (Drupal, WordPress or similar) it often presents itself right in the browser’s window in a following way:
An actual error message text is pretty clear:
“Warning: PDO::__construct(): The server requested authentication method unknown to the client [mysql_old_password]”
Explanation: Reason for this error is due to database using an authentication method which is different from that used by the database client or application trying to connect to database. The fact that error mentions [mysql_old_password] is a sort of a giveaway in this case. It refers to a fact that database is using MySQL’s newer 40-byte password format (also referred to as SHA-1 160-bit or string of 40 hex digits), while the password used by the client/app is using an old 16-byte encoding format during authentication.
Simpy said: Password you’re using to connect is encoded in MySQL as a 16 character string, instead of
expected 40 character long string.
Note that a use of the old 16-byte passwords will always throw an error when using mysql_connect or similar MySQL or MariaDB connection functions. In such case you will see an error similar to this one:
Connect Error (2000) mysqlnd cannot connect to MySQL 4.1+ using old authentication
Connect Error (2000) mysqlnd cannot connect to MySQL 4.1+ using old authentication
We’ll use an example to explain this little more…
Let’s say your MySQL connection password is:
‘123456‘.
If your server is using old password encoding, and if you were to open ‘mysql’ database and look inside the ‘users’ table, you’d see that it is not stored in a clear form format (that’s expected), but encoded as following 16 byte long string:
Let’s verify this using command line by forcing the MySQL session to use old 16 character long password encoding scheme:
root@mysql-5.1.51& SET SESSION old_passwords=1;
Query OK, 0 rows affected (0.00 sec)
root@mysql-5.1.51& SELECT PASSWORD('123456');
+--------------------+
| PASSWORD('123456') |
+--------------------+
+--------------------+
1 row in set (0.00 sec
12345678910
root@mysql-5.1.51& SET SESSION old_passwords=1;Query OK, 0 rows affected (0.00 sec)&root@mysql-5.1.51& SELECT PASSWORD('123456');+--------------------+| PASSWORD('123456') |+--------------------+| 013245&& |+--------------------+1 row in set (0.00 sec
If your server is using new password encoding (40 byte long character), password ‘123456‘ would have been stored as following 40 byte long string:
*6BB05EE4568DDA7DC67ED2CA2AD9
*6BB05EE4568DDA7DC67ED2CA2AD9
Again we can verify it through command line by forcing MySQL session to NOT to use old_pass and thus turn on 40 byte long encoding:
root@mysql-5.1.51& SET SESSION old_passwords=0;
Query OK, 0 rows affected (0.00 sec)
root@mysql-5.1.51& SELECT PASSWORD('123456');
+-------------------------------------------+
| PASSWORD('123456')
+-------------------------------------------+
| *6BB05EE4568DDA7DC67ED2CA2AD9 |
+-------------------------------------------+
1 row in set (0.00 sec)
12345678910
root@mysql-5.1.51& SET SESSION old_passwords=0;Query OK, 0 rows affected (0.00 sec)&root@mysql-5.1.51& SELECT PASSWORD('123456');+-------------------------------------------+| PASSWORD('123456')&&&&&&&&&&&&&&&&&&&&&&&&|+-------------------------------------------+| *6BB05EE4568DDA7DC67ED2CA2AD9 |+-------------------------------------------+1 row in set (0.00 sec)
Note: You can reference following
for more details about this.
So how do we fix the issue?
We’ve established that in order to resolve the issue, password encoding has to be changed from 16 byte to 40 bytes.
This can be done in two steps:
– Configure MySQL/MariaDB to use new password encoding (40 byte / 40 characters)
– Change mysql user password – overwriting 16 characters with 40 character long encoding in the process (or recreate mysql user)
So, assuming you have complete control over your MySQL/MariaDB install:
1. First – Open MySQL configuration file my.ini or my.cnf – depending on which one is used by your MySQL install. This file is usually stored in the installation directory of the MySQL server. In XAMPP installations it’s also found under mysql/bin directory.
Note: Make sure that you’ve identified a correct configuration file, because sometimes there is more than one placed on the system (refer to
on how to find the config file used by your installation of MySQL/MariaDB)
2. Search inside the my.ini (or my.cnf) for the line containing: old-passwords. There is couple of scenarios you may encounter:
Scenario 1:
If it reads:
old-passwords = 1
old-passwords = 1
Change the line to:
old-passwords = 0
old-passwords = 0
Scenario 2:
If it reads:
old-passwords
old-passwords
Change the line to:
old-passwords = 0
old-passwords = 0
Scenario 3:
If you can’t find ‘old-passwords’ in the config file, locate the section marked as [mysqld]
And add following right below:
old-passwords = 0
old-passwords = 0
In all scenarios, end result should look like this:
3. Once this is done, save the configuration file and don’t forget to restart MYSQL database!
4. Next step is to change the user password. Connect to MySQL/MariaDB from a command line and run following command. Let’s assume that you have a user called ‘test’ and want to update the password use password &#’:
SET PASSWORD FOR 'test'@'localhost' = PASSWORD('123abc');
SET PASSWORD FOR 'test'@'localhost' = PASSWORD('123abc');
And that’s it, if you were to look at the ‘mysql’ database ‘user’ table, you’d see that your encoded password has changed from 16 characters to 40 characters.
This should resolve the error. Let me know in the comment box below, if you experience any issues.
If you don’t want to use a command line, you can do everything above by using
graphical interface. HeidiSQL is a useful and reliable tool designed for web developers using the popular MySQL server. It basically enables you to browse and edit data, create and edit tables, views, procedures, triggers and scheduled events. One of the advantages for cases such as dealing with this particular error is, that if the new password scheme doesn’t work, it forces the session using old password. So it’ll always let’s you connect as long as your username and password for MySQL connection is correct.
HeidiSQL will not only allow you to run commands, but also lets you change the password for any database user directly from a graphical interface (located under Tools/User manager):
Comments commentsJournal of Applied Mathematics
Journal MenuSpecial Issues Menu
Subscribe toTable of Contents Alerts
Table of Contents Alerts
To receive news and publication updates for Journal of Applied Mathematics, enter your email address in the box below.
Journal of Applied MathematicsVolume 2016, Article ID
pagesResearch ArticleA Method to Construct Generalized Fibonacci Sequences 1 and 21Instituto de Matemáticas, Universidad Nacional Autónoma de México, Area de la Investigación Científica Circuito Exterior, Ciudad Universitaria Coyoacán, 04510 México, DF,
Mexico2Departamento de Matemáticas, Universidad Autónoma Metropolitana, Prolongación Canal de Miramontes No. 3855, Colonia Ex-Hacienda San Juan de Dios, Delegación Tlalpan, 14387 México, DF,
MexicoReceived 17 September 2015; Accepted 6 January 2016Academic Editor: Allan C. PetersonCopyright (C) 2016 Adalberto García-Máynez
and Adolfo Pimienta Acosta. This is an open access article distributed under the , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.The main purpose of this paper is to study the convergence properties of Generalized Fibonacci Sequences and the series of partial sums associated with them. When the proper values of an
real matrix
are real and different, we give a necessary and sufficient condition for the convergence of the matrix sequence
to a matrix .1. IntroductionThe Fibonacci Sequence is an interesting numerical sequence that occurs quite frequently in many parts of nature. This sequence h every element of this sequence, starting from the third, is the sum of its two predecessors and can be generated recursively by the formula It is clear that we need the first two terms ,
and the recursive formula to define the sequence.If we want to know the term
without constructing the previous terms, we can use the unexplainable formula (see []): What do the irrational numbers
have to do with the original sequence?The so-called Golden ratio
appears in nature very frequently. It is also considered the most esthetic ratio between the basis and height of a rectangle:If we replace the recursive formula bywe obtain a new sequence
and this sequence is in fact, it converges to .To define a Generalized Fibonacci Sequence, we fix a natural number
and two elements in the Euclidean space . The recursive formula isThe main purpose of this paper is to study the convergence properties of Generalized Fibonacci Sequences and the series of partial sums associated with them. When the proper values of an
real matrix
are real and different, we give a necessary and sufficient condition for the convergence of the matrix sequence
to a matrix : we say
if for every ordered pair , where , the sequence of the -entries of
converges to the -entry of . As a particular case, we study when do we have the convergence of the powers
of a Moebius transformation to a constant function.Then we would like to list the four published monographs about generalized Fibonacci sequences [–] and several more specialized articles [–].2. Main ResultsConsider a Generalized Fibonacci Sequence (GFS) with initial terms
and recursive formula (). Define the matrices :The characteristic polynomial of the matrix
isSuppose all the roots
are real an that is, , for . Consider Vandermonde's matrix:Since , we deduce that
and, hence,
is invertible. We need the following matrix relation.Theorem 1.
are related by the following formula:where
is the diagonal matrix:Proof. Let
be the proper vectors of the matrix . We have then
for each . If
and , we have ,
. Since , we deduce that the vectors
are linearly independent and hence they constitute a basis for . Calling , , we have . On the other hand, consider the linear transformation
defined by the formula . Clearly, Therefore,In the next theorem, we relate
with .Theorem 2.
One has the following formulas:(a) and
for every .(b)
for every .Proof. (a) It is straightforward.(b) Using (), we haveUsing the formula , we obtain any member of the corresponding Generalized Fibonacci Sequence.Theorem 3.
ConsiderProof. The first row of the matrix
is the following: . The first column of the matrix
is the cofactor of the entry of
is the entry in the
position of the matrix . Therefore,The expression inside the square brackets coincides withTo see this, develop this determinant by the first row and the last column. The coefficient of
is then This completes the proof.In the particular case , we obtainIf we further assume that
and , we obtainIn the original Fibonacci sequence, we have and hence . The roots of this polynomial are
and . We justify then the mythical formula .In the case , we obtainThe roots of
and . Hence, . It is now clear that this last GFS converges to .We give next a sufficient condition for the convergence of the series of a GFS.Theorem 4 (main theorem).
Suppose the roots of the characteristic polynomial
are pairwise different and all of them lie in the open interval . Then the series of
converges toProof. This is a consequence of the identity and the convergence
to .We give now two examples.Example 5. One has , , , , , and .The characteristic polynomial
of the corresponding GFS is Therefore, ,
, and Hence ClearlyExample 6. One has ,
and . In this case, . Therefore, ,
, and . Hence,In this case, , butGiven
different real numbers , we may construct, for every , a GFS; namely, The missing sequence
may be obtained from the coefficients of the polynomial: For instance,
and .With the help of this remark, we prove the following.Theorem 7.
be an invertible
matrix. Suppose the characteristic polynomial
factors into the form:where
are pairwise different real numbers. Let
be the entry in the
position of the matrix . ThenProof. Let
be the GFS determined by (). It is clear that
for . Proceeding by induction, suppose
for every , where . We clearly haveBe induction, the terms
may be obtained using determinants of type (). We consider the last columns of determinants () and we obtainThereforeThe GFS on the right side of this equation starts with ,
and has the same proper values of the GFS . Hence
and the proof is complete.As an exercise, we calculate the powers of a
matrix: In this case we have , , , , , , , . Hence Thereforewhere
and , we have This limit matrix has determinant . So in the case of a Moebius transformation we have the following corollary.Corollary 8.
If 1 is a proper value of the matrix
, then the powers
converge to the constant map .Conflict of InterestsThe authors declare that there is no conflict of interests regarding the publication of this paper.References
A. F. Horadam, “A generalized Fibonacci sequence,” The American Mathematical Monthly, vol. 68, no. 5, pp. 455–459, 1961.
· D. V. Jaiswal, “On a generalized Fibonacci sequence,” Labdev: Journal of Science and Technology. Part A, vol. 7, pp. 67–71, 1969. S. P. Pethe and C. N. Phadte, “A generalized Fibonacci sequence,” Applications of Fibonacci Numbers, vol. 5, pp. 465–472, 1992. D. A. Wolfram, “Solving generalized Fibonacci recurrences,” The Fibonacci Quarterly, vol. 36, no. 2, pp. 129–145, 1998.
· G. Sburlati, “Generalized Fibonacci sequences and linear congruences,” The Fibonacci Quarterly, vol. 40, no. 5, pp. 446–452, 2002.
· G.-Y. Lee, S.-G. Lee, J.-S. Kim, and H.-K. Shin, “The Binet formula and representations of k-generalized Fibonacci numbers,” The Fibonacci Quarterly, vol. 39, no. 2, pp. 158–164, 2001.
· G. Y. Lee, S. G. Lee, and H. G. Shin, “On the k-generalized Fibonacci matrix Qk,” Linear Algebra and Its Applications, vol. 251, pp. 73–88, 1997. S. T. Klein, “Combinatorial representation of generalized Fibonacci numbers,” The Fibonacci Quarterly, vol. 29, no. 2, pp. 124–131, 1991.
Publish with Us
Work with Us
(C) 2018 Hindawi Limited unless otherwise stated.smali举例：
.class public Lcom/dataviz/dxtg/common/android/DocsToGoA
.super Landroid/app/A
# static fields
.field private static a:Landroid/app/A
## 静态字段 Application
.field private static b:Lcom/dataviz/dxtg/common/android/
## 静态字段 bv
# direct methods
.method static constructor &clinit&()V
## 静态方法，静态成员的初始化。
##一个局部变量
const/4 v0, 0x0
##v0寄存器低4字节存放0，可表示0，null，false
sput-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&a:Landroid/app/A
sput-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&b:Lcom/dataviz/dxtg/common/android/
return-void ## 无返回值 Return without a return value ， 字节码 0E00 - return-void
.end method
.method public constructor &init&()V
## 构造函数
invoke-direct {p0}, Landroid/app/A-&&init&()V
## super.Application();
sput-object p0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&a:Landroid/app/A ## a =
return-void
.end method
.method public static a()Landroid/content/C
## 静态方法
sget-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&a:Landroid/app/A
invoke-virtual {v0}, Landroid/app/A-&getApplicationContext()Landroid/content/C
move-result-object v0
return-object v0
.end method
.method public static a(Ljava/lang/S)Ljava/lang/S## 静态方法
const-string/jumbo v0, "x.xxx"
invoke-virtual {v0}, Ljava/lang/S-&length()I
move-result v0
invoke-virtual {p0}, Ljava/lang/S-&length()I
move-result v1
if-le v1, v0, :cond_0
const/4 v1, 0x0
invoke-virtual {p0, v1, v0}, Ljava/lang/S-&substring(II)Ljava/lang/S
move-result-object p0
return-object p0
.end method
.method public static a(Ljava/lang/R)V
## 静态方法
invoke-static {}, Lcom/dataviz/dxtg/common/android/DocsToGoA-&a()Landroid/content/C
move-result-object v0
invoke-virtual {v0}, Landroid/content/C-&getMainLooper()Landroid/os/L
move-result-object v0
new-instance v1, Landroid/os/H
invoke-direct {v1, v0}, Landroid/os/H-&&init&(Landroid/os/L)V
invoke-virtual {v1, p0}, Landroid/os/H-&post(Ljava/lang/R)Z
return-void
.end method
.method public static b()Landroid/content/res/R
## 静态方法
sget-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&a:Landroid/app/A
invoke-virtual {v0}, Landroid/app/A-&getResources()Landroid/content/res/R
move-result-object v0
return-object v0
.end method
.method public static c()Lcom/dataviz/dxtg/common/android/
## 静态方法
sget-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&b:Lcom/dataviz/dxtg/common/android/
if-nez v0, :cond_0
const-wide/16 v0, 0x1f4
:try_start_0
invoke-static {v0, v1}, Ljava/lang/T-&sleep(J)V
:try_end_0
.catch Ljava/lang/T {:try_start_0 .. :try_end_0} :catch_0
sget-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&b:Lcom/dataviz/dxtg/common/android/
return-object v0
move-exception v0
goto :goto_0
.end method
# virtual methods
.method public onCreate()V
## onCreate方法
:try_start_0
invoke-static {}, Lcom/dataviz/dxtg/common/android/e/g;-&a()Lcom/dataviz/dxtg/common/android/e/g;
move-result-object v0
invoke-virtual {p0}, Lcom/dataviz/dxtg/common/android/DocsToGoA-&getPackageName()Ljava/lang/S
move-result-object v1
invoke-virtual {v0, v1}, Lcom/dataviz/dxtg/common/android/e/g;-&a(Ljava/lang/S)V
:try_end_0
.catch Ljava/lang/T {:try_start_0 .. :try_end_0} :catch_0
new-instance v0, Landroid/os/H
invoke-direct {v0}, Landroid/os/H-&&init&()V
new-instance v1, Lcom/dataviz/dxtg/common/android/
invoke-direct {v1, p0}, Lcom/dataviz/dxtg/common/android/-&&init&(Lcom/dataviz/dxtg/common/android/DocsToGoA)V
invoke-virtual {v0, v1}, Landroid/os/H-&postAtFrontOfQueue(Ljava/lang/R)Z
new-instance v0, Lcom/dataviz/dxtg/common/android/
invoke-direct {v0, p0}, Lcom/dataviz/dxtg/common/android/-&&init&(Landroid/content/C)V
invoke-virtual {v0}, Lcom/dataviz/dxtg/common/android/-&a()V
sput-object v0, Lcom/dataviz/dxtg/common/android/DocsToGoA-&b:Lcom/dataviz/dxtg/common/android/
return-void
move-exception v0
invoke-virtual {v0}, Ljava/lang/T-&printStackTrace()V
goto :goto_0
.end method
sput-object vx,field_id
Puts object reference in vx into a static field.
- sput-object v0, Test3.os1:Ljava/lang/O // field@000c Puts the object reference value in v0 into the field@000c static field (entry #CH in the field id table).
将vx引用对象赋值给静态变量字段field_id.
const/4 vx,lit4
Puts the 4 bit constant into vx
1221 - const/4 v1, #int2 Moves literal 2 into v1. The destination register is in the lower 4 bit in the second byte, the literal 2 is in the higher 4 bit.
lit4逐字节放到vx低4位。
Android java下smali指令
关于几个调用方法指令：&invoke-virtual、invoke-direct、invoke-super介绍。
涉及到Java强大的动态扩展能力，这一特性使得可以在类运行期间才能确定某些目标方法的实际引用，称为动态连接；也有一部分方法的符号引用在类加载阶段或第一次使用时转化为直接引用，这种转化称为静态解析。
在Java语言中，符合&编译器可知，运行期不可变&这个要求的方法主要有静态方法和私有方法两大类，前者与类型直接关联，后者在外部不可被访问，这两种方法都不可能通过继承或别的方式重写出其他的版本，因此它们都适合在类加载阶段进行解析。
invoke-static 是类静态方法的调用，编译时，静态确定的；
invoke-virtual 虚方法调用，调用的方法运行时确认实际调用，和实例引用的实际对象有关，动态确认的，一般是带有修饰符protected或public的方法；
invoke-direct 没有被覆盖方法的调用，即不用动态根据实例所引用的调用，编译时，静态确认的，一般是private或&init&方法；
invoke-super 直接调用父类的虚方法，编译时，静态确认的。
invokeinterface 调用接口方法，调用的方法运行时确认实际调用，即会在运行时才确定一个实现此接口的对象。
invoke-static&{v3,v0}, Landroid/util/-&v(Ljava/lang/SLjava/lang/S)
invoke-virtual {v1}, Landroid/app/A-&getApplicationContext()Landroid/content/C
invoke-direct {v0, v4}, Lcom/android/server/LightsS-&&init&(Landroid/content/C)V
invoke-super {p0, p1}, Landroid/preference/PreferenceA-&onCreate(Landroid/os/B)V&
invoke-super {p0, p1, p2}, Landroid/view/V-&onKeyUp(ILandroid/view/KeyE)Z
invoke-super&{p0, p1}, Landroid/app/A-&onCreate(Landroid/os/B)V&
new-instance v2, Ljava/lang/StringB &# StringBuilder实例
invoke-direct {v2},&Ljava/lang/StringB-&&init&()V &# 调用 StringBuilder 构造函数
invoke-static {}, Landroid/os/E-&getExternalStorageDirectory()Ljava/io/F #静态方法
move-result-object v3&
invoke-virtual {v2, v3}, Ljava/lang/StringB-&append(Ljava/lang/O)Ljava/lang/StringB #public方法
&invoke-direct/range {v8 .. v13}, Lcom/android/server/net/NetworkPolicyManagerS-&&init&
invoke-virtual { parameters }, methodtocall
Invokes a virtual method with parameters.
- invoke-virtual { v4, v0, v1, v2, v3}, Test2.method5:(IIII)V // method@0006Invokes the 6th method in the method table with the following arguments: v4 is the "this" instance, v0, v1, v2, and v3 are the method parameters. The method has 5 arguments (4 MSB bits of the second byte)5.
invoke-super {parameter},methodtocall
Invokes the virtual method of the immediate parent class.
6F10 A601 0100 invoke-super {v1},java.io.FilterOutputStream.close:()V // method@01a6Invokes method@01a6 with one parameter, v1.
invoke-direct { parameters }, methodtocall
Invokes a method with parameters without the virtual method resolution.
00 - invoke-direct {v1}, java.lang.Object.&init&:()V // method@0008Invokes the 8th method in the method table with just one parameter, v1 is the "this" instance5.
invoke-static {parameters}, methodtocall
Invokes a static method with parameters.
00 - invoke-static {v4}, java.lang.Integer.parseInt:( Ljava/lang/S)I // method@0034Invokes method@34 static method. The method is called with one parameter, v45.
invoke-interface {parameters},methodtocall
Invokes an interface method.
54 invoke-interface {v1, v3, v4, v5}, mwfw.IReceivingProtocolAdapter.receivePackage:(ILjava/lang/SLjava/io/InputS)Z // method@0221Invokes method@221 interface method using parameters in v1,v3,v4 and v55.
私有方法用invoke-special，编译时，静态确定的。
&Java编译后class指令
Description: calls a special class method&n is the number of arguments to the method&the long method name is really a path name, the name of the class,the parenthesized argument list of the method called, and the return type.&Primitive types are represented by their capitalized first letter, ie I for an integer.&Constructors are path followed by &init&()V
returned value
object reference
Jasm-------------------
invoke packages/myMath/multiplyMatrix([[F, [[F)V &&&& ;multiplies two two-dimensional matrices of floats&
Exceptions
NullPointerException if object ref is null&StackOverflowError if you run ou t of room on stack
Description: calls a static method&n is the number of arguments to the method&the long method name is really a path name, the name of the class,the parenthesized argument list of the method called, and the return type.&Primitive types are represented by their capitalized first letter, ie I for an integer.&Constructors are path followed by &init&()V
returned value
Jasm-------------------
invoke java/lang/System/gc()V &&&& ;call the garbage collector
Exceptions
NullPointerException if object ref is null&StackOverflowError if you run ou t of room on stack
以下两则引用来自java文档，和android可能有差别：
7.7 Invoking Methods
The normal method invocation for a instance method dispatches on the runtime type of the object. (They are virtual, in C++ terms.) Such an invocation is implemented using the invokevirtual instruction, which takes as its argument an index to a runtime constant pool entry giving the fully qualified name of the class type of the object, the name of the method to invoke, and that method's descriptor&. To invoke the&addTwo&method, defined earlier as an instance method, we might write
int add12and13() {
return addTwo(12, 13);
This compiles to
Method int add12and13()
// Push local variable 0 (this)
// Push int constant 12
// Push int constant 13
invokevirtual #4
// Method Example.addtwo(II)I
// Return int on
// the int result of addTwo()
The invocation is set up by first pushing a&reference&to the current instance,&this, onto the operand stack. The method invocation's arguments,&int&values&12&and&13, are then pushed. When the frame for the&addTwo&method is created, the arguments passed to the method become the initial values of the new frame's local variables. That is, the&reference&for&this&and the two arguments, pushed onto the operand stack by the invoker, will become the initial values of local variables 0, 1, and 2 of the invoked method.
Finally,&addTwo&is invoked. When it returns, its&int&return value is pushed onto the operand stack of the frame of the invoker, the&add12and13&method. The return value is thus put in place to be immediately returned to the invoker of&add12and13.
The return from&add12and13&is handled by the ireturn instruction of&add12and13. The ireturn instruction takes the&int&value returned by&addTwo, on the operand stack of the current frame, and pushes it onto the operand stack of the frame of the invoker. It then returns control to the invoker, making the invoker's frame current. The Java virtual machine provides distinct return instructions for many of its numeric and&reference&data types, as well as a return instruction for methods with no return value. The same set of return instructions is used for all varieties of method invocations.
The operand of the invokevirtual instruction (in the example, the runtime constant pool index #4) is not the offset of the method in the class instance. The compiler does not know the internal layout of a class instance. Instead, it generates symbolic references to the methods of an instance, which are stored in the runtime constant pool. Those runtime constant pool items are resolved at run time to determine the actual method location. The same is true for all other Java virtual machine instructions that access class instances.
Invoking&addTwoStatic, a class (static) variant of&addTwo, is similar, as shown:
int add12and13() {
return addTwoStatic(12, 13);
although a different Java virtual machine method invocation instruction is used:
Method int add12and13()
invokestatic #3
// Method Example.addTwoStatic(II)I
Compiling an invocation of a class (static) method is very much like compiling an invocation of an instance method, except&this&is not passed by the invoker. The method arguments will thus be received beginning with local variable 0 (see&). The invokestatic instruction is always used to invoke class methods.
The invokespecial instruction must be used to invoke instance initialization methods (see&). It is also used when invoking methods in the superclass (super) and when invoking&private&methods. For instance, given classes&Near&and&Far&declared as
class Near {
public int getItNear() {
return getIt();
private int getIt() {
class Far extends Near {
int getItFar() {
return super.getItNear();
the method&Near.getItNear&(which invokes a&private&method) becomes
Method int getItNear()
invokespecial #5
// Method Near.getIt()I
The method&Far.getItFar&(which invokes a superclass method) becomes
Method int getItFar()
invokespecial #4
// Method Near.getItNear()I
Note that methods called using the invokespecial instruction always pass&this&to the invoked method as its first argument. As usual, it is received in local variable 0.
7.8 Working with Class Instances
Java virtual machine class instances are created using the Java virtual machine's new instruction. Recall that at the level of the Java virtual machine, a constructor appears as a method with the compiler-supplied name&&init&. This specially named method is known as the instance initialization method&. Multiple instance initialization methods, corresponding to multiple constructors, may exist for a given class. Once the class instance has been created and its instance variables, including those of the class and all of its superclasses, have been initialized to their default values, an instance initialization method of the new class instance is invoked. For example:
Object create() {
return new Object();
compiles to
Method java.lang.Object create()
// Class java.lang.Object
invokespecial #4
// Method java.lang.Object.&init&()V
Class instances are passed and returned (as&reference&types) very much like numeric values, although type&reference&has its own complement of instructions, for example:
// An instance variable
MyObj example() {
MyObj o = new MyObj();
return silly(o);
MyObj silly(MyObj o) {
if (o != null) {
Method MyObj example()
// Class MyObj
invokespecial #5
// Method MyObj.&init&()V
invokevirtual #4
// Method Example.silly(LMyO)LMyO
Method MyObj silly(MyObj)
The fields of a class instance (instance variables) are accessed using the getfield and putfield instructions. If&i&is an instance variable of type&int, the methods&setIt&and&getIt,&defined as
void setIt(int value) {
int getIt() {
Method void setIt(int)
putfield #4
// Field Example.i I
Method int getIt()
getfield #4
// Field Example.i I
As with the operands of method invocation instructions, the operands of the putfield and getfield instructions (the runtime constant pool index #4) are not the offsets of the fields in the class instance. The compiler generates symbolic references to the fields of an instance, which are stored in the runtime constant pool. Those runtime constant pool items are resolved at run time to determine the location of the field within the referenced object.
dex2jar后：
package com.dataviz.dxtg.common.
import android.app.A
import android.content.C
import android.content.res.R
import android.os.H
import com.dataviz.dxtg.common.android.e.g;
public class DocsToGoApp
extends Application
private static Application a = null;
private static bv b = null;
public DocsToGoApp()
public static Context a()
return a.getApplicationContext();
public static String a(String paramString)
int i = "x.xxx".length();
if (paramString.length() & i) {
paramString = paramString.substring(0, i);
return paramS
public static void a(Runnable paramRunnable)
new Handler(a().getMainLooper()).post(paramRunnable);
public static Resources b()
return a.getResources();
public static bv c()
if (b == null) {}
Thread.sleep(500L);
catch (Throwable localThrowable)
break label12;
public void onCreate()
g.a().a(getPackageName());
new Handler().postAtFrontOfQueue(new bu(this));
bv localbv = new bv(this);
localbv.a();
catch (Throwable localThrowable)
localThrowable.printStackTrace();
Bytecode for the Dalvik VMCopyright & 2007 The Android Open Source Project
General Design
The machine model and calling conventions are meant to approximately imitate common real architectures and C-style calling conventions:
The VM is register-based, and frames are fixed in size upon creation. Each frame consists of a particular number of registers (specified by the method) as well as any adjunct data needed to execute the method, such as (but not limited to) the program counter and a reference to the&.dex&file that contains the method.
Registers are 32 bits wide. Adjacent register pairs are used for 64-bit values.
In terms of bitwise representation,&(Object) null == (int) 0.
The&N&arguments to a method land in the last&N&registers of the method&s invocation frame, in order. Wide arguments consume two registers. Instance methods are passed a&this&reference as their first argument.
The storage unit in the instruction stream is a 16-bit unsigned quantity. Some bits in some instructions are ignored / must-be-zero.
Instructions aren&t gratuitously limited to a particular type. For example, instructions that move 32-bit register values without interpretation don&t have to specify whether they are moving ints or floats.
There are separately enumerated and indexed constant pools for references to strings, types, fields, and methods.
Bitwise literal data is represented in-line in the instruction stream.
Because, in practice, it is uncommon for a method to need more than 16 registers, and because needing more than eight registers&is&reasonably common, many instructions are limited to only addressing the first 16 registers. When reasonably possible, instructions allow references to up to the first 256 registers. In cases where an instruction variant isn&t available to address a desired register, it is expected that the register contents get moved from the original register to a low register (before the operation) and/or moved from a low result register to a high register (after the operation).
There are several &pseudo-instructions& that are used to hold variable-length data referred to by regular instructions (for example,&fill-array-data). Such instructions must never be encountered during the normal flow of execution. In addition, the instructions must be located on even-numbered bytecode offsets (that is, 4-byte aligned). In order to meet this requirement, dex generation tools should emit an extra&nop&instruction as a spacer if such an instruction would otherwise be unaligned. Finally, though not required, it is expected that most tools will choose to emit these instructions at the ends of methods, since otherwise it would likely be the case that additional instructions would be needed to branch around them.
When installed on a running system, some instructions may be altered, changing their format, as an install-time static linking optimization. This is to allow for faster execution once linkage is known. See the associated&&for the suggested variants. The word &suggested& it is not mandatory to implement these.
Human-syntax and mnemonics:
Dest-then-source ordering for arguments.
Some opcodes have a disambiguating suffix with respect to the type(s) they operate on: Type-general 64-bit opcodes are suffixed with&-wide. Type-specific opcodes are suffixed with their type (or a straightforward abbreviation), one of:&-boolean&-byte&-char&-short&-int&-long&-float&-double&-object&-string&-class&-void. Type-general 32-bit opcodes are unmarked.
Some opcodes have a disambiguating suffix to distinguish otherwise-identical operations that have different instruction layouts or options. These suffixes are separated from the main names with a slash (&/&) and mainly exist at all to make there be a one-to-one mapping with static constants in the code that generates and interprets executables (that is, to reduce ambiguity for humans).
See the&&for more details about the various instruction formats (listed under &Op & Format&) as well as details about the opcode syntax.
Summary of Instruction Set
Op & Format
Mnemonic / Syntax
Description
Waste cycles.
move vA, vB
A:&destination register (4 bits)B:&source register (4 bits)
Move the contents of one non-object register to another.
move/from16 vAA, vBBBB
A:&destination register (8 bits)B:&source register (16 bits)
Move the contents of one non-object register to another.
move/16 vAAAA, vBBBB
A:&destination register (16 bits)B:&source register (16 bits)
Move the contents of one non-object register to another.
move-wide vA, vB
A:&destination register pair (4 bits)B:&source register pair (4 bits)
Move the contents of one register-pair to another.
Note:&It is legal to move from&vN&to either&vN-1&or&vN+1, so implementations must arrange for both halves of a register pair to be read before anything is written.
move-wide/from16 vAA, vBBBB
A:&destination register pair (8 bits)B:&source register pair (16 bits)
Move the contents of one register-pair to another.
Note:&Implementation considerations are the same as&move-wide, above.
move-wide/16 vAAAA, vBBBB
A:&destination register pair (16 bits)B:&source register pair (16 bits)
Move the contents of one register-pair to another.
Note:&Implementation considerations are the same as&move-wide, above.
move-object vA, vB
A:&destination register (4 bits)B:&source register (4 bits)
Move the contents of one object-bearing register to another.
move-object/from16 vAA, vBBBB
A:&destination register (8 bits)B:&source register (16 bits)
Move the contents of one object-bearing register to another.
move-object/16 vAAAA, vBBBB
A:&destination register (16 bits)B:&source register (16 bits)
Move the contents of one object-bearing register to another.
move-result vAA
A:&destination register (8 bits)
Move the single-word non-object result of the most recent&invoke-kind&into the indicated register. This must be done as the instruction immediately after aninvoke-kind&whose (single-word, non-object) result
anywhere else is invalid.
move-result-wide vAA
A:&destination register pair (8 bits)
Move the double-word result of the most recent&invoke-kind&into the indicated register pair. This must be done as the instruction immediately after aninvoke-kind&whose (double-word) result
anywhere else is invalid.
move-result-object vAA
A:&destination register (8 bits)
Move the object result of the most recent&invoke-kind&into the indicated register. This must be done as the instruction immediately after an&invoke-kindor&filled-new-array&whose (object) result
anywhere else is invalid.
move-exception vAA
A:&destination register (8 bits)
Save a just-caught exception into the given register. This should be the first instruction of any exception handler whose caught exception is not to be ignored, and this instruction must&only&ever occur as the first instruction of
anywhere else is invalid.
return-void
Return from a&void&method.
return vAA
A:&return value register (8 bits)
Return from a single-width (32-bit) non-object value-returning method.
return-wide vAA
A:&return value register-pair (8 bits)
Return from a double-width (64-bit) value-returning method.
return-object vAA
A:&return value register (8 bits)
Return from an object-returning method.
const/4 vA, #+B
A:&destination register (4 bits)B:&signed int (4 bits)
Move the given literal value (sign-extended to 32 bits) into the specified register.
const/16 vAA, #+BBBB
A:&destination register (8 bits)B:&signed int (16 bits)
Move the given literal value (sign-extended to 32 bits) into the specified register.
const vAA, #+BBBBBBBB
A:&destination register (8 bits)B:&arbitrary 32-bit constant
Move the given literal value into the specified register.
const/high16 vAA, #+BBBB0000
A:&destination register (8 bits)B:&signed int (16 bits)
Move the given literal value (right-zero-extended to 32 bits) into the specified register.
const-wide/16 vAA, #+BBBB
A:&destination register (8 bits)B:&signed int (16 bits)
Move the given literal value (sign-extended to 64 bits) into the specified register-pair.
const-wide/32 vAA, #+BBBBBBBB
A:&destination register (8 bits)B:&signed int (32 bits)
Move the given literal value (sign-extended to 64 bits) into the specified register-pair.
const-wide vAA, #+BBBBBBBBBBBBBBBB
A:&destination register (8 bits)B:&arbitrary double-width (64-bit) constant
Move the given literal value into the specified register-pair.
const-wide/high16 vAA, #+BBBB
A:&destination register (8 bits)B:&signed int (16 bits)
Move the given literal value (right-zero-extended to 64 bits) into the specified register-pair.
const-string vAA, string@BBBB
A:&destination register (8 bits)B:&string index
Move a reference to the string specified by the given index into the specified register.
const-string/jumbo vAA, string@BBBBBBBB
A:&destination register (8 bits)B:&string index
Move a reference to the string specified by the given index into the specified register.
const-class vAA, type@BBBB
A:&destination register (8 bits)B:&type index
Move a reference to the class specified by the given index into the specified register. In the case where the indicated type is primitive, this will store a reference to the primitive type&s degenerate class.
monitor-enter vAA
A:&reference-bearing register (8 bits)
Acquire the monitor for the indicated object.
monitor-exit vAA
A:&reference-bearing register (8 bits)
Release the monitor for the indicated object.
Note:&If this instruction needs to throw an exception, it must do so as if the pc has already advanced past the instruction. It may be useful to think of this as the instruction successfully executing (in a sense), and the exception getting thrownafter&the instruction but&before&the next one gets a chance to run. This definition makes it possible for a method to use a monitor cleanup catch-all (e.g.,&finally) block as the monitor cleanup for that block itself, as a way to handle the arbitrary exceptions that might get thrown due to the historical implementation ofThread.stop(), while still managing to have proper monitor hygiene.
check-cast vAA, type@BBBB
A:&reference-bearing register (8 bits)B:&type index (16 bits)
Throw a&ClassCastException&if the reference in the given register cannot be cast to the indicated type.
Note:&Since&A&must always be a reference (and not a primitive value), this will necessarily fail at runtime (that is, it will throw an exception) if&B&refers to a primitive type.
instance-of vA, vB, type@CCCC
A:&destination register (4 bits)B:&reference-bearing register (4 bits)C:&type index (16 bits)
Store in the given destination register&1&if the indicated reference is an instance of the given type, or&0&if not.
Note:&Since&B&must always be a reference (and not a primitive value), this will always result in&0&being stored if&C&refers to a primitive type.
array-length vA, vB
A:&destination register (4 bits)B:&array reference-bearing register (4 bits)
Store in the given destination register the length of the indicated array, in entries
new-instance vAA, type@BBBB
A:&destination register (8 bits)B:&type index
Construct a new instance of the indicated type, storing a reference to it in the destination. The type must refer to a non-array class.
new-array vA, vB, type@CCCC
A:&destination register (8 bits)B:&size registerC:&type index
Construct a new array of the indicated type and size. The type must be an array type.
filled-new-array {vD, vE, vF, vG, vA}, type@CCCC
B:&array size and argument word count (4 bits)C:&type index (16 bits)D..G, A:&argument registers (4 bits each)
Construct an array of the given type and size, filling it with the supplied contents. The type must be an array type. The array&s contents must be single-word (that is, no arrays of&long&or&double, but reference types are acceptable). The constructed instance is stored as a &result& in the same way that the method invocation instructions store their results, so the constructed instance must be moved to a register with an immediately subsequent&move-result-objectinstruction (if it is to be used).
filled-new-array/range {vCCCC .. vNNNN}, type@BBBB
A:&array size and argument word count (8 bits)B:&type index (16 bits)C:&first argument register (16 bits)N = A + C & 1
Construct an array of the given type and size, filling it with the supplied contents. Clarifications and restrictions are the same as&filled-new-array, described above.
fill-array-data vAA, +BBBBBBBB&(with supplemental data as specified below in &fill-array-data&Format&)
A:&array reference (8 bits)B:&signed &branch& offset to table data pseudo-instruction (32 bits)
Fill the given array with the indicated data. The reference must be to an array of primitives, and the data table must match it in type and must contain no more elements than will fit in the array. That is, the array may be larger than the table, and if so, only the initial elements of the array are set, leaving the remainder alone.
A:&exception-bearing register (8 bits)
Throw the indicated exception.
A:&signed branch offset (8 bits)
Unconditionally jump to the indicated instruction.
Note:&The branch offset must not be&0. (A spin loop may be legally constructed either with&goto/32&or by including a&nop&as a target before the branch.)
goto/16 +AAAA
A:&signed branch offset (16 bits)
Unconditionally jump to the indicated instruction.
Note:&The branch offset must not be&0. (A spin loop may be legally constructed either with&goto/32&or by including a&nop&as a target before the branch.)
goto/32 +AAAAAAAA
A:&signed branch offset (32 bits)
Unconditionally jump to the indicated instruction.
packed-switch vAA, +BBBBBBBB&(with supplemental data as specified below in &packed-switch&Format&)
A:&register to testB:&signed &branch& offset to table data pseudo-instruction (32 bits)
Jump to a new instruction based on the value in the given register, using a table of offsets corresponding to each value in a particular integral range, or fall through to the next instruction if there is no match.
sparse-switch vAA, +BBBBBBBB&(with supplemental data as specified below in &sparse-switch&Format&)
A:&register to testB:&signed &branch& offset to table data pseudo-instruction (32 bits)
Jump to a new instruction based on the value in the given register, using an ordered table of value-offset pairs, or fall through to the next instruction if there is no match.
2d..31 23x
cmpkind&vAA, vBB, vCC2d: cmpl-float&(lt bias)2e: cmpg-float&(gt bias)2f: cmpl-double&(lt bias)30: cmpg-double&(gt bias)31: cmp-long
A:&destination register (8 bits)B:&first source register or pairC:&second source register or pair
Perform the indicated floating point or&long&comparison, storing&0&if the two arguments are equal,&1&if the second argument is larger, or&-1&if the first argument is larger. The &bias& listed for the floating point operations indicates how&NaNcomparisons are treated: &Gt bias& instructions return&1&for&NaN&comparisons, and &lt bias& instructions return&-1.
For example, to check to see if floating point&a & b, then it is advisable to usecmpg- a result of&-1&indicates that the test was true, and the other values indicate it was false either due to a valid comparison or because one or the other values was&NaN.
32..37 22t
if-test&vA, vB, +CCCC32: if-eq33: if-ne34: if-lt35: if-ge36: if-gt37: if-le
A:&first register to test (4 bits)B:&second register to test (4 bits)C:&signed branch offset (16 bits)
Branch to the given destination if the given two registers& values compare as specified.
Note:&The branch offset must not be&0. (A spin loop may be legally constructed either by branching around a backward&goto&or by including a&nop&as a target before the branch.)
38..3d 21t
if-testz vAA, +BBBB38: if-eqz39: if-nez3a: if-ltz3b: if-gez3c: if-gtz3d: if-lez
A:&register to test (8 bits)B:&signed branch offset (16 bits)
Branch to the given destination if the given register&s value compares with 0 as specified.
Note:&The branch offset must not be&0. (A spin loop may be legally constructed either by branching around a backward&goto&or by including a&nop&as a target before the branch.)
3e..43 10x
44..51 23x
arrayop&vAA, vBB, vCC44: aget45: aget-wide46: aget-object47: aget-boolean48: aget-byte49: aget-char4a: aget-short4b: aput4c: aput-wide4d: aput-object4e: aput-boolean4f: aput-byte50: aput-char51: aput-short
A:&va may be source or dest (8 bits)B:&array register (8 bits)C:&index register (8 bits)
Perform the identified array operation at the identified index of the given array, loading or storing into the value register.
52..5f 22c
iinstanceop&vA, vB, field@CCCC52: iget53: iget-wide54: iget-object55: iget-boolean56: iget-byte57: iget-char58: iget-short59: iput5a: iput-wide5b: iput-object5c: iput-boolean5d: iput-byte5e: iput-char5f: iput-short
A:&va may be source or dest (4 bits)B:&object register (4 bits)C:&instance field reference index (16 bits)
Perform the identified object instance field operation with the identified field, loading or storing into the value register.
Note:&These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset.
60..6d 21c
sstaticop&vAA, field@BBBB60: sget61: sget-wide62: sget-object63: sget-boolean64: sget-byte65: sget-char66: sget-short67: sput68: sput-wide69: sput-object6a: sput-boolean6b: sput-byte6c: sput-char6d: sput-short
A:&va may be source or dest (8 bits)B:&static field reference index (16 bits)
Perform the identified object static field operation with the identified static field, loading or storing into the value register.
Note:&These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset.
6e..72 35c
invoke-kind&{vD, vE, vF, vG, vA}, meth@CCCC6e: invoke-virtual6f: invoke-super70: invoke-direct71: invoke-static72: invoke-interface
B:&argument word count (4 bits)C:&method index (16 bits)D..G, A:&argument registers (4 bits each)
Call the indicated method. The result (if any) may be stored with an appropriatemove-result*&variant as the immediately subsequent instruction.
invoke-virtual&is used to invoke a normal virtual method (a method that is notstatic&or&final, and is not a constructor).
invoke-super&is used to invoke the closest superclass&s virtual method (as opposed to the one with the same&method_id&in the calling class).
invoke-direct&is used to invoke a non-static&direct method (that is, an instance method that is by its nature non-overridable, namely either a&privateinstance method or a constructor).
invoke-static&is used to invoke a&static&method (which is always considered a direct method).
invoke-interface&is used to invoke an&interface&method, that is, on an object whose concrete class isn&t known, using a&method_id&that refers to aninterface.
Note:&These opcodes are reasonable candidates for static linking, altering the method argument to be a more direct offset (or pair thereof).
74..78 3rc
invoke-kind/range {vCCCC .. vNNNN}, meth@BBBB74: invoke-virtual/range75: invoke-super/range76: invoke-direct/range77: invoke-static/range78: invoke-interface/range
A:&argument word count (8 bits)B:&method index (16 bits)C:&first argument register (16 bits)N = A + C & 1
Call the indicated method. See first&invoke-kind&description above for details, caveats, and suggestions.
79..7a 10x
7b..8f 12x
unop&vA, vB7b: neg-int7c: not-int7d: neg-long7e: not-long7f: neg-float80: neg-double81: int-to-long82: int-to-float83: int-to-double84: long-to-int85: long-to-float86: long-to-double87: float-to-int88: float-to-long89: float-to-double8a: double-to-int8b: double-to-long8c: double-to-float8d: int-to-byte8e: int-to-char8f: int-to-short
A:&destination register or pair (4 bits)B:&source register or pair (4 bits)
Perform the identified unary operation on the source register, storing the result in the destination register.
90..af 23x
binop&vAA, vBB, vCC90: add-int91: sub-int92: mul-int93: div-int94: rem-int95: and-int96: or-int97: xor-int98: shl-int99: shr-int9a: ushr-int9b: add-long9c: sub-long9d: mul-long9e: div-long9f: rem-longa0: and-longa1: or-longa2: xor-longa3: shl-longa4: shr-longa5: ushr-longa6: add-floata7: sub-floata8: mul-floata9: div-floataa: rem-floatab: add-doubleac: sub-doublead: mul-doubleae: div-doubleaf: rem-double
A:&destination register or pair (8 bits)B:&first source register or pair (8 bits)C:&second source register or pair (8 bits)
Perform the identified binary operation on the two source registers, storing the result in the first source register.
b0..cf 12x
binop/2addr vA, vBb0: add-int/2addrb1: sub-int/2addrb2: mul-int/2addrb3: div-int/2addrb4: rem-int/2addrb5: and-int/2addrb6: or-int/2addrb7: xor-int/2addrb8: shl-int/2addrb9: shr-int/2addrba: ushr-int/2addrbb: add-long/2addrbc: sub-long/2addrbd: mul-long/2addrbe: div-long/2addrbf: rem-long/2addrc0: and-long/2addrc1: or-long/2addrc2: xor-long/2addrc3: shl-long/2addrc4: shr-long/2addrc5: ushr-long/2addrc6: add-float/2addrc7: sub-float/2addrc8: mul-float/2addrc9: div-float/2addrca: rem-float/2addrcb: add-double/2addrcc: sub-double/2addrcd: mul-double/2addrce: div-double/2addrcf: rem-double/2addr
A:&destination and first source register or pair (4 bits)B:&second source register or pair (4 bits)
Perform the identified binary operation on the two source registers, storing the result in the first source register.
d0..d7 22s
binop/lit16 vA, vB, #+CCCCd0: add-int/lit16d1: rsub-int (reverse subtract)d2: mul-int/lit16d3: div-int/lit16d4: rem-int/lit16d5: and-int/lit16d6: or-int/lit16d7: xor-int/lit16
A:&destination register (4 bits)B:&source register (4 bits)C:&signed int constant (16 bits)
Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register.
Note:&rsub-int&does not have a suffix since this version is the main opcode of its family. Also, see below for details on its semantics.
d8..e2 22b
binop/lit8 vAA, vBB, #+CCd8: add-int/lit8d9: rsub-int/lit8da: mul-int/lit8db: div-int/lit8dc: rem-int/lit8dd: and-int/lit8de: or-int/lit8df: xor-int/lit8e0: shl-int/lit8e1: shr-int/lit8e2: ushr-int/lit8
A:&destination register (8 bits)B:&source register (8 bits)C:&signed int constant (8 bits)
Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register.
Note:&See below for details on the semantics of&rsub-int.
e3..ff 10x
packed-switch&Format
Description
ushort = 0x0100
identifying pseudo-opcode
number of entries in the table
first (and lowest) switch case value
list of&size&relative branch targets. The targets are relative to the address of the switch opcode, not of this table.
Note:&The total number of code units for an instance of this table is&(size * 2) + 4.
sparse-switch&Format
Description
ushort = 0x0200
identifying pseudo-opcode
number of entries in the table
list of&size&key values, sorted low-to-high
list of&size&relative branch targets, each corresponding to the key value at the same index. The targets are relative to the address of the switch opcode, not of this table.
Note:&The total number of code units for an instance of this table is&(size * 4) + 2.
fill-array-data&Format
Description
ushort = 0x0300
identifying pseudo-opcode
element_width
number of bytes in each element
number of elements in the table
data values
Note:&The total number of code units for an instance of this table is&(size * element_width + 1) / 2 + 4.
Mathematical Operation Details
Note:&Floating point operations must follow IEEE 754 rules, using round-to-nearest and gradual underflow, except where stated otherwise.
C Semantics
int32int32 result = -a;
Unary twos-complement.
int32int32 result = ~a;
Unary ones-complement.
int64int64 result = -a;
Unary twos-complement.
int64int64 result = ~a;
Unary ones-complement.
float result = -a;
Floating point negation.
neg-double
double result = -a;
Floating point negation.
int-to-long
int32int64 result = (int64)
Sign extension of&int32&into&int64.
int-to-float
int32float result = (float)
Conversion of&int32&to&float, using round-to-nearest. This loses precision for some values.
int-to-double
int32double result = (double)
Conversion of&int32&to&double.
long-to-int
int64int32 result = (int32)
Truncation of&int64&into&int32.
long-to-float
int64float result = (float)
Conversion of&int64&to&float, using round-to-nearest. This loses precision for some values.
long-to-double
int64double result = (double)
Conversion of&int64&to&double, using round-to-nearest. This loses precision for some values.
float-to-int
int32 result = (int32)
Conversion of&float&to&int32, using round-toward-zero.&NaN&and&-0.0&(negative zero) convert to the integer&0. Infinities and values with too large a magnitude to be represented get converted to either&0x7fffffff&or&-0x&depending on sign.
float-to-long
int64 result = (int64)
Conversion of&float&to&int64, using round-toward-zero. The same special case rules as for&float-to-int&apply here, except that out-of-range values get converted to either&0x7fffffffffffffff&or&-0x0000&depending on sign.
float-to-double
double result = (double)
Conversion of&float&to&double, preserving the value exactly.
double-to-int
int32 result = (int32)
Conversion of&double&to&int32, using round-toward-zero. The same special case rules as for&float-to-int&apply here.
double-to-long
int64 result = (int64)
Conversion of&double&to&int64, using round-toward-zero. The same special case rules as for&float-to-long&apply here.
double-to-float
float result = (float)
Conversion of&double&to&float, using round-to-nearest. This loses precision for some values.
int-to-byte
int32int32 result = (a && 24) && 24;
Truncation of&int32&to&int8, sign extending the result.
int-to-char
int32int32 result = a & 0
Truncation of&int32&to&uint16, without sign extension.
int-to-short
int32int32 result = (a && 16) && 16;
Truncation of&int32&to&int16, sign extending the result.
int32 a,int32 result = a +
Twos-complement addition.
int32 a,int32 result = a &
Twos-complement subtraction.
int32 a,int32 result = b &
Twos-complement reverse subtraction.
int32 a,int32 result = a *
Twos-complement multiplication.
int32 a,int32 result = a /
Twos-complement division, rounded towards zero (that is, truncated to integer). This throws&ArithmeticException&if&b == 0.
int32 a,int32 result = a %
Twos-complement remainder after division. The sign of the result is the same as that of&a, and it is more precisely defined as&result == a & (a / b) * b. This throws&ArithmeticException&if&b == 0.
int32 a,int32 result = a &
Bitwise AND.
int32 a,int32 result = a |
Bitwise OR.
int32 a,int32 result = a ^
Bitwise XOR.
int32 a,int32 result = a && (b & 0x1f);
Bitwise shift left (with masked argument).
int32 a,int32 result = a && (b & 0x1f);
Bitwise signed shift right (with masked argument).
uint32 a,int32 result = a && (b & 0x1f);
Bitwise unsigned shift right (with masked argument).
int64 a,int64 result = a +
Twos-complement addition.
int64 a,int64 result = a &
Twos-complement subtraction.
int64 a,int64 result = a *
Twos-complement multiplication.
int64 a,int64 result = a /
Twos-complement division, rounded towards zero (that is, truncated to integer). This throws&ArithmeticException&if&b == 0.
int64 a,int64 result = a %
Twos-complement remainder after division. The sign of the result is the same as that of&a, and it is more precisely defined as&result == a & (a / b) * b. This throws&ArithmeticException&if&b == 0.
int64 a,int64 result = a &
Bitwise AND.
int64 a,int64 result = a |
Bitwise OR.
int64 a,int64 result = a ^
Bitwise XOR.
int64 a,int64 result = a && (b & 0x3f);
Bitwise shift left (with masked argument).
int64 a,int64 result = a && (b & 0x3f);
Bitwise signed shift right (with masked argument).
uint64 a,int64 result = a && (b & 0x3f);
Bitwise unsigned shift right (with masked argument).
float a,float result = a +
Floating point addition.
float a,float result = a &
Floating point subtraction.
float a,float result = a *
Floating point multiplication.
float a,float result = a /
Floating point division.
float a,float result = a %
Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as&result == a & roundTowardZero(a / b) * b.
add-double
double a,double result = a +
Floating point addition.
sub-double
double a,double result = a &
Floating point subtraction.
mul-double
double a,double result = a *
Floating point multiplication.
div-double
double a,double result = a /
Floating point division.
rem-double
double a,double result = a %
Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as&result == a & roundTowardZero(a / b) * b.
Dalvik opcodes
http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
Dalvik opcodes
Vx values in the table denote a Dalvik register. Depending on the instruction, 16, 256 or 64k registers can be accessed. Operations on long and double values use two registers, e.g. a double value addressed in the V0 register occupies the V0 and V1 registers.
Boolean values are stored as 1 for true and 0 for false. Operations on booleans are translated into integer operations.
All the examples are in hig-endian format, e.g. 0F00 0A00 is coded as&0F, 00, 0A, 00 sequence.
Note there are no explanation/example at some instructions. This means that I have not seen that instruction &in the wild& and its presence/name is only known from&.
Opcode (hex)
Opcode name
Explanation
No operation
0000 & nop
move vx,vy
Moves the content of vy into vx. Both registers must be in the first 256 register range.
0110 & move v0, v1Moves v1 into v0.
move/from16 vx,vy
Moves the content of vy into vx. vy may be in the 64k register range while vx is one of the first 256 registers.
& move/from16 v0, v25Moves v25 into v0.
move-wide/from16 vx,vy
Moves a long/double value from vy to vx. vy may be in the 64k register range while wx is one of the first 256 registers.
& move-wide/from16 v22, v0Moves v0 into v22.
move-wide/16
move-object vx,vy
Moves the object reference from vy to vx.
0781 & move-object v1, v8Moves the object reference in v8 to v1.
move-object/from16 vx,vy
Moves the object reference from vy to vx, vy can address 64k registers and vx can address 256 registers.
& move-object/from16 v1, v21Move the object reference in v21 to v1.
move-object/16
move-result vx
Move the result value of the previous method invocation into vx.
0A00 & move-result v0Move the return value of a previous method invocation into v0.
move-result-wide vx
Move the long/double result value of the previous method invocation into vx,vx+1.
0B02 & move-result-wide v2Move the long/double result value of the previous method invocation into v2,v3.
move-result-object vx
Move the result object reference of the previous method invocation into vx.
0C00 & move-result-object v0
move-exception vx
Move the exception object reference thrown during a method invocation into vx.
0D19 & move-exception v25
return-void
Return without a return value
0E00 & return-void
Return with vx return value
0F00 & return v0Returns with return value in v0.
return-wide vx
Return with double/long result in vx,vx+1.
1000 & return-wide v0Returns with a double/long value in v0,v1.
return-object vx
Return with vx object reference value.
1100 & return-object v0Returns with object reference value in v0
const/4 vx,lit4
Puts the 4 bit constant into vx
1221 & const/4 v1, #int2Moves literal 2 into v1. The destination register is in the lower 4 bit in the second byte, the literal 2 is in the higher 4 bit.
const/16 vx,lit16
Puts the 16 bit constant into vx
& const/16 v0, #int 10Puts the literal constant of 10 into v0.
const vx, lit32
Puts the integer constant into vx
BC00 & const v0, #&&&&&&&&&&&&&&&&&&&// #00BC614EMoves literal&&&&&&&&&&&&&&&&&&&&into v0.
const/high16 v0, lit16
Puts the 16 bit constant into the topmost bits of the register. Used to initialize float values.
&&&&&&&& const/high16 v0, #float 10.0 // #Moves the floating literal of 10.0 into v0. The 16 bit literal in the instruction carries the top 16 bits of the floating point number.
const-wide/16 vx, lit16
Puts the integer constant into vx and vx+1 registers, expanding the integer constant into a long constant..
& const-wide/16 v0, #long 10Moves literal 10 into v0 and v1 registers.
const-wide/32 vx, lit32
Puts the 32 bit constant into vx and vx+1 registers, expanding the integer constant into a long constant.
bc00 & const-wide/32 v2, #long&&&&&&&&&&&&&&&&&&&&// #00bc614ePuts #&&&&&&&&&&&&&&&&&&&into v2 and v3 registers.
const-wide vx, lit64
Puts the 64 bit constant into vx and vx+1 registers.
b5d 54dc 2b00- const-wide v2, #long 34567 // #002bdc545d6b4b87Puts #34567 into v2 and v3 registers.
const-wide/high16 vx,lit16
Puts the 16 bit constant into the highest 16 bit of vx and vx+1 registers. Used to initialize double values.
&&&&&&&& const-wide/high16 v0, #double 10.0 // #Puts the double constant of 10.0 into v0 register.
const-string vx,string_id
Puts reference to a string constant identified by string_id into vx.
1A08 0000 & const-string v8, && // string@0000Puts reference to string@0000 (entry #0 in the string table) into v8.
const-string-jumbo
const-class vx,type_id
Moves the class object of a class identified by type_id (e.g. Object.class) into vx.
1C00 0100 & const-class v0, Test3 // type@0001Moves reference to Test3.class (entry#1 in the type id table) into
monitor-enter vx
Obtains the monitor of the object referenced by vx.
1D03 & monitor-enter v3Obtains the monitor of the object referenced by v3.
monitor-exit
Releases the monitor of the object referenced by vx.
1E03 & monitor-exit v3Releases the monitor of the object referenced by v3.
check-cast vx, type_id
Checks whether the object reference in vx can be cast to an instance of a class referenced by type_id. Throws ClassCastException if the cast is not possible, continues execution otherwise.
1F04 0100 & check-cast v4, Test3 // type@0001Checks whether the object reference in v4 can be cast to type@0001 (entry #1 in the type id table)
instance-of vx,vy,type_id
Checks whether vy