本文详细介绍了Android应用在ART环境下的加壳原理,特别是针对指令抽取型壳的FART自动化脱壳工具。FART通过三个步骤实现脱壳:内存中DexFile结构体的dump、主动调用类方法以dump CodeItem、修复被抽取的方法。文章探讨了现有脱壳工具的优缺点,并提出了一种新的主动调用策略,旨在解决指令抽取型壳的脱壳问题。
5381 SamplingProfilerIntegration.start();
5382
5383 // CloseGuard defaults to true and can be quite spammy. We
5384 // disable it here, but selectively enable it later (via
5385 // StrictMode) on debug builds, but using DropBox, not logs.
5386 CloseGuard.setEnabled(false);
5387
5388 Environment.initForCurrentUser();
5389
5390 // Set the reporter for event logging in libcore
5391 EventLogger.setReporter(new EventLoggingReporter());
5392
5393 AndroidKeyStoreProvider.install();
5394
5395 // Make sure TrustedCertificateStore looks in the right place for CA certificates
5396 final File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
5397 TrustedCertificateStore.setDefaultUserDirectory(configDir);
5398
5399 Process.setArgV0("");
5400
5401 Looper.prepareMainLooper();
5402
5403 ActivityThread thread = new ActivityThread();
5404 thread.attach(false);
5405
5406 if (sMainThreadHandler == null) {
5407 sMainThreadHandler = thread.getHandler();
5408 }
5409
5410 if (false) {
5411 Looper.myLooper().setMessageLogging(new
5412 LogPrinter(Log.DEBUG, “ActivityThread”));
5413 }
5414
5415 // End of event ActivityThreadMain.
5416 Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
5417 Looper.loop();
5418
5419 throw new RuntimeException(“Main thread loop unexpectedly exited”);
5420 }
5421}
对于ActivityThread这个类,其中的sCurrentActivityThread静态变量用于全局保存创建的ActivityThread实例,同时还提供了public static ActivityThread currentActivityThread()静态函数用于获取当前虚拟机创建的ActivityThread实例。ActivityThread.main()函数是java中的入口main函数,这里会启动主消息循环,并创建ActivityThread实例,之后调用thread.attach(false)完成一系列初始化准备工作,并完成全局静态变量sCurrentActivityThread的初始化。之后主线程进入消息循环,等待接收来自系统的消息。当收到系统发送来的bindapplication的进程间调用时,调用函数handlebindapplication来处理该请求
private void handleBindApplication(AppBindData data)
最低0.47元/天 解锁文章
扫一扫
341
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
