Common Views

To visualize a unit, double-click on its node in the Project Explorer panel, or right-click and select Open, View.

The view for a unit is a placeholder for one or more fragments, representing unit documents. For example, a DEX unit (which is the analysis result of an Android DEX file) is visually rendered by several fragments, including:

Note: Some types of documents provide addressing support. Addressing support is a necessary requirement to enable interactive actions such as navigation and cross-referencing, as will be discussed later.

The following sub-sections provide examples of common fragments and views encountered when analyzing binary files:

Description Documents

The Description document is a standard buffer of text provided by all units. It contains a small body of text presenting various characteristics of the unit, including whether or not it contains children units.

Hex Dump Documents

The Hex Dump document is a hexadecimal representation of the input artifact. This document can efficiently represent artifacts of a size up to 2^63 bytes.

Helper widgets are provided for easy visualization of unpacked byte sequences.

Text Documents

Units commonly provide interactive text documents to represent their contents. Text documents are addressable. Those views can efficiently represent extremely large bodies of text - up to billions of lines if necessary.

The navigation bar, vertically positioned on the right-hand side of the document by default, allows navigating the document.

Examples include: assembly documents, xml documents, decompiled code documents, etc.

TODO: document the bar features.

Table Documents

Units may provide table documents to represent their contents. Table documents are addressable.

Tree Documents

Units may provide tree documents to represent their contents. Tree documents are addressable.

Example: Interactive Simple Tree: Code Hierarchy

Code hierarchies are interactive trees that allow navigation to code items, such as methods or routines.

Example: Static Table Tree: Digital Certificate Data

Parsed certificate can be represented as static table tree documents. For example, the APK module produces such documents.

Another example of a table tree (for which each node is a row within a table) is the global structure of a PDF document produced by the PDF plugin.

Mime-typed Documents

A unit may issue mime-typed documents. It is up to front-end clients to implement rendering engines for some of those types. For example, the official RCP client render various image types.

Custom Documents

Specialized units, such as debugger or native code units, offer access to specific data that does not fit in standard document categories. It is up to the front-end to render whatever is deemed necessary.

For example, the RCP client produces 6 or 7 specialized views to represent debugger units (such as breakpoints, threads, locals, memory, ..).

Specialized views are described in sections dealing with specialized units, eg debuggers or native disassemblers.