當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

加固前奏2-替换application

發布時間：2025/3/20 编程问答 24 豆豆

生活随笔收集整理的這篇文章主要介紹了加固前奏2-替换application 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

運行加載過程
ActivityThread.JAVA
Application app = data.info.makeApplication(data.restrictedBackupMode, null);
?? ??? ??? ??? ??? ??? ??? ?->進入LoadedApk.java
?? ??? ??? ??? ??? ??? ??? ??? ??? ?String appClass = mApplicationInfo.className;
?? ??? ??? ??? ??? ??? ??? ??? ??? ?app.attachBaseContext()?? ??? ?//可控函數
?? ??? ??? ??? ??? ??? ??? ??? ??? ?...
?? ??? ??? ??? ??? ??? ??? ??? ??? ?mActivityThread.mAllApplications.add(app);
?? ??? ??? ??? ??? ??? ??? ??? ??? ?mApplication = app;
?? ??? ??? ??? ??? ??? ??? ?<-退出
mInitialApplication = app;
mInstrumentation.callApplicationOnCreate(app);
?? ??? ??? ??? ??? ??? ??? ?->?? ?app.onCreate()?? ??? ??? ??? ?//可控函數

onCreate中實現

Object currentActivityThread = javaRef.invokeStaticMethod("android.app.ActivityThread", "currentActivityThread",new Class[]{}, new Object[]{});Object mBoundApplication = javaRef.getFieldValue("android.app.ActivityThread", "mBoundApplication", currentActivityThread); Object loadedApk = javaRef.getFieldValue("android.app.ActivityThread$AppBindData", "info", mBoundApplication); javaRef.setFieldValue("android.app.LoadedApk", "mApplication", loadedApk, null); ApplicationInfo applicationInfo_loadapk = (ApplicationInfo) javaRef.getFieldValue("android.app.LoadedApk", "mApplicationInfo", loadedApk); String desAppName = "com.cc.shell.MyApplication"; applicationInfo_loadapk.className = desAppName; Application oldApplication = (Application) javaRef.getFieldValue("android.app.ActivityThread", "mInitialApplication", currentActivityThread); ArrayList<Application> mAllApplications = (ArrayList<Application>) javaRef.getFieldValue("android.app.ActivityThread", "mAllApplications", currentActivityThread); mAllApplications.remove(oldApplication); Application realApp = (Application) javaRef.invokeMethod("android.app.LoadedApk", "makeApplication", loadedApk , new Class[]{boolean.class, Instrumentation.class}, new Object[]{false, null}); realApp.onCreate(); javaRef.setFieldValue("com.android.ActivityThread", "mInitialApplication", currentActivityThread, realApp);

轉載于:https://www.cnblogs.com/lyxin/p/10052313.html

總結

以上是生活随笔為你收集整理的加固前奏2-替换application的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： mysql数据库文件的真实的物理存储位置
下一篇：数据结构——树、森林和二叉树之间的转换