Created
December 18, 2023 17:30
-
-
Save YSaxon/65823ba1f4e6682be8bb13303295d48d to your computer and use it in GitHub Desktop.
extract a dexfile from a memory dump
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def find_and_extract_dex(file_path, output_path): | |
| try: | |
| with open(file_path, 'rb') as file: | |
| data = file.read() | |
| # DEX file header magic number and offset for file size | |
| dex_magic = b'dex\n' | |
| size_offset = 32 | |
| size_length = 4 | |
| # Search for the DEX header | |
| dex_start = data.find(dex_magic) | |
| if dex_start == -1: | |
| print("No DEX header found.") | |
| return False | |
| print(f"DEX header found at offset {dex_start}") | |
| # Extract the size of the DEX file | |
| dex_size = int.from_bytes(data[dex_start + size_offset:dex_start + size_offset + size_length], 'little') | |
| print(f"DEX file size is {dex_size} bytes") | |
| # Extract the DEX file | |
| dex_data = data[dex_start:dex_start + dex_size] | |
| with open(output_path, 'wb') as output_file: | |
| output_file.write(dex_data) | |
| print(f"DEX file extracted to {output_path}") | |
| return True | |
| except Exception as e: | |
| print(f"An error occurred: {e}") | |
| return False | |
| # Example usage | |
| input_file = 'memdump' | |
| output_file = 'extracted.dex' | |
| find_and_extract_dex(input_file, output_file) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment