The this Reference

For every instance (virtual, non-static) method in Dalvik, the first parameter is a reference to itself, or, in Java, the this reference. I wanted to know if it was legal to reassign the register value.

Just so I’m sure you know what I’m talking about, here’s a simple Java class with an instance method called instanceMethod:

1
2
3
4
5
6
7

public class Instance {
    private int number = 5;

    public int instanceMethod() {
        return this.number;
    }
}

Read More

The Problem

Dalvik doesn’t have a proper null type. A null is represented by a 0. Consider this example Smali code:
const/4 v0, 0x0

It could actually represent a few of different types:

• int v0 = 0;
• boolean v0 = false;
• byte v0 = 0x0;
• short v0 = 0;
• And even: v0 = null;

  Read More

Everyone knows anti-virus products suck and you can say anti-virus sucks for many different reasons and at different levels. You could start with obvious, surface level reasons: anti-virus software (AV) sucks because it’s slow, klunky, self-advertising garbage that slows your machine down. From there, you could move on to more perceptive complaints such as how it hardly ever detects new malware and almost certainly will not detect fancypants, bespoke, advanced persistent threats (APT). You could still deeper and claim that there’s something wrong with an industry that thrives on selling people fear and selling companies mere compliance so their insurance doesn’t laugh in their faces when they try to collect after getting their gibson’s backdoor hacked.

The obvious question is then why do AV products suck? Malware is a big problem that costs people money and heartache all the time. Why isn’t this solved better? Need to understand the problem at the most fundamental level. For me, this means understanding the condition in terms of economics principals–incentives, constraints, market forces at work, and so on. Once you understand something at this level, you can usually extrapolate most of the symptoms yourself and, importantly, you’ll have a much better idea of how to actually fix it. This brings me to my main thesis: AV software sucks because it’s impossible for the market to be informed and to meaningfully differentiate between products and objectively determine which one is better. Because of this, there isn’t much incentive for companies to make lean, clean, optimized, AV products with amazing, complex detection capabilities and behavior analysis. They can’t compete on quality, because people can’t tell the difference between great and crap, so they have to compete on sales and advertising.

Read More

Why

While working on a new class loading system for SmaliVM, I needed to understand exactly how DalvikVM handles the case of a DEX file including a system / framework class such as Ljava/lang/Object;. I’d originally assumed, naively, in retrospect, that class files in a DEX file should take precedence. Thinking about this for a half second, I have no idea what the hell I was thinking. That would be stupid.

Read More