# hluwa/frida-dexdump **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/hluwa-frida-dexdump).** 4,487 stars · 942 forks · Python · gpl-3.0 · archived ## Links - GitHub: https://github.com/hluwa/frida-dexdump - awesome-repositories: https://awesome-repositories.com/repository/hluwa-frida-dexdump.md ## Description frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are damaged, and uses memory-scanning byte matching to locate executable binary blobs across process heap and mapped memory regions. This enables recovery of packed DEX files that standard tools would miss. The tool operates by injecting a JavaScript agent into a running Android process via Frida, communicating scan results and extracted data over a bidirectional RPC channel. It scans process memory for Dalvik Executable magic bytes and structural markers, then reconstructs headers by matching internal data layout patterns against known byte-sequence signatures. The deployment approach uses dynamic instrumentation to run without system modifications, enabling simple installation and removal. ## Tags ### Security & Cryptography - [Memory Forensics](https://awesome-repositories.com/f/security-cryptography/memory-forensics.md) — A memory analysis utility that recovers obfuscated or packed DEX files from running Android applications. - [Android Application Reverse Engineering](https://awesome-repositories.com/f/security-cryptography/android-application-reverse-engineering.md) — Recovering obfuscated or packed DEX files from running Android applications for security analysis and reverse engineering. - [DEX Magic Byte Scanning](https://awesome-repositories.com/f/security-cryptography/binary-pattern-matching/byte-literal-pattern-matching/dex-magic-byte-scanning.md) — Scans process heap and mapped memory regions for Dalvik Executable magic bytes and structural markers using pattern-based search. ### Data & Databases - [Binary Header Reconstruction](https://awesome-repositories.com/f/data-databases/file-header-identifiers/binary-header-reconstruction.md) — Rebuilds corrupted or missing DEX file headers by matching internal data layout patterns against known byte-sequence signatures. ### Development Tools & Productivity - [Heuristic DEX Boundary Detection](https://awesome-repositories.com/f/development-tools-productivity/binary-boundary-detection/heuristic-dex-boundary-detection.md) — Identifies DEX file boundaries in memory by heuristic analysis of class definitions and method offsets rather than relying on intact headers. - [Android DEX Dumpers](https://awesome-repositories.com/f/development-tools-productivity/java-bytecode-viewers/dex-to-class-converters/android-dex-dumpers.md) — A tool that extracts Dalvik Executable files from Android process memory using the Frida instrumentation framework. - [DEX File Recovery](https://awesome-repositories.com/f/development-tools-productivity/java-bytecode-viewers/dex-to-class-converters/dex-file-recovery.md) — Extracting Dalvik Executable files from active app processes without modifying the Android system. ([source](https://github.com/hluwa/frida-dexdump#readme)) - [Memory Pattern Searching](https://awesome-repositories.com/f/development-tools-productivity/memory-pattern-searching.md) — Scanning process memory with heuristic boundary detection and byte sequence matching to locate executable binary blobs. - [Android Runtime Analyzers](https://awesome-repositories.com/f/development-tools-productivity/php-application-profilers/runtime-state-analyzers/android-runtime-analyzers.md) — A dynamic instrumentation tool that inspects Android process memory and reconstructs executable binary blobs. ### Networking & Communication - [Frida Agent RPC Channels](https://awesome-repositories.com/f/networking-communication/agent-client-communication-protocols/frida-agent-rpc-channels.md) — Communicates scan results and extracted data between the injected Frida agent and the host-side Python tool over a bidirectional RPC channel. ### Operating Systems & Systems Programming - [Non-Modifying Deployments](https://awesome-repositories.com/f/operating-systems-systems-programming/android-system-modification/non-modifying-deployments.md) — Deploys via a dynamic instrumentation tool without altering the Android system, enabling one-click installation and easy cleanup. ([source](https://github.com/hluwa/frida-dexdump#readme)) - [Live Memory Dumpers](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-memory-dumping/memory-dump-parsers/live-memory-dumpers.md) — Scans a running app's memory for Dalvik Executable files and extracts them for offline analysis. ([source](https://github.com/hluwa/frida-dexdump#readme)) - [Process Memory Access](https://awesome-repositories.com/f/operating-systems-systems-programming/process-memory-access.md) — Reads and iterates over the address space of a live Android application to locate executable binary blobs without filesystem access. - [Frida-Based Instrumentation](https://awesome-repositories.com/f/operating-systems-systems-programming/system-instrumentation-frameworks/android-instrumentation/frida-based-instrumentation.md) — Using the Frida dynamic instrumentation framework to inspect and dump process memory on Android runtimes.