文章目录
查看Android手机的cpu是32位还是64位
adb shell getprop ro.product.cpu.abi
C:\Users\Administrator>adb devices
List of devices attached
* daemon started successfully
1fd81cb07d64 device
C:\Users\Administrator>adb shell getprop ro.product.cpu.abi
arm64-v8a
进入退出adb shell
把adb.exe
所在目录加入到path环境变量中,这时直接在cmd
中敲adb shell
回车即可进入环境。
ctrl+c或exit
退出环境。
也可以不进入环境,这时需要加上前缀adb shell
C:\Users\Administrator>adb shell
oxygen:/ $ exit
C:\Users\Administrator>
查找进程属于32位还是64位
64系统中会同时存在两个进程——zygote
和zygote64
,分别对应32位和64位应用。所以,要进行App的32/64位检测,只需要看它的父进程是哪个zygote
即可。
C:\Users\Administrator>adb shell
oxygen:/ $ ps|grep zygote
root 741 1 2170796 29804 poll_sched 0000000000 S zygote64
root 742 1 1607068 29188 poll_sched 0000000000 S zygote
oxygen:/ $ ps|grep 742
root 742 1 1607068 29188 poll_sched 0000000000 S zygote
u0_a283 1981 742 2140256 331016 SyS_epoll_ 0000000000 S com.supercell.brawlstars
从已安装的应用中导出APK包
adb shell pm list packages -3 //输出所有第三方包。
adb shell pm list packages -[option] “qq” // 按照要求搜索包。
adb pull data/app/cn.xx.xx.xx-1.apk hgy413.apk // 导出包
1)找到应用的包名
C:\Users\Administrator>adb shell pm list package "oaapp"
package:com.yy.oaapp
2)找到应用备份包的位置,比如要找com.ludashi.superboost
C:\Users\Administrator>adb shell pm path com.yy.oaapp
package:/data/app/com.yy.oaapp-1/base.apk
3)提取安装包
C:\Users\Administrator>adb pull /data/app/com.yy.oaapp-1/base.apk hgy413.apk
/data/app/com.yy.oaapp-1/base.apk: 1 file pulled. 16.4 MB/s (34796790 bytes in 2.024s)
这里是把base.apk
导出到电脑上C:\Users\Administrator\hgy413.apk
。不要去手机傻傻的查了。
查看进程中的模块列表
先su
获得root权限,再ps |grep
查找进程ID,最后cat /进程ID/23229/maps
列出所有模块。
C:\Users\Administrator>adb shell
shell@cancro:/ $ su
root@cancro:/ # ps |grep "test"
ps |grep "test"
u0_a111 23229 310 794288 53964 sys_epoll_ b6c8799c S com.example.elfloader_test
root@cancro:/ # cat /proc/23229/maps
cat /proc/23229/maps
12c00000-12e07000 rw-p 00000000 00:04 11850 /dev/ashmem/dalvik-main space (deleted)
12e07000-13007000 rw-p 00207000 00:04 11850 /dev/ashmem/dalvik-main space (deleted)
13007000-1ac00000 ---p 00407000 00:04 11850 /dev/ashmem/dalvik-main space (deleted)
32c00000-32c01000 rw-p 00000000 00:04 11851 /dev/ashmem/dalvik-main space 1 (deleted)
查看是否有读取权限,取出linker
C:\Users\hgy413>adb shell
athene:/ $ cd /system
athene:/system $ ls
ls: ./rfs: Permission denied
app bin build.prop etc fake-libs fonts framework lib lost+found media priv-app recovery-from-boot.p usr vendor xbin
athene:/ $ cd /system/bin
athene:/system/bin $ ls
.......
1|athene:/system/bin $ cp ./linker /sdcard/
1|athene:/system $ cd /sdcard
athene:/sdcard $ ls
20180907_154808.mp4 Music YYPushService com.supercell.brawlstars linker venus
20180907_154939.mp4 My Documents alt_autocycle com.tencent.mobileqq nd yy_video
91 WireLess Noizz amap com.tv.singo null yyhigo
Alarms Notifications backup com.yy.hiyo score.txt yyliveRtcEngineDemo
Android OSSLog backups dianxin snapshot yymobile
AudioEngine Pictures baseoppo.png duowan soda yysdk
DCIM Podcasts cacheDir file_player_out.pcm storage
Download PushSdkDefaultLog com.duowan.mobile hagotv system
LocalVideoInfosNew QQBrowser com.duowan.supervideo hiidosdk tbs
Mob Ringtones com.gokoo.hamo imsdk tencent
Movies Singo com.lulu.lulubox libs testvedio
127|athene:/sdcard $ exit
C:\Users\hgy413>adb pull /sdcard/linker
/sdcard/linker: 1 file pulled. 14.3 MB/s (626360 bytes in 0.042s)
可以看到,不能读到/system中的内容:
athene:/system $ ls
ls: ./rfs: Permission denied
把/system/bin/linker拷到/sdcard下:
1|athene:/system/bin $ cp ./linker /sdcard/
保存的linker文件位于电脑上C:\Users\Administrator\linker
下
修正下,默认是有读权限的,所以直接:
C:\Users\hgy413>adb pull /system/bin/linker C:\Users\hgy413\AppData\Local\
/system/bin/linker: 1 file pulled. 17.6 MB/s (626360 bytes in 0.034s)
即可
VA查看同UID的进程
oxygen:/ $ ps |grep "lulubox"
ps |grep "lulubox"
u0_a449 8403 748 2026580 117116 SyS_epoll_ 0000000000 S com.lulu.lulubox
u0_a449 8517 748 1740840 64248 SyS_epoll_ 0000000000 S com.lulu.lulubox:s
oxygen:/ $ ps |grep u0_a449 //u0_a449 由上一个命令得到
ps |grep u0_a449
u0_a449 8403 748 2056616 115008 SyS_epoll_ 0000000000 S com.lulu.lulubox
u0_a449 8517 748 1741352 64572 SyS_epoll_ 0000000000 S com.lulu.lulubox:s
u0_a449 9530 748 1738964 64532 0000000000 R com.abc.def