Back to Details

rev-dex-dumper

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

rev-dex-dumper - Android DEX Dumper

rev-dex-dumper - Android DEX 导出工具

Dump DEX files from a running Android application's memory using 
panda-dex-dumper
via ADB.
通过ADB使用
panda-dex-dumper
从运行中的Android应用内存中导出DEX文件。

Tool Location

工具位置

The 
panda-dex-dumper
binary is bundled in this skill's directory. Resolve its absolute path relative to this SKILL.md file:
skills/rev-dex-dumper/panda-dex-dumper
panda-dex-dumper
二进制文件已捆绑在此skill的目录中。请根据本SKILL.md文件解析其绝对路径:
skills/rev-dex-dumper/panda-dex-dumper

Workflow

工作流程

1. Push the tool to device

1. 将工具推送至设备

bash
adb push <path-to>/panda-dex-dumper /data/local/tmp/
adb shell chmod +x /data/local/tmp/panda-dex-dumper
bash
adb push <path-to>/panda-dex-dumper /data/local/tmp/
adb shell chmod +x /data/local/tmp/panda-dex-dumper

2. Determine target package name

2. 确定目标包名

If the user provides a package name, use it directly. Otherwise, get the foreground app:
bash
adb shell dumpsys activity top | grep 'ACTIVITY' | tail -1 | awk '{print $2}' | cut -d/ -f1
如果用户提供了包名,则直接使用该包名。否则,获取前台应用的包名:
bash
adb shell dumpsys activity top | grep 'ACTIVITY' | tail -1 | awk '{print $2}' | cut -d/ -f1

3. Run the dumper

3. 运行导出工具

bash
adb shell "cd /data/local/tmp && ./panda-dex-dumper -p $(adb shell pidof <package_name>)"
The dumped DEX files are saved to 
/data/local/tmp/panda/
on the device.
bash
adb shell "cd /data/local/tmp && ./panda-dex-dumper -p $(adb shell pidof <package_name>)"
导出的DEX文件将保存至设备上的
/data/local/tmp/panda/
目录。

4. Pull DEX files to host

4. 将DEX文件拉取至主机

bash
adb pull /data/local/tmp/panda/ ./
Pull to the user's current working directory.
bash
adb pull /data/local/tmp/panda/ ./
拉取至用户当前的工作目录。

5. Clean up device cache

5. 清理设备缓存

bash
adb shell rm -rf /data/local/tmp/panda/
adb shell rm /data/local/tmp/panda-dex-dumper
bash
adb shell rm -rf /data/local/tmp/panda/
adb shell rm /data/local/tmp/panda-dex-dumper

Guidelines

注意事项

  1. Always verify ADB connection first — run 
    adb devices
    and confirm a device is listed before proceeding.
  2. Root may be required
    panda-dex-dumper
    uses 
    ptrace
    to attach to the target process. If the device is not rooted, the dump will fail. Suggest 
    adb root
    or running via 
    su
    if needed.
  3. Wait for app to fully load — if the user is dumping a packed app, the real DEX is only available after the packer's class loader has decrypted it. Advise the user to navigate past the splash screen before dumping.
  4. Handle pidof failure — if 
    pidof
    returns empty, the app may not be running. Launch it first with 
    adb shell monkey -p <package_name> -c android.intent.category.LAUNCHER 1
    .
  5. Multiple DEX files are normal — packed apps often produce several DEX files. All files in 
    /data/local/tmp/panda/
    should be pulled.
  6. Always clean up — remove both the dumped DEX files and the tool binary from the device after pulling results to avoid leaving artifacts.
  1. 始终先验证ADB连接 —— 运行
    adb devices
    并确认设备已列出后再继续操作。
  2. 可能需要Root权限 —— 
    panda-dex-dumper
    使用
    ptrace
    来附加到目标进程。如果设备未Root,导出操作将失败。必要时建议使用
    adb root
    或通过
    su
    运行。
  3. 等待应用完全加载 —— 如果用户要导出加壳应用的DEX,真实的DEX文件仅在壳的类加载器完成解密后才会可用。建议用户在跳过启动页后再进行导出操作。
  4. 处理pidof失败的情况 —— 如果
    pidof
    返回空值,说明应用可能未运行。请先使用
    adb shell monkey -p <package_name> -c android.intent.category.LAUNCHER 1
    启动应用。
  5. 多个DEX文件属于正常情况 —— 加壳应用通常会生成多个DEX文件。应拉取
    /data/local/tmp/panda/
    目录下的所有文件。
  6. 始终进行清理 —— 拉取结果后,务必从设备中删除导出的DEX文件和工具二进制文件,避免留下残留文件。