一种基于编译辅助的odex文件重写方法

doi:10.3969/j.issn.1671-1122.2026.02.007

摘要/Abstract

摘要：

移动操作系统通过预先编译将应用中的字节码翻译为机器码并存储在odex文件中，以提升应用的启动和运行效率。然而，系统框架代码更新后odex文件会失效，导致应用需要重新编译，影响用户体验。对已有odex文件进行静态重写可避免重新编译，但是现有的静态重写技术较少关注odex文件及系统环境变化引发的重写问题。针对上述问题，文章提出一种基于编译辅助的odex文件重写方法，利用编译过程中收集的指令信息，指导对odex文件的精准静态重写，使其适应不同的系统环境。基于该方法实现原型系统，并对50个高流行度的应用进行了实验评估。实验结果表明，该原型系统能够有效实现odex文件重写，与重新编译应用相比，重写odex文件的时间开销平均仅为重新编译时间的6.85%。

关键词: 移动操作系统应用, 编译辅助, 二进制重写, odex

Abstract:

The mobile operating system translates application bytecode into machine code through pre-compilation and stores it in odex files to improve application startup and runtime efficiency. However, system framework updates invalidate these odex files, necessitating application recompilation and degrading user experience. One approach to avoid recompilation was to statically rewrite existing odex files, but existing static rewriting technologies paid little attention to odex files and the rewriting challenges posed by system environment changes. To address these issues, this paper proposed a compiler-assisted odex file rewriting method. During compilation, this method collected instruction information to guide precise static rewriting and adapt odex files to new system environments. This paper implemented a prototype system based on this method and evaluated it on 50 popular applications. The experimental results show that the method effectively rewrites odex files. The average time cost for rewriting is only 6.85% of the time required for recompilation.

Key words: mobile operating system application, compiler-assisted, binary rewriting, odex

中图分类号:

TP309

程龙, 解梦飞, 吴鸿涛, 傅建明. 一种基于编译辅助的odex文件重写方法[J]. 信息网络安全, 2026, 26(2): 263-273.

CHENG Long, XIE Mengfei, WU Hongtao, FU Jianming. A Compiler-Assisted odex File Rewriting Method[J]. Netinfo Security, 2026, 26(2): 263-273.

图/表 13

图1

图2

表1

图3

图4

图5

表2

图6

图7

图8

图9

图10

表3

参考文献 20

[1]	StatCounter. Operatign System Market Share Worldwide[EB/OL]. (2024-10-31)[2024-10-31]. https://gs.statcounter.com/os-market-share.
[2]	MA Yun, LIU Xuanzhe, LIU Yi, et al. A Tale of Two Fashions: An Empirical Study on the Performance of Native Apps and Web Apps on Android[J]. IEEE Transactions on Mobile Computing, 2018, 17(5): 990-1003. doi: 10.1109/TMC.2017.2756633 URL
[3]	MA Sijun, XIAO Rong, CHENG Jiangwei. Research on Performance Data Acquisition Probe of Android Application[J]. Computer Applications and Software, 2017, 34(7): 192-197.
	马思峻, 肖荣, 成江伟. Android应用性能数据采集探针研究[J]. 计算机应用与软件, 2017, 34(7): 192-197.
[4]	VISOCHAN A, STROGANOV A, TITARENKO I, et al. Method for Profile-Guided Optimization of Android Applications Using Random Forest[J]. IEEE Access, 2022, 10: 109652-109662. doi: 10.1109/ACCESS.2022.3214971 URL
[5]	Google. Android Runtime and Dalvik[EB/OL]. (2024-04-26)[2024-10-31]. https://source.android.com/docs/core/runtime.
[6]	Google. Configure ART[EB/OL]. (2024-04-26)[2024-10-31]. https://source.android.com/docs/core/runtime/configure.
[7]	HARSHA K. How Many Apps Does the Average Person Have?[EB/OL]. (2023-06-16)[2024-10-31]. https://dataprot.net/statistics/how-many-apps-does-the-average-person-have/.
[8]	SMITHSON M, ELWAZEER K, ANAND K, et al. Static Binary Rewriting without Supplemental Information: Overcoming the Tradeoff between Coverage and Correctness[C]// IEEE. 2013 20th Working Conference on Reverse Engineering (WCRE). New York: IEEE, 2013: 52-61.
[9]	DI F A, PAYER M, AGOSTA G. Rev.ng: A Unified Binary Analysis Framework to Recover CFGs and Function Boundaries[C]// ACM. The 26th International Conference on Compiler Construction. New York: ACM, 2017: 131-141.
[10]	DINABURG A, RUEF A. Mcsema: Static Translation of x86 Instructions to LLVM IR[EB/OL]. (2024-04-26)[2024-10-31]. https://github.com/trailofbits/publications/tree/master/presentations/McSema%20-%20Static%20Translation%20of%20x86%20instructions%20to%20LLVM%20IR.
[11]	WANG Ruoyu, SHOSHITAISHVILI Y, BIANCHI A, et al. Ramblr: Making Reassembly Great Again[EB/OL]. (2017-10-05)[2024-10-31]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_10-5_Wang_paper_0.pdf.
[12]	WANG Shuai, WANG Pei, WU Dinghao. Reassembleable Disassembling[EB/OL]. (2015-08-12)[2024-10-31]. https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-wang-shuai.pdf.
[13]	HISER J D, NGUYEN-TUONG A, CO M, et al. A Framework for Creating Binary Rewriting Tools (Short Paper)[C]// IEEE. 2014 Tenth European Dependable Computing Conference. New York: IEEE, 2014: 142-145.
[14]	WILLIAMS-KING D, KOBAYASHI H, WILLIAMS-KING K, et al. Egalito: Layout-Agnostic Binary Recompilation[C]// ACM. The Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2020: 133-147.
[15]	PARZEFALL F, DESHPANDE C, HETZELT F, et al. What You Trace Is What You Get: Dynamic Stack-Layout Recovery for Binary Recompilation[C]// ACM. The 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2. New York:ACM, 2024: 1250-1263.
[16]	DUCK G J, GAO Xiang, ROYCHOUDHURY A. Binary Rewriting without Control Flow Recovery[C]// ACM. The 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2020: 151-163.
[17]	DI B L, MOGHADDAS H, PAYER M. ARMore: Pushing Love Back Into Binaries[C]// USENIX. The 32nd USENIX Security Symposium (USENIX Security 23). Berkeley: USENIX, 2023: 6311-6328.
[18]	KOO H, CHEN Yaohui, LU Long, et al. Compiler-Assisted Code Randomization[C]// IEEE. 2018 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2018: 461-477.
[19]	XIE Mengfei, LIN Yan, LUO Chenke, et al. PointerScope: Understanding Pointer Patching for Code Randomization[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(4): 3019-3036. doi: 10.1109/TDSC.2022.3203043 URL
[20]	Google. Dalvik Bytecode Format[EB/OL]. (2024-08-05)[2024-10-31]. https://source.android.com/docs/core/runtime/dalvik-bytecode.

高级抽象结构	涉及指令
type	const-class, check-cast, instance-of, new-instance, new-array, filled-new-array*
string	const-string, const-string/jumbo
field	iinstanceop, sstaticop
meth	invoke-kind, invoke-polymorphic
proto	invoke-polymorphic*, const-method-type
call_site	invoke-custom*

高级抽象结构	是否静态	访问方式
type	—	重定位段基址+索引
string	—	重定位段基址+索引
field	否	偏移
field	是	重定位段基址+索引+偏移
meth	否	偏移
meth	是	重定位段基址+索引+偏移

应用包名	产物大小 /MB	编译时间/s	编译额外时间/s	重写时间/s	节约时间 /s	保存dex时间/s
com.baidu.netdisk	699	52.36	14.31	4.09	33.96	0.88
com.eg.android.AlipayGphone	649	40.45	5.97	5.25	29.23	0.61
com.ss.android.article.news	630	42.50	7.27	2.24	32.97	0.81
com.tencent.qqlive	668	53.70	10.57	6.71	36.41	1.23
com.tencent.qqmusic	626	44.44	10.15	7.28	27.00	0.95
tv.danmaku.bili	585	43.95	11.12	3.39	29.43	1.04
com.baidu.searchbox	545	34.34	8.22	2.56	23.55	0.64
com.smile.gifmaker	553	43.64	3.69	2.24	37.71	1.01
com.ss.android.article.lite	531	35.14	4.81	1.58	28.74	0.69
com.cat.readall	535	39.06	7.10	2.07	29.89	0.68