PMS代理模式检测小改

/ 0评 / 0

原文:

[原创]PMS注册检测实现-『Android安全』-看雪安全论坛
http://bbs.pediy.com/thread-217827.htm

通过Proxy代理的特性可以发现所有被代理的类都是继承Proxy的,根据instanceof Proxy可以进行判断,不过如果去找这个点感觉比较麻烦。在原作者代码的基础上,增加了两行代码即可获取到具体的代理的类路径

public static void watchPMS(Context context) {
        Class<?> activityThreadClass = null;
        try {
            activityThreadClass = Class.forName("android.app.ActivityThread");
            Method currentActivityThreadMethod =
             activityThreadClass.getDeclaredMethod("currentActivityThread");
            Object currentActivityThread = currentActivityThreadMethod.invoke(null);
            // 获取ActivityThread里面原始的sPackageManager
            Field sPackageManagerField = activityThreadClass.getDeclaredField("sPackageManager");
            sPackageManagerField.setAccessible(true);
            Object sPackageManager = sPackageManagerField.get(currentActivityThread);
            if (sPackageManager instanceof Proxy) {
                InvocationHandler invocationHandler = Proxy.getInvocationHandler(sPackageManager);
                String str = invocationHandler.getClass().getName();
                //TODO the str is "io.bunnyblue.android.pmshooker.PmsHookBinderInvocationHandler"
                System.err.println(" found bad pms");
                //TODO sPackageManager is hooked in proxy
            }
            //  sPackageManager.getClass().getDeclaredField("location");
            PackageManager pm = context.getPackageManager();
            if (pm.getClass().getClassLoader().getClass().getName().equals("java.lang.BootClassLoader")) {
                //TODO throw exception,PackageManager should in BootClassLoader
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (NoSuchMethodException e) {
            e.printStackTrace();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        } catch (InvocationTargetException e) {
            e.printStackTrace();
        } catch (NoSuchFieldException e) {
            e.printStackTrace();
        }

    }

发表评论

电子邮件地址不会被公开。 必填项已用*标注