GDA Decompiler FAQ Summary
In recent years, peoples from many different country or region such as have asked me many questions, which are a bit too busy to meet. It's true that I don't have a complete usage document, which brings me a lot of trouble. Who can help me? Many of the questions are of the same category, some of which are more repetitive. Therefore, here I will put forward some of the questions related to GDA decompiler and the high-frequency questions in using skills, and give the corresponding answers. There are also background questions, which are not listed below.
The decompiler of GDA is absolutely the new Dalvik bytecode decompiler developed by the author independently. It is the smallest size and the fastest analysis speed. See Introduction:
2. how to do the package analysis of several Dexs in one time for DEXs dumped by GDA dumper in device memory?
Create a new directory and move them into the new, and rename them as classes.dex, classes2.dex, classes3.dex, classes4.dex..., and then drag the file classes.dex into GDA for analysis, GDA will automatically be decompiled together. If you have `AndroidManifest.xml and put it into the same directory, GDA automatically performs association analysis.
For games or large APK files, such as APK over 200M even 1GB, you can modify the suffix of the APK file to zip, and then unzip it and drag the file classes.dex into GDA to improve the efficiency of analysis. For example, someone has analyzed the following more than 1.8G APK
It doesn't complete after 20 minutes, sometimes it can be a problem waiting for the unpacking to timeout. But if you decompress and analyze it, it just takes less than 6 seconds.
See here: https://zhuanlan.zhihu.com/p/26341224
The time and energy are limited at present, and it is not intended to support debugger functionality for the time being.
I have tried to write one with c++, but it takes too much time and unstable, with limited energy and time. There is also no stable c/c++ open source project at present(maybe I could not find it). Some people also ask why not use the existing resource parsing library by jar to parse it like the other decompiler? In order to keep independence, no third-party Java libraries are used.
GDA provides three searching modes: global-search, page-search, and tree-box-search. Global-search is on the toolbar, press and enjoys it(Supports accurate matching("string"), fuzzy matching(str) and regular matching(~"string"); page-search can be called out by CTR+F in the code display box, XML code box and dumper display box; the tree-search is slightly hidden, you need to move the mouse to the bottom of the tree, and the search box will automatically appear (disappears after mouse leaving), and you search class real-time.
GDA was originally personal (I have started to play with reverse engineering since 2007 and always wanted to write a compiler of my own. Decompiler is the most infrastructure software system in reverse engineering and security, just as it is important for programmers.) , after nearly six years of free, a professional version was issued to be able to maintain the project continuously. In order to keep GDA free to use, the free version does not remove any features. Besides providing full decompiler analysis features, I will continue to optimize and add new features for free. See the differences:
http://www.gda.wiki:9090/buy.php?language=en
It is intended to enable serval windows after 3.91.
Yes. When you double-click an interface method in decompiled code, the interface method, and implementation method will pop up automatically. You can select one of them for decompilation.
Because the official website of GDA is a PHP website built and developed by myself, the port is limited by the ISP. At present, the server can only be worked with more than 9000 ports.
I am also very helpless, see here for possible reasons: https://github.com/charles2gan/GDA-android-reversing-Tool#%CB%87-false-positive-report