When starting the UI client without specifying an input file, JEB will display an empty workspace that's using a three-part layout:
- Project explorer on the left side
- Logger, Terminal, Quick Search at the bottom
- Empty area in the center
Starting an Analysis#
To start an analysis, open a file (or reload a saved analysis stored in a
.jdb2 file) via the File menu.
A new project will be created, the input file will be processed and analyzed.
Example: Processing an APK file#
If your input file was an Android application, the app is processed by various Android analysis plugins:
- The APK plugin takes care of unbundling the app, decoding the manifest and resources
- The DEX plugin performs the analysis and disassembly of the DEX bytecode file (or files)
- The XML parser analyzes XML resources
- The Certificate plugin analyzes the certificate
- ... and so on.
JEB performs recursive analysis on input artifacts and units, using the loaded parser plugins.
The project explorer tree should display a Bytecode node, representing the DEX unit (more on the concept of units later). The DEX views should be opened automatically by the UI client, as they are detected as the principal views of an APK artifact.
Your workspace should look like:
The workspace can be customized by the user:
- Views can be dragged and dropped, resized, stacked and docked with other views
- Views can be detached and placed in separate windows - something particularly useful for multi-monitor setups.
The Project Explorer contains three types of nodes:
- The top-most entity accessible within the UI client is a project. Currently, the UI client can only handle a single project per session.
- A project contains various artifacts, which represent data to be analyzed. Artifacts are usually files read from the local file system
- The analysis of artifacts yield units (and sub-units). E.g., the analysis of an Android DEX file artifact will yield at least one DEX unit representing the bytecode of that DEX file.
- Users of the graphical client interact with units through views that contain fragments representing various aspects of a unit. Fragments are rendered in tabs, selectable at the bottom of a view.
- Most units are interactive. Users can interact with them through a variety of ways, including via actions, available in the similarly-named menu.
The screen capture below summarizes common elements present and visible in the workspace when analyzing a file:
Back-end JEB objects#
The Project Explorer elements are representing back-end components documented in the API reference. The image below summarizes a project's top-most components hierarchically: