Although several months did not update the blog, but the old law has been prepared to share in something. In addition to earlier in the Weibo Android4.2 relevant technologies, this also specially prepared 13 PPT, summarized previously studied things. Content from the Android component design ideas, to the Android source code development and debugging environment to build, to Android-specific drivers and applications architecture. Can be used as "Luo's Android Journey" blog and "Android system source code Scenario Analysis," a book of Guidance, we want to help.
Not to say nonsense, straight into the subject, the following is the contents of this 12 PPT presentation and Download.
1. Android assembly design ideas
Android application development philosophy is to keep everything regarded as a component. The application component of the benefit is to reduce the coupling between modules, while improving the reusability of the module. The biggest difference between Android component design with traditional component design thinking is that the former does not depend on the process. In other words, even if the process was forced to kill the memory is tight, but running on the inside components still exist. This can be used again when the component needs, place full of blood resurrection, as if nothing had happened. This design is ideal for smaller mobile device memory.
Android components to understand the design idea of the Android application framework will have a better understanding. This section speaks Android component design background, philosophy, principles and components of the Android OS level support provided, which also contains an experiment to test this component-based design, you can have a high-level Android system abstract understanding.
Download: http: //download.csdn.net/detail/luoshengyang/6439629
2. Android source code development and debugging environment to build
Android source code development environment compared with the SDK development environment, the advantage is that you can view and debug the system source code, including Java code and C / C ++ code. This is for application development is also very useful because when confronted with incurable diseases can be traced to the development of internal systems to locate problems. For developers involved in C / C ++ code, for example JNI development and security-related development, more suggestions in the Android source code development environment, so you can use gdb and gdbclient tool for debugging.
The PPT is mainly about Android source code download, compile and run, as well as C / C ++, Java code debugging.
Download: http: //download.csdn.net/detail/luoshengyang/6439633
3. Android System Architecture Overview
Android System = Linux kernel + Android runtime.
Android system uses the Linux kernel contains some special drivers, such as Logger, Binder, Ashmem, Wakelock, Low-Memory Killer and Alarm, etc., which form the cornerstone of a dedicated driver Android Android runtime. Android running from bottom to top also includes the HAL layer, application framework layer and application layer. HAL layer is mainly designed to circumvent the GPL, it will be hard drive into kernel space and user space into two parts, two parts of which the user space is used in business-friendly Apache License. Application framework layer including system services, such as component management services, applications, installation services, window management services, multimedia services and telecommunications services. Application Framework further divided into C / C ++ and Java two levels, Java code to run on the Dalvik virtual machine, and through JNI methods and C / C ++ interaction. Application layer mainly consists of four components Activity, Service, Broadcast Receiver and Content Provider constituted, they are the basis for application development.
The PPT from a generic application architecture began outlining the Android system-specific driver, HAL, critical services, Dalvik, window mechanism and the four components. The front of the first one PPT PPT as a continuation of help to learn more about the specific implementation of the Android system.
Download: http: //download.csdn.net/detail/luoshengyang/6439637
4. Android Hardware Abstraction Layer
Android hardware abstraction layer from development to use a clear hierarchy. This level corresponds exactly to the Android system architecture level, it involves down into the Linux kernel, involving up to the application layer services framework, as well as using the application layer to it. Develop Android hardware abstraction layer module itself also follow certain norms. With After this specification, the system can automatically load it convenient to use the upper.
The PPT through a specific example to analyze the development, testing and use of Android hardware abstraction layer, it helps us understand the Android system architecture, but also be able to teach us how to develop C / C ++ code in Android source code environment.
Download: http: //download.csdn.net/detail/luoshengyang/6440375
5. Android-specific driver
Android-specific driver form the cornerstone of Android runtime. Technically speaking, Android-specific driver is the highlight of the entire Android system, especially Binder drive. Binder is an interprocess communication mechanism (IPC), which contrast with the traditional IPC mechanisms, the biggest feature is efficient because communication data between two processes need only be performed once copied. Binder in the Android system which was very widespread and frequent use. When it comes to large communication data, Binder usually combined use another drive Ashmem. Ashmem is a shared memory drive, it is compared with the traditional shared memory, the biggest feature is that it is through the file descriptor to describe, and can dynamically block management. The purpose of the dynamic block management is part of the memory is no longer used can be returned to the system memory is ideal for smaller mobile devices. Another special drive Logger is a log drive, which contrast with the traditional logging system, is characterized by a log is recorded in the kernel space instead of a file, so that you can increase the literacy rate of the log.
The principle of this PPT speak Logger, Binder and Ashmem three Android-specific driver. Because of these three drivers in the Android source code which used very widely and frequently, so understanding their implementation principle, we can grasp the essence of Android. After reading this for the rest of the code of the Android system, but also very helpful.
Download: http: //download.csdn.net/detail/luoshengyang/6439643
6. Android Application Process Management
Android system inside the application process has a feature that they are hosted by the system. In other words, the system needed to create a process and recovery process. Process creation occurs when components are started, they are responsible for creating the Zygote process. Zygote process is a system process init is responsible for starting the first one. In addition, for System Server process is running various system services created by Zygote process. Process recycling occurs when memory is tight, performed by the Low Memory Killer. In addition, component management services ActivityManagerService and window management services WindowManagerService will at the appropriate time to initiate the process of recovery. Each application process according to the operating conditions are given priority when needed recovery process for recycling in accordance with the priority order from low to high.
The PPT speak up and recycle Android application process, mainly related to the Zygote process, System Server processes, and component management services ActivityManagerService, window service WindowManagerService, as well as a dedicated drive Low Memory Killer. By understanding the Android system management for application processes, we can more clearly the operational mechanism of the application.
Download: http: //download.csdn.net/detail/luoshengyang/6439645
7. Android app messaging
Android applications and traditional PC applications, are message-driven. That is, in the main thread Android applications, all functions are performed in a message loop. Android applications other threads may be the same as the main thread, with a message loop. Android application's main thread is a special thread, because it is also the UI thread and a touch screen, keyboard and other input event processing thread. The main thread of the news cycle is very sensitive, in the event of obstruction, it will affect the fluency of the UI, even ANR problems.
The PPT talk Android application thread message loop principle, mainly related to the Handler and Looper two classes, and depending on the usage scenario news cycle, summed up in three thread model. Master Android application message handling mechanism helps us proficient in the use of synchronous and asynchronous programming, improve the operating performance of the program.
Download: http: //download.csdn.net/detail/luoshengyang/6439647
8. Android app distribution and input event handling mechanism
In the Android application, there is a special kind of message that is responsible for interacting with the user, which is a touch screen and keyboard input events. Touch screen and keyboard events are unified by the system input manager InputManager for distribution. That is, InputManager receives input events from the hardware, and then receives an input event to distribute the processing of the current active window. In addition, InputManager can also receive analog input event to simulate events such as the user touches and click. After running the currently active window in the thread receives InputManager distribution over the input event, which will be packaged as an input message, and then to get the focus of the current control handles.
The PPT talk Android app distribution and processing of input events, mainly related to the input management InputManager, enter event monitoring thread InputReader, enter the event dispatch thread InputDispatcher, as well as the application's main thread message loop.
Download: http: //download.csdn.net/detail/luoshengyang/6440247
9. Android application UI framework
Android system is called Surface UI architecture provides user interface applications. In the Android application, each Activity component associated with one or several windows, each window corresponds to a Surface. With this Surface After that, the application can render UI on top of the window. Eventually these have drawn good of Surface will be submitted to the Surface unified management service SurfaceFlinger synthesis, and finally displayed on the screen above. Whether it is an application, or SurfaceFlinger, can take advantage of GPU and other hardware to render the UI in order to obtain smoother UI. In the Android application UI framework, there is an important service WindowManagerService, which is responsible for coordinating a unified management system, all windows, such as managing window size, position, and so open and close.
The PPT speak Surface mechanisms Android applications, elaborated Activity, relationship Window and View, as well as applications, WindowManagerService and SurfaceFlinger done in collaboration UI rendering process.
Download: http: //download.csdn.net/detail/luoshengyang/6439651
10. Android application resource management framework
Android application code and resources mainly composed. Resources are mainly refers to those things associated with the UI, such as the UI layout, strings and pictures. Separate code and resources can make an application at runtime based on the actual need to organize UI. This would make the application needs to compile only once, it can support different UI layout. This feature allows the application at runtime can adapt to different screen sizes and densities, as well as different countries and languages. Resources in the Android application is compiled in the process, will be compiled into a binary format. This is in order to reduce the storage space of the resource, and the resources to accelerate the analytic speed operation. Android applications when running resource manager AssetManager and Resources will be based on the current machine settings, namely screen size, density, orientation, as well as information on national, regional languages, to find the right resources, and parsing, and finally render them on the UI.
The PPT talk Android application resources to compile, package, and find them at runtime, the parsing process. Learn Android application resource management framework, will help us develop better models can fit a variety of applications.
Download: http: //download.csdn.net/detail/luoshengyang/6439653
11. Dalvik virtual machine
Android application is running in the Dalvik virtual machine inside, and each application has a corresponding separate instance of the Dalvik virtual machine. Android applications Dalvik virtual machine instance is actually from Zygote copy from the process's address space, so that you can speed up the startup speed of Android applications. Dalvik virtual machine and the Java virtual machine sharing have similar characteristics, for example, they are interpreted, and supports in-time compilation (JIT), garbage collection (GC), Java native method call (JNI) and Java remote debugging protocol (JDWP) etc., the difference between the two lies in the implementation of the instruction set is not the same, and the former instruction set is the base register, and the instruction set is based on the latter stack.
The PPT speak Dalvik virtual machine memory management, garbage collection, real-time compilation, Java local calls, process and thread management. Dalvik virtual machine to understand the implementation details of the above will help modify the behavior of a program at runtime, for example, to intercept calls to Java functions.
Download: http: //download.csdn.net/detail/luoshengyang/6439657
12. Android Security Mechanism
Android application is running in a sandbox. The sandbox is based on the user ID Linux kernel provides the (UID) and group ID (GID) to achieve. Android application during installation, the installation services PackageManagerService will assign them a unique UID and GID, and the permissions applied depending on the application, giving the other GID. With these UID and GID after the application can only limit access to specific documents, is the general can only access files you created. Furthermore, Android applications when calling the sensitive API, the system checks it did not apply the appropriate permissions in the installation. If you do not apply, then access will be denied. For applications with root privileges, are not subject to the above sandbox restrictions. In addition, applications with root privileges, but also can be injected through the Linux ptrace to other application processes, and system processes, various function call interception.
The plan is to talk about the code PPT packers, injection and interception technology, including:
(1). SO injection. That is the process of injecting a SO from one file to another process by which the injected SO file blocking function can be achieved.
(2). SO packers. The purpose is to increase natural packers others for their C / C ++ code for static reverse difficulty, the key to this technology is able to achieve a pure memory operations of the Linker. In other words, SO decrypted file content is stored in a memory buffer, and then parses and links for the memory buffer, eventually forming a piece of executable code. This process does not produce any document for others to do static analysis.
(3). C / C ++ function GOT interception. By modifying the GOT SO term to achieve the function interception. This technology is characterized by simplicity and stability, but it is inadequate in intercept function for the caller, rather than for the realization of the function itself to be intercepted. So that when we want to intercept a particular function when it is necessary to check all the modules within the process, and then calls the function module objectives related GOT entry to be modified. In addition, if a module is to call the objective function loading technique (dlopen, dlsym) through dynamic SO words, GOT interception on the failure, because the dynamic loading technique does not produce GOT SO items.
(4). C / C ++ function INLINE interception. This approach is directly in front of a few instructions to modify the objective function used to implement blocking technology. INLINE no such GOT interception interception shortcomings, but its implementation will be complicated. Since the vast majority of Android devices are based on ARM architecture, ARM architecture discussed here only C / C ++ function INLINE interception. ARMl architecture is divided into two kinds of ARM and THUMB instruction set, that is, on an Android device running C / C ++ functions are divided into two types of ARM and THUMB. For functions ARM instruction set, to intercept them at least the first 8 bytes need to be modified; for the THUMB instruction set, to intercept them at least the first 12 bytes need to be modified. Whether ARM instruction or THUMB instruction function, we want to modify the first 8 bytes or 12 bytes are easy to hit a jump or a PC-relative addressing instructions, thus the need for instruction relocation. The relocation work is equivalent to heavy and cumbersome, may achieve an ARM and THUMB instruction parsing library job. Unlike X86 INLINE function interception, only the first 5 bytes to function, but almost all of these five bytes of stack-related operations, does not involve jumping or PC-relative addressing instructions.
(5). DEX injection. On the basis of the SO injected to target processes DEX injection is quite simple, you can achieve through DexClassLoader.
(6). DEX packers. DEX packers packers and SO as are required after decryption, pure memory operations can be performed, in the middle do not have any and DEX or ODEX file, otherwise, it would provide an opportunity to do static analysis, thus losing packers purposes.
(7). Java function interception. And C / C ++ function interception relative, Java function to intercept much elegance as all Java functions are performed by the virtual machine. Function Dalvik VM executes Java and Native into two types, which are used to describe the use of Method structure. When a structure is described in the Method is a Java function, it has a member variable pointing to the Java function on the method area. And when a Method structure describes a Native function, it has a member variable points to the address of the Native function. Therefore, the main we can structure a Java Method used to describe the function of modifying the function of a point Native Method structure, you can fool the Dalvik virtual machine to execute our Native specified function, in order to achieve interception.
More than seven technical points covering Android security offensive and defensive foundation. On these bases can not only protect our own code, you can also attack other people's code.
Download: http: //download.csdn.net/detail/luoshengyang/6888251
13. APK anti decompiler
Our APK is actually a ZIP file, which contains a classes.dex, we have compiled all of the generated code is in there, by apktool and other tools they can easily be decompiled into smali code. With these out of the smali decompile the code, we can easily understand others, or use some of the technical APK directly modify someone else's APK. Because of the presence of these anti-compiler tool APK, we desperately hope there is a way to prevent someone to decompile our APK, to protect their trade secrets and interests.
The PPT speak three APK anti-decompile technology: 1) adding an illegal instruction; 2) to hide sensitive code; 3) pseudo APK encryption technology. In addition, also explores more advanced techniques Dex and Native packers to prevent others decompile our APK.
Download: http: //download.csdn.net/detail/luoshengyang/6888253
Original Address http://blog.csdn.net/luoshengyang/article/details/12957169
Not to say nonsense, straight into the subject, the following is the contents of this 12 PPT presentation and Download.
1. Android assembly design ideas
Android application development philosophy is to keep everything regarded as a component. The application component of the benefit is to reduce the coupling between modules, while improving the reusability of the module. The biggest difference between Android component design with traditional component design thinking is that the former does not depend on the process. In other words, even if the process was forced to kill the memory is tight, but running on the inside components still exist. This can be used again when the component needs, place full of blood resurrection, as if nothing had happened. This design is ideal for smaller mobile device memory.
Android components to understand the design idea of the Android application framework will have a better understanding. This section speaks Android component design background, philosophy, principles and components of the Android OS level support provided, which also contains an experiment to test this component-based design, you can have a high-level Android system abstract understanding.
Download: http: //download.csdn.net/detail/luoshengyang/6439629
2. Android source code development and debugging environment to build
Android source code development environment compared with the SDK development environment, the advantage is that you can view and debug the system source code, including Java code and C / C ++ code. This is for application development is also very useful because when confronted with incurable diseases can be traced to the development of internal systems to locate problems. For developers involved in C / C ++ code, for example JNI development and security-related development, more suggestions in the Android source code development environment, so you can use gdb and gdbclient tool for debugging.
The PPT is mainly about Android source code download, compile and run, as well as C / C ++, Java code debugging.
Download: http: //download.csdn.net/detail/luoshengyang/6439633
3. Android System Architecture Overview
Android System = Linux kernel + Android runtime.
Android system uses the Linux kernel contains some special drivers, such as Logger, Binder, Ashmem, Wakelock, Low-Memory Killer and Alarm, etc., which form the cornerstone of a dedicated driver Android Android runtime. Android running from bottom to top also includes the HAL layer, application framework layer and application layer. HAL layer is mainly designed to circumvent the GPL, it will be hard drive into kernel space and user space into two parts, two parts of which the user space is used in business-friendly Apache License. Application framework layer including system services, such as component management services, applications, installation services, window management services, multimedia services and telecommunications services. Application Framework further divided into C / C ++ and Java two levels, Java code to run on the Dalvik virtual machine, and through JNI methods and C / C ++ interaction. Application layer mainly consists of four components Activity, Service, Broadcast Receiver and Content Provider constituted, they are the basis for application development.
The PPT from a generic application architecture began outlining the Android system-specific driver, HAL, critical services, Dalvik, window mechanism and the four components. The front of the first one PPT PPT as a continuation of help to learn more about the specific implementation of the Android system.
Download: http: //download.csdn.net/detail/luoshengyang/6439637
4. Android Hardware Abstraction Layer
Android hardware abstraction layer from development to use a clear hierarchy. This level corresponds exactly to the Android system architecture level, it involves down into the Linux kernel, involving up to the application layer services framework, as well as using the application layer to it. Develop Android hardware abstraction layer module itself also follow certain norms. With After this specification, the system can automatically load it convenient to use the upper.
The PPT through a specific example to analyze the development, testing and use of Android hardware abstraction layer, it helps us understand the Android system architecture, but also be able to teach us how to develop C / C ++ code in Android source code environment.
Download: http: //download.csdn.net/detail/luoshengyang/6440375
5. Android-specific driver
Android-specific driver form the cornerstone of Android runtime. Technically speaking, Android-specific driver is the highlight of the entire Android system, especially Binder drive. Binder is an interprocess communication mechanism (IPC), which contrast with the traditional IPC mechanisms, the biggest feature is efficient because communication data between two processes need only be performed once copied. Binder in the Android system which was very widespread and frequent use. When it comes to large communication data, Binder usually combined use another drive Ashmem. Ashmem is a shared memory drive, it is compared with the traditional shared memory, the biggest feature is that it is through the file descriptor to describe, and can dynamically block management. The purpose of the dynamic block management is part of the memory is no longer used can be returned to the system memory is ideal for smaller mobile devices. Another special drive Logger is a log drive, which contrast with the traditional logging system, is characterized by a log is recorded in the kernel space instead of a file, so that you can increase the literacy rate of the log.
The principle of this PPT speak Logger, Binder and Ashmem three Android-specific driver. Because of these three drivers in the Android source code which used very widely and frequently, so understanding their implementation principle, we can grasp the essence of Android. After reading this for the rest of the code of the Android system, but also very helpful.
Download: http: //download.csdn.net/detail/luoshengyang/6439643
6. Android Application Process Management
Android system inside the application process has a feature that they are hosted by the system. In other words, the system needed to create a process and recovery process. Process creation occurs when components are started, they are responsible for creating the Zygote process. Zygote process is a system process init is responsible for starting the first one. In addition, for System Server process is running various system services created by Zygote process. Process recycling occurs when memory is tight, performed by the Low Memory Killer. In addition, component management services ActivityManagerService and window management services WindowManagerService will at the appropriate time to initiate the process of recovery. Each application process according to the operating conditions are given priority when needed recovery process for recycling in accordance with the priority order from low to high.
The PPT speak up and recycle Android application process, mainly related to the Zygote process, System Server processes, and component management services ActivityManagerService, window service WindowManagerService, as well as a dedicated drive Low Memory Killer. By understanding the Android system management for application processes, we can more clearly the operational mechanism of the application.
Download: http: //download.csdn.net/detail/luoshengyang/6439645
7. Android app messaging
Android applications and traditional PC applications, are message-driven. That is, in the main thread Android applications, all functions are performed in a message loop. Android applications other threads may be the same as the main thread, with a message loop. Android application's main thread is a special thread, because it is also the UI thread and a touch screen, keyboard and other input event processing thread. The main thread of the news cycle is very sensitive, in the event of obstruction, it will affect the fluency of the UI, even ANR problems.
The PPT talk Android application thread message loop principle, mainly related to the Handler and Looper two classes, and depending on the usage scenario news cycle, summed up in three thread model. Master Android application message handling mechanism helps us proficient in the use of synchronous and asynchronous programming, improve the operating performance of the program.
Download: http: //download.csdn.net/detail/luoshengyang/6439647
8. Android app distribution and input event handling mechanism
In the Android application, there is a special kind of message that is responsible for interacting with the user, which is a touch screen and keyboard input events. Touch screen and keyboard events are unified by the system input manager InputManager for distribution. That is, InputManager receives input events from the hardware, and then receives an input event to distribute the processing of the current active window. In addition, InputManager can also receive analog input event to simulate events such as the user touches and click. After running the currently active window in the thread receives InputManager distribution over the input event, which will be packaged as an input message, and then to get the focus of the current control handles.
The PPT talk Android app distribution and processing of input events, mainly related to the input management InputManager, enter event monitoring thread InputReader, enter the event dispatch thread InputDispatcher, as well as the application's main thread message loop.
Download: http: //download.csdn.net/detail/luoshengyang/6440247
9. Android application UI framework
Android system is called Surface UI architecture provides user interface applications. In the Android application, each Activity component associated with one or several windows, each window corresponds to a Surface. With this Surface After that, the application can render UI on top of the window. Eventually these have drawn good of Surface will be submitted to the Surface unified management service SurfaceFlinger synthesis, and finally displayed on the screen above. Whether it is an application, or SurfaceFlinger, can take advantage of GPU and other hardware to render the UI in order to obtain smoother UI. In the Android application UI framework, there is an important service WindowManagerService, which is responsible for coordinating a unified management system, all windows, such as managing window size, position, and so open and close.
The PPT speak Surface mechanisms Android applications, elaborated Activity, relationship Window and View, as well as applications, WindowManagerService and SurfaceFlinger done in collaboration UI rendering process.
Download: http: //download.csdn.net/detail/luoshengyang/6439651
10. Android application resource management framework
Android application code and resources mainly composed. Resources are mainly refers to those things associated with the UI, such as the UI layout, strings and pictures. Separate code and resources can make an application at runtime based on the actual need to organize UI. This would make the application needs to compile only once, it can support different UI layout. This feature allows the application at runtime can adapt to different screen sizes and densities, as well as different countries and languages. Resources in the Android application is compiled in the process, will be compiled into a binary format. This is in order to reduce the storage space of the resource, and the resources to accelerate the analytic speed operation. Android applications when running resource manager AssetManager and Resources will be based on the current machine settings, namely screen size, density, orientation, as well as information on national, regional languages, to find the right resources, and parsing, and finally render them on the UI.
The PPT talk Android application resources to compile, package, and find them at runtime, the parsing process. Learn Android application resource management framework, will help us develop better models can fit a variety of applications.
Download: http: //download.csdn.net/detail/luoshengyang/6439653
11. Dalvik virtual machine
Android application is running in the Dalvik virtual machine inside, and each application has a corresponding separate instance of the Dalvik virtual machine. Android applications Dalvik virtual machine instance is actually from Zygote copy from the process's address space, so that you can speed up the startup speed of Android applications. Dalvik virtual machine and the Java virtual machine sharing have similar characteristics, for example, they are interpreted, and supports in-time compilation (JIT), garbage collection (GC), Java native method call (JNI) and Java remote debugging protocol (JDWP) etc., the difference between the two lies in the implementation of the instruction set is not the same, and the former instruction set is the base register, and the instruction set is based on the latter stack.
The PPT speak Dalvik virtual machine memory management, garbage collection, real-time compilation, Java local calls, process and thread management. Dalvik virtual machine to understand the implementation details of the above will help modify the behavior of a program at runtime, for example, to intercept calls to Java functions.
Download: http: //download.csdn.net/detail/luoshengyang/6439657
12. Android Security Mechanism
Android application is running in a sandbox. The sandbox is based on the user ID Linux kernel provides the (UID) and group ID (GID) to achieve. Android application during installation, the installation services PackageManagerService will assign them a unique UID and GID, and the permissions applied depending on the application, giving the other GID. With these UID and GID after the application can only limit access to specific documents, is the general can only access files you created. Furthermore, Android applications when calling the sensitive API, the system checks it did not apply the appropriate permissions in the installation. If you do not apply, then access will be denied. For applications with root privileges, are not subject to the above sandbox restrictions. In addition, applications with root privileges, but also can be injected through the Linux ptrace to other application processes, and system processes, various function call interception.
The plan is to talk about the code PPT packers, injection and interception technology, including:
(1). SO injection. That is the process of injecting a SO from one file to another process by which the injected SO file blocking function can be achieved.
(2). SO packers. The purpose is to increase natural packers others for their C / C ++ code for static reverse difficulty, the key to this technology is able to achieve a pure memory operations of the Linker. In other words, SO decrypted file content is stored in a memory buffer, and then parses and links for the memory buffer, eventually forming a piece of executable code. This process does not produce any document for others to do static analysis.
(3). C / C ++ function GOT interception. By modifying the GOT SO term to achieve the function interception. This technology is characterized by simplicity and stability, but it is inadequate in intercept function for the caller, rather than for the realization of the function itself to be intercepted. So that when we want to intercept a particular function when it is necessary to check all the modules within the process, and then calls the function module objectives related GOT entry to be modified. In addition, if a module is to call the objective function loading technique (dlopen, dlsym) through dynamic SO words, GOT interception on the failure, because the dynamic loading technique does not produce GOT SO items.
(4). C / C ++ function INLINE interception. This approach is directly in front of a few instructions to modify the objective function used to implement blocking technology. INLINE no such GOT interception interception shortcomings, but its implementation will be complicated. Since the vast majority of Android devices are based on ARM architecture, ARM architecture discussed here only C / C ++ function INLINE interception. ARMl architecture is divided into two kinds of ARM and THUMB instruction set, that is, on an Android device running C / C ++ functions are divided into two types of ARM and THUMB. For functions ARM instruction set, to intercept them at least the first 8 bytes need to be modified; for the THUMB instruction set, to intercept them at least the first 12 bytes need to be modified. Whether ARM instruction or THUMB instruction function, we want to modify the first 8 bytes or 12 bytes are easy to hit a jump or a PC-relative addressing instructions, thus the need for instruction relocation. The relocation work is equivalent to heavy and cumbersome, may achieve an ARM and THUMB instruction parsing library job. Unlike X86 INLINE function interception, only the first 5 bytes to function, but almost all of these five bytes of stack-related operations, does not involve jumping or PC-relative addressing instructions.
(5). DEX injection. On the basis of the SO injected to target processes DEX injection is quite simple, you can achieve through DexClassLoader.
(6). DEX packers. DEX packers packers and SO as are required after decryption, pure memory operations can be performed, in the middle do not have any and DEX or ODEX file, otherwise, it would provide an opportunity to do static analysis, thus losing packers purposes.
(7). Java function interception. And C / C ++ function interception relative, Java function to intercept much elegance as all Java functions are performed by the virtual machine. Function Dalvik VM executes Java and Native into two types, which are used to describe the use of Method structure. When a structure is described in the Method is a Java function, it has a member variable pointing to the Java function on the method area. And when a Method structure describes a Native function, it has a member variable points to the address of the Native function. Therefore, the main we can structure a Java Method used to describe the function of modifying the function of a point Native Method structure, you can fool the Dalvik virtual machine to execute our Native specified function, in order to achieve interception.
More than seven technical points covering Android security offensive and defensive foundation. On these bases can not only protect our own code, you can also attack other people's code.
Download: http: //download.csdn.net/detail/luoshengyang/6888251
13. APK anti decompiler
Our APK is actually a ZIP file, which contains a classes.dex, we have compiled all of the generated code is in there, by apktool and other tools they can easily be decompiled into smali code. With these out of the smali decompile the code, we can easily understand others, or use some of the technical APK directly modify someone else's APK. Because of the presence of these anti-compiler tool APK, we desperately hope there is a way to prevent someone to decompile our APK, to protect their trade secrets and interests.
The PPT speak three APK anti-decompile technology: 1) adding an illegal instruction; 2) to hide sensitive code; 3) pseudo APK encryption technology. In addition, also explores more advanced techniques Dex and Native packers to prevent others decompile our APK.
Download: http: //download.csdn.net/detail/luoshengyang/6888253
Original Address http://blog.csdn.net/luoshengyang/article/details/12957169
没有评论:
发表评论