加固前奏2-替换application
運行加載過程
ActivityThread.JAVA
Application app = data.info.makeApplication(data.restrictedBackupMode, null);
?? ??? ??? ??? ??? ??? ??? ?->進入LoadedApk.java
?? ??? ??? ??? ??? ??? ??? ??? ??? ?String appClass = mApplicationInfo.className;
?? ??? ??? ??? ??? ??? ??? ??? ??? ?app.attachBaseContext()?? ??? ?//可控函數
?? ??? ??? ??? ??? ??? ??? ??? ??? ?...
?? ??? ??? ??? ??? ??? ??? ??? ??? ?mActivityThread.mAllApplications.add(app);
?? ??? ??? ??? ??? ??? ??? ??? ??? ?mApplication = app;
?? ??? ??? ??? ??? ??? ??? ?<-退出
mInitialApplication = app;
mInstrumentation.callApplicationOnCreate(app);
?? ??? ??? ??? ??? ??? ??? ?->?? ?app.onCreate()?? ??? ??? ??? ?//可控函數
?
onCreate中實現
Object currentActivityThread = javaRef.invokeStaticMethod("android.app.ActivityThread", "currentActivityThread",new Class[]{}, new Object[]{});Object mBoundApplication = javaRef.getFieldValue("android.app.ActivityThread", "mBoundApplication", currentActivityThread); Object loadedApk = javaRef.getFieldValue("android.app.ActivityThread$AppBindData", "info", mBoundApplication); javaRef.setFieldValue("android.app.LoadedApk", "mApplication", loadedApk, null); ApplicationInfo applicationInfo_loadapk = (ApplicationInfo) javaRef.getFieldValue("android.app.LoadedApk", "mApplicationInfo", loadedApk); String desAppName = "com.cc.shell.MyApplication"; applicationInfo_loadapk.className = desAppName; Application oldApplication = (Application) javaRef.getFieldValue("android.app.ActivityThread", "mInitialApplication", currentActivityThread); ArrayList<Application> mAllApplications = (ArrayList<Application>) javaRef.getFieldValue("android.app.ActivityThread", "mAllApplications", currentActivityThread); mAllApplications.remove(oldApplication); Application realApp = (Application) javaRef.invokeMethod("android.app.LoadedApk", "makeApplication", loadedApk , new Class[]{boolean.class, Instrumentation.class}, new Object[]{false, null}); realApp.onCreate(); javaRef.setFieldValue("com.android.ActivityThread", "mInitialApplication", currentActivityThread, realApp);?
轉載于:https://www.cnblogs.com/lyxin/p/10052313.html
總結
以上是生活随笔為你收集整理的加固前奏2-替换application的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: mysql数据库文件的真实的物理存储位置
- 下一篇: 数据结构——树、森林和二叉树之间的转换