CN107341392A - File hulling method and device in android system - Google Patents

File hulling method and device in android system Download PDF

Info

Publication number
CN107341392A
CN107341392A CN201610284874.3A CN201610284874A CN107341392A CN 107341392 A CN107341392 A CN 107341392A CN 201610284874 A CN201610284874 A CN 201610284874A CN 107341392 A CN107341392 A CN 107341392A
Authority
CN
China
Prior art keywords
intended application
file
executable code
application
running environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610284874.3A
Other languages
Chinese (zh)
Other versions
CN107341392B (en
Inventor
易洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610284874.3A priority Critical patent/CN107341392B/en
Publication of CN107341392A publication Critical patent/CN107341392A/en
Application granted granted Critical
Publication of CN107341392B publication Critical patent/CN107341392B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses the file hulling method in a kind of android system and device, the file hulling method in the android system includes:Obtain the application message of intended application;Start the intended application in the running environment that the intended application is specified, the running status of the intended application started is monitored according to the application message;When the running status of the intended application is decrypted state, executable code file is obtained by structure, the structure is that the executable code of the intended application is loaded onto what running environment was correspondingly formed.File shelling efficiency can be improved using the file hulling method in the android system of the present invention and device.

Description

Android File hulling method and device in system
Technical field
The present invention relates to the file hulling method in Computer Applied Technology field, more particularly to a kind of android system and device.
Background technology
With the rapid development of Computer Applied Technology, it is more and more for the application program designed by android system, programmer is in order to reduce the disk space shared by application program, or, in order to prevent the application program designed by it not to be illegally modified or decompiling, generally can all shell adding be carried out to the executable code file corresponding to application program, to form the shell adding file of application program.
Relative, application program just needs to shell to shell adding file before runtime, so that application program smooth can be run by loading corresponding executable code.
However, existing file hulling method is typically internal memory all transcriptions when application program is run using Android simulator(dump)Get off, then the executable code of application program is found in the internal memory obtained from dump, and then form executable code file, file shelling purpose is reached with this.
This kind of method, which requires a great deal of time, carries out the dump of internal memory, therefore, still suffers from the problem of file shelling efficiency is low.
The content of the invention
Based on this, it is necessary to provide the file hulling method in a kind of android system, methods described can improve file shelling efficiency.
In addition, there is a need to the file hulling device provided in a kind of android system, described device can improve file shelling efficiency.
In order to solve the above-mentioned technical problem, the technical solution adopted in the present invention is:
A kind of file hulling method in android system, including:Obtain the application message of intended application;Start the intended application in the running environment that the intended application is specified, the running status of the intended application started is monitored according to the application message;When the running status of the intended application is decrypted state, executable code file is obtained by structure, the structure is that the executable code of the intended application is loaded onto what running environment was correspondingly formed.
A kind of file hulling device in android system, including:Data obtaining module, to obtain the application message of intended application;Monitoring module, to start the intended application in the running environment specified in the intended application, the running status of the intended application started is monitored according to the application message;File assembles module, when the running status of the intended application is decrypted state, to obtain executable code file by structure, the structure is that the executable code of the intended application is loaded onto what running environment was correspondingly formed.
Compared with prior art, the invention has the advantages that:
To realize that the file of intended application shells, obtain the application message of intended application, start intended application in the running environment that intended application is specified, running state monitoring is carried out to the intended application of startup according to application message, when the running status of intended application is decrypted state, the structure corresponding to running environment is loaded onto by the executable code of intended application and obtains executable code file.
That is, by being monitored to the running status of intended application, the executable code that loaded targets are applied when intended application is in decrypted state is to running environment, and then the structure corresponding to running environment is loaded onto using executable code, it can obtain executable code file, reach the purpose of file shelling with this, avoid full memory when being run in the prior art using Android simulator to intended application and carry out dump, so as to be effectively improved file shelling efficiency.
Brief description of the drawings
A kind of structural representation for mobile terminal that Fig. 1 is provided by the embodiment of the present invention;
Fig. 2 is the flow chart of the file hulling method in the android system of an embodiment;
Fig. 3 is the method flow diagram for the application message that intended application is obtained in Fig. 2;
Fig. 4 is the method flow diagram for the running status for monitoring the intended application started in Fig. 2 according to application message;
Fig. 5 is to obtain the method flow diagram of executable code file according to structure in Fig. 2;
Fig. 5 a are the structural representation of the executable code file of dex forms in Fig. 5;
Fig. 6 is the flow chart of the file hulling method in the android system of another embodiment;
Fig. 7 is the structured flowchart of the file hulling device in the android system of one embodiment;
Fig. 8 is the structured flowchart of data obtaining module in Fig. 7;
Fig. 9 is the structured flowchart of monitoring module in Fig. 7;
Figure 10 is the structured flowchart of file shelling module in Fig. 7;
Figure 11 is the structured flowchart of the file hulling device in the android system of another embodiment.
Embodiment
Embodying the exemplary embodiment of feature of present invention and advantage will describe in detail in the following description.It should be understood that the present invention can have various changes in different embodiments, it is neither departed from the scope of the present invention, and explanation therein and diagram are treated as purposes of discussion in itself, and is not used to the limitation present invention.
Application program provides the user various services by running, and to meet the various requests of user, and the operation of application program will need to carry out the loading of executable code, and perform the executable code that the application program is loaded.
In order to protect the executable code of application program to be not tampered with or decompiling, the executable code file that programmer would generally be formed to executable code carries out shell adding, to form shielded shell adding file, so as to effectively protect the safety of application program.
Relative, shelling is shell adding file is removed " shell " added by it, and so as to obtain executable code file, and then the executable code by running application program ensures the smooth operation of application program.
However, existing file hulling method is by distorting API(Application Programming Interface, application programming interface)The mode of interface, obtain mapping space of the executable code file of application program among internal memory, then the full memory when application program is run under dump after application program loading executable code is completed is to disk, and the mapping space by getting carries out the lookup of executable code file, realize that file shells with this.
This kind of method runs application program by Android simulator, not only require a great deal of time and take substantial amounts of disk storage space, and executable code file relative difficulty is searched in full memory space, because having the executable code file that many non-real executable codes are formed in the full memory space.In addition, in application program running, it is also possible to due to android system or the reason for application program itself, causing executable code to be capped, so as to which executable code file can not be found, cause shelling to fail.
Therefore, in order to improve the success rate of file shelling efficiency and file shelling, spy proposes the file hulling method in a kind of android system, and this method is run on mobile terminal.
A kind of referring to Fig. 1, structural representation for mobile terminal 100 that Fig. 1 is provided by the embodiment of the present invention.The mobile terminal 100 can be smart mobile phone, tablet personal computer, palm PC or other terminal devices for being available for android system to run.
Mobile terminal 100 includes memory 101, storage control 103, one or more(One is only shown in figure)Processor 105, Peripheral Interface 107, radio-frequency module 109, locating module 111, photographing module 113, audio-frequency module 115, Touch Screen 117 and key-press module 119.These components are mutually communicated by one or more communication bus/signal wire 121.
It is appreciated that the structure shown in Fig. 1 is only to illustrate, mobile terminal 100 may also include than more or less components shown in Fig. 1, or have the component different from shown in Fig. 1.Each component shown in Fig. 1 can be realized using hardware, software or its combination.
Wherein, memory 101 can be used for storage software program and module, programmed instruction and module as corresponding to file hulling method and device in the embodiment of the present invention, processor 105 is stored in the programmed instruction in memory 101 by operation, so as to perform various functions and data processing, that is, realize the above-mentioned file hulling method for running on mobile terminal 100.
The carrier that memory 101 stores as resource, can be random storage medium, such as high speed random access memory, nonvolatile memory, such as one or more magnetic storage devices, flash memory or other solid-state memories.Storage mode can be of short duration storage or permanently store.
Peripheral Interface 107 can include an at least wired or wireless network interface, at least a connection in series-parallel translation interface, at least an input/output interface and at least USB interface etc., for outside various input/output devices to be coupled into memory 101 and processor 105, to realize the communication with outside various input/output devices.
Radio-frequency module 109 is used for transceiving electromagnetic ripple, realizes the mutual conversion of electromagnetic wave and electric signal, so as to be communicated by communication network and other equipment.Communication network includes cellular telephone networks, WLAN or Metropolitan Area Network (MAN), and above-mentioned communication network can use various communication standards, agreement and technology.
Locating module 111 is used for the geographical position being currently located for obtaining mobile terminal 100.The example of locating module 111 includes but is not limited to GPS(GPS), location technology based on WLAN or mobile radio communication.
Photographing module 113 is used to shoot photo or video.The photo or video of shooting can be stored to memory 101, can also be sent by radio-frequency module 109.
Audio-frequency module 115 provides a user COBBAIF, and it may include one or more microphone interfaces, one or more speaker interfaces and one or more earphone interfaces.Interacting for voice data is carried out with miscellaneous equipment by COBBAIF.Voice data can be stored to memory 101, can also be sent by radio-frequency module 109.
Touch Screen 117 provides an I/O Interface between mobile terminal 100 and user.Specifically, user can carry out input operation, such as the gesture operation such as click, touch, slip by Touch Screen 117, so that mobile terminal responds to the input operation.Mobile terminal 100 then by word, picture the output content that either any one form of video or combination are formed by Touch Screen 117 to user's display output.
Key-press module 119 includes at least one button, and to provide the interface that user is inputted to mobile terminal 100, user can make mobile terminal 100 perform different functions by pressing different buttons.For example, sound regulating key is available for regulation of user's realization to the wave volume of the broadcasting of mobile terminal 100.
Referring to Fig. 2, in one embodiment, the file hulling method in a kind of android system comprises the following steps:
Step 210, the application message of intended application is obtained.
In the present embodiment, intended application refers in particular to the application program of pending file shelling, and it can run in the android system of mobile terminal.The intended application can interact with user, have visual user interface.For example, chat application is the application program to conversate between multiple users, it has visual user interface, to show session interface to user, passes through session interface and the content to be conversated between multiple users is presented.
The application message of intended application includes but is not limited to the movable component of intended application title, intended application(activity), serviced component(service)With broadcast reception device assembly(receiver)Etc..The application message enables to android system to know the running status of intended application, and then confirms whether the intended application can carry out user's request processing.
Such as, the application message of short message application includes an activity that short message is write to selected contact person, android system can know that work corresponding with the activity has been run in short message application by the startup of the activity, it can further confirm that the request that short message whether can be write to user is handled, i.e., whether can write short message to the contact person that user selectes.
Based on this, by obtaining the application message of intended application, the running status of android system monitoring objective application will be enabled to.
Step 230, start intended application in the running environment that intended application is specified, the running status of the intended application started is monitored according to application message.
Running environment is for the environment of operational objective application, is built for example, the running environment for being available for intended application to specify in android system is virtual machine, wherein, virtual machine can be dalvik virtual machines, can also be ART virtual machines.
Intended application running status present in running environment includes starting, decrypt and running three kinds of states.In other words, after intended application starts in specified running environment, decrypted state, running status will be sequentially entered, so as to finally run in running environment to provide the user various services.
Further, after the application message of intended application is got, android system will be monitored according to application message to the running status of intended application, it is ensured that intended application is in decrypted state, so that file shells.
Step 250, when the running status of intended application is decrypted state, executable code file is obtained by structure, structure is that the executable code of intended application is loaded onto running environment and is correspondingly formed.
After intended application starts in specified running environment, decrypted state will be entered.When intended application is in decrypted state, android system will perform decryption oprerations to intended application, and after completion is performed to the decryption oprerations of intended application, the executable code of intended application is loaded onto into running environment.
Further, executable code due to intended application is being loaded onto after running environment, a structure can be correspondingly formed in running environment, the structure is closely related with the executable code of intended application, therefore, the executable code file for containing executable code can be accessed by the structure, reaches the purpose of file shelling.
Pass through method as described above, realize and the running status residing for intended application is monitored by android system layer, ensure when intended application performs completion decryption oprerations, the structure automation generation executable code file corresponding to running environment is loaded onto by the executable code of intended application, so as to obtain the executable code of intended application, file shelling is completed.
Above-mentioned file hulling method, which no longer requires a great deal of time, carries out the dump of internal memory, and the process of file shelling is carried out when intended application is in decrypted state, avoid the risk that real executable code is capped in intended application running, it ensure that this document hulling method can accurately obtain the real executable code of intended application with this, so as to not only be effectively improved file shelling efficiency, it is ensured that the success rate of file shelling.
Referring to Fig. 3, in one embodiment, step 210 comprises the following steps:
Step 211, the installation kit of intended application is decompressed, obtains global configuration file.
Intended application is can run on to complete the application program of a certain or multinomial particular job in android system, and it can be interacted with user, has visual user interface.
Therefore, intended application includes the data and resource file required for the shell adding file that global configuration file, executable code file shell adding formed and other intended applications.
Wherein, global configuration file enables android system to know which particular job is intended application complete, that is, which user's request is intended application can handle.Shell adding file is to provide the executable code that can be performed in running environment, so that intended application runs on running environment.Other data and resource file are providing the visual user interface with user mutual.
Further, the installation kit of intended application is then to be packed what is obtained to the above included by intended application, for example, the executable program in android system using apk as file suffixes name is the installation kit that can be considered intended application.By being decompressed to the installation kit of intended application, global configuration file in intended application, shell adding file and other data and resource file can be accessed.
Step 213, parsing global configuration file obtains the application message of intended application.
As it was previously stated, global configuration file enables android system to know which particular job is intended application complete, that is, which user's request is intended application can handle.
Based on this, comprised at least in global configuration file:Statement to intended application title, so that android system knows which intended application the global configuration file belongs to;Statement to various assemblies, so that android system knows which user's request is intended application can handle.
Such as, at least to one the service of music can be maintained to be stated in the global configuration file of player application, then android system knows that player application disclosure satisfy that the music backstage playing request of user, i.e. when user leaves player application, still player application is run on backstage, and then cause music still continuing to play.
Therefore, by being parsed to global configuration file, the application message of intended application can be accessed, the application message comprises at least intended application title, activity(Movable component)、service(Serviced component)And receiver(Broadcast reception device assembly)Etc..
Referring to Fig. 4, in one embodiment, step 230 comprises the following steps:
Step 231, by obtaining the movable component of intended application in application message.
Application message comprises at least intended application title, activity(Movable component)、service(Serviced component)And receiver(Broadcast reception device assembly)Etc., by the acquisition of the application message of intended application, that is, obtain the movable component activity of intended application.
Step 233, judge whether the movable component of intended application in running environment starts.
As it was previously stated, the startup for the activity that android system passes through intended application, can know that a certain or multinomial particular job corresponding with activity has been run in intended application, and further confirm whether intended application can carry out user's request processing.
It is appreciated that, if the activity of intended application all starts, then particular job corresponding with activity has been run, show that intended application has been carried out and carry out the preparation that user asks processing, and the executable code of intended application is waited to be implemented in running environment, now, intended application is still in decrypted state.When the executable code of intended application performs in running environment, intended application enters running status, i.e. intended application is operated in running environment, and now, the intended application can be handled user's request in time.
That is, the decrypted state of intended application is roughly divided into three processes:Whole activity to the executable code that intended application execution decryption oprerations, loaded targets are applied to running environment, startup intended application.
Based on this, in the present embodiment, whether the activity by judging intended application in running environment starts to be monitored to the running status of intended application, will be able to ensure that decryption oprerations are completed in intended application executed when intended application is in decrypted state and executable code has been loaded onto in running environment.
Specifically, if judging, the activity for obtaining intended application in running environment all starts, and the running status of intended application is decrypted state, on the contrary, if judging, the activity for obtaining intended application in running environment not yet all starts, and intended application is still in starting state.
Referring to Fig. 5, in one embodiment, step 250 comprises the following steps:
Step 251, when the running status of intended application is decrypted state, as the memory address corresponding to the executable code that intended application is obtained in structure is loaded onto running environment.
When intended application is in decrypted state, executable code has been loaded onto in running environment, i.e., running environment will carry out Memory Allocation for the executable code of loading, so that executable code performs in running environment.As it was previously stated, structure is to be loaded onto what running environment was correspondingly formed in the executable code of intended application, it will be understood that the executable code that intended application is at least preserved in the structure is loaded onto memory address corresponding in running environment.
Based on this, when the executable code of intended application is loaded onto running environment, i.e., the executable code that intended application can be obtained from the structure being correspondingly formed is loaded onto memory address corresponding to running environment.
Step 253, shell fileinfo according to corresponding to obtaining memory address, and assembles shelling fileinfo and obtain executable code file.
With the executable code file of dex forms(Hereinafter simply referred to as dex files)Exemplified by, as shown in Figure 5 a, dex files 400 include dex header informations 410, constant pool information 430 and category information 450.
Each dex file 400 both corresponds to a DexOrJar structure in dalvik virtual machines, saved in the DexOrJar structures corresponding to executable code in dex files 400 be loaded onto memory address corresponding to dalvik virtual machines.
Further, the memory address includes memory address, the memory address of constant pool information 430 and the memory address of category information 450 of dex header informations 410.
Corresponding shelling fileinfo can be acquired in internal memory where dalvik virtual machines by above-mentioned memory address, i.e., corresponding shelling fileinfo includes dex header informations 410, constant pool information 430 and category information 450.
Thus, by being assembled to dex header informations 410, constant pool information 430 and category information 450, that is, dex files 400 are formed, and then obtains the executable code in dex files 400, complete file shelling.
Further, referring to Fig. 6, in one embodiment, before step 251, method as described above is further comprising the steps of:
Step 310, the shell adding file that loaded targets are applied in running environment, the decryption carried out by the Finish Code in shell adding file to shell adding file, obtains executable code.
As it was previously stated, shell adding file is decompressed to obtain by the installation kit of intended application, while what is obtained also has global configuration file and other data and resource file.Started by intended application in running environment, the shell adding file of intended application is loaded in running environment, waits pending decryption oprerations.
Finish Code is then the one section of programmed instruction added in the file header of shell adding file, to indicate android system how shell adding file to be decrypted.It is appreciated that the Finish Code is by being added to executable code file shell adding and corresponding in the file header of shell adding file.Therefore, after shell adding file is obtained, you can extraction draws Finish Code from the file header of the shell adding file.
After extraction draws Finish Code, shell adding file is decrypted by loading the Finish Code in running environment for android system, so as to obtain the executable code of intended application.
Step 330, the loading obtained executable code of decryption is to running environment.
After decryption obtains the executable code of intended application, android system will replace Finish Code with the executable code and be loaded onto in running environment, intended application is run in running environment so that running environment performs the executable code.
It should be noted that, the executable code for decrypting to obtain herein is scattered, not yet form executable code file, only scattered executable code is formed after executable code file, application program can be loaded directly into running next time, so that executable code performs in running environment, startup, decrypting process without undergoing intended application again, this is also exactly the meaning of file shelling.
Step 350, preservation executable code is loaded onto the memory address corresponding to running environment, forms structure.
Running environment is loaded onto in the executable code of intended application, i.e., stores the memory address corresponding to it to form a structure.In other words, the structure corresponds to the executable code of intended application in running environment, and the executable code of intended application can be accessed by the structure, reaches the purpose of file shelling.
Referring to Fig. 7, in one embodiment, the file hulling device in a kind of android system includes:Data obtaining module 510, monitoring module 530 and file shelling module 550.
Wherein, data obtaining module 510 is obtaining the application message of intended application.
Monitoring module 530 monitors the running status of the intended application started according to application message to start intended application in the running environment specified in intended application.
File shells module 550 to when the running status of intended application is decrypted state, and executable code file is obtained by structure, and structure is that the executable code of intended application is loaded onto running environment and is correspondingly formed.
Referring to Fig. 8, in one embodiment, data obtaining module 510 includes:Installation kit decompression units 511 and document analysis unit 513.
Wherein, installation kit decompression units 511 obtain global configuration file to decompress the installation kit of intended application.
Document analysis unit 513 obtains the application message of intended application to parse global configuration file.
Referring to Fig. 9, in one embodiment, monitoring module 530 includes:Component acquiring unit 531 and judging unit 533.
Wherein, component acquiring unit 531 is to the movable component by obtaining intended application in application message.
Judging unit 533 is judging whether the movable component of intended application in running environment starts.If it has, then the running status for judging intended application is decrypted state.
Referring to Fig. 10, in one embodiment, file shelling module 550 includes:Address acquisition unit 551 and file module units 553.
Wherein, when address acquisition unit 551 to the running status of intended application is decrypted state, as the memory address corresponding to the executable code that intended application is obtained in structure is loaded onto running environment.
File module units 553 assembles shelling fileinfo and obtains executable code file to the fileinfo that shelled according to corresponding to memory address acquisition.
Figure 11 is referred to, in one embodiment, device as described above also includes:The code load-on module 630 of Code obtaining module 610 and structure form module 650.
Wherein, Code obtaining module 610 is decrypted to shell adding file by the Finish Code in shell adding file to the shell adding file that loaded targets are applied in running environment, obtains executable code.
Code load-on module 630 decrypts obtained executable code to running environment to load.
Structure forms module 650 and is loaded onto memory address corresponding to running environment to preserve executable code, forms structure.
The above; only presently preferred embodiments of the present invention; it is not intended to limit embodiment of the present invention; those of ordinary skill in the art are according to central scope and spirit of the invention; corresponding flexible or modification can be very easily carried out, therefore protection scope of the present invention should be defined by the protection domain required by claims.

Claims (10)

  1. A kind of 1. file hulling method in android system, it is characterised in that including:
    Obtain the application message of intended application;
    Start the intended application in the running environment that the intended application is specified, the running status of the intended application started is monitored according to the application message;
    When the running status of the intended application is decrypted state, executable code file is obtained by structure, the structure is that the executable code of the intended application is loaded onto what running environment was correspondingly formed.
  2. 2. the method as described in claim 1, it is characterised in that it is described obtain intended application application message the step of include:
    The installation kit of the intended application is decompressed, obtains global configuration file;
    Parse the global configuration file and obtain the application message of the intended application.
  3. 3. the method as described in claim 1, it is characterised in that the step of starting the intended application in the running environment specified in the intended application, the running status of the intended application started is monitored according to the application message includes:
    By obtaining the movable component of the intended application in the application message;
    Judge whether the movable component of intended application described in the running environment starts;
    If it has, then the running status for judging the intended application is decrypted state.
  4. 4. the method as described in claim 1, it is characterised in that described when the running status of the intended application is decrypted state, the step of obtaining executable code file by structure includes:
    When the running status of the intended application is decrypted state, as the memory address corresponding to the executable code that the intended application is obtained in the structure is loaded onto the running environment;
    Shell fileinfo according to corresponding to obtaining the memory address, and assembles the shelling fileinfo and obtain the executable code file.
  5. 5. method as claimed in claim 4, it is characterised in that it is described as the step of memory address corresponding to the executable code that the intended application is obtained in the structure is loaded onto the running environment before, methods described also includes:
    The shell adding file of the intended application is loaded in the running environment, the shell adding file is decrypted by the Finish Code in the shell adding file, obtains the executable code;
    The loading obtained executable code of decryption is to the running environment;
    Preserve the executable code and be loaded onto memory address corresponding to the running environment, form the structure.
  6. A kind of 6. file hulling device in android system, it is characterised in that including:
    Data obtaining module, to obtain the application message of intended application;
    Monitoring module, to start the intended application in the running environment specified in the intended application, the running status of the intended application started is monitored according to the application message;
    File shelling module, when the running status of the intended application is decrypted state, to obtain executable code file by structure, the structure is that the executable code of the intended application is loaded onto what running environment was correspondingly formed.
  7. 7. device as claimed in claim 6, it is characterised in that described information acquisition module includes:
    Installation kit decompression units, to decompress the installation kit of the intended application, obtain global configuration file;
    Document analysis unit, the application message of the intended application is obtained to parse the global configuration file.
  8. 8. device as claimed in claim 6, it is characterised in that the monitoring module includes:
    Component acquiring unit, to by obtaining the movable component of the intended application in the application message;
    Judging unit, to judge whether the movable component of intended application described in the running environment starts;If it has, then the running status for judging the intended application is decrypted state.
  9. 9. device as claimed in claim 6, it is characterised in that the file shelling module includes:
    When address acquisition unit to the running status of the intended application is decrypted state, as the memory address corresponding to the executable code that the intended application is obtained in the structure is loaded onto the running environment;
    File module units, to the fileinfo that shelled according to corresponding to memory address acquisition, and assemble the shelling fileinfo and obtain the executable code file.
  10. 10. device as claimed in claim 9, it is characterised in that described device also includes:
    Code obtaining module, to load the shell adding file of the intended application in the running environment, the shell adding file is decrypted by the Finish Code in the shell adding file, obtains the executable code;
    Code load-on module, obtained executable code is decrypted to the running environment to load;
    Structure forms module, is loaded onto memory address corresponding to the running environment to preserve the executable code, forms the structure.
CN201610284874.3A 2016-04-29 2016-04-29 file unshelling method and device in Android system Active CN107341392B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610284874.3A CN107341392B (en) 2016-04-29 2016-04-29 file unshelling method and device in Android system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610284874.3A CN107341392B (en) 2016-04-29 2016-04-29 file unshelling method and device in Android system

Publications (2)

Publication Number Publication Date
CN107341392A true CN107341392A (en) 2017-11-10
CN107341392B CN107341392B (en) 2019-12-06

Family

ID=60221881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610284874.3A Active CN107341392B (en) 2016-04-29 2016-04-29 file unshelling method and device in Android system

Country Status (1)

Country Link
CN (1) CN107341392B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154011A (en) * 2018-01-12 2018-06-12 广州汇智通信技术有限公司 Hulling method, system, equipment and readable storage medium storing program for executing based on art patterns
CN108846280A (en) * 2018-06-29 2018-11-20 江苏通付盾信息安全技术有限公司 The hulling method and device of application file

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118512A (en) * 2011-03-28 2011-07-06 阮晓迅 Method and system for preventing application program of mobile phone from being cracked
CN103530535A (en) * 2013-10-25 2014-01-22 苏州通付盾信息技术有限公司 Shell adding and removing method for Android platform application program protection
CN104102860A (en) * 2014-08-11 2014-10-15 北京奇虎科技有限公司 Protecting method and running method and device and system for Android platform application program
CN105068932A (en) * 2015-08-25 2015-11-18 北京安普诺信息技术有限公司 Android application program packing detection method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118512A (en) * 2011-03-28 2011-07-06 阮晓迅 Method and system for preventing application program of mobile phone from being cracked
CN103530535A (en) * 2013-10-25 2014-01-22 苏州通付盾信息技术有限公司 Shell adding and removing method for Android platform application program protection
CN104102860A (en) * 2014-08-11 2014-10-15 北京奇虎科技有限公司 Protecting method and running method and device and system for Android platform application program
CN105068932A (en) * 2015-08-25 2015-11-18 北京安普诺信息技术有限公司 Android application program packing detection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
元谷: "Android应用程序通用自动脱壳方法研究", 《HTTPS://MY.OSCHINA.NET/JJYUANGU/BLOG/516646》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154011A (en) * 2018-01-12 2018-06-12 广州汇智通信技术有限公司 Hulling method, system, equipment and readable storage medium storing program for executing based on art patterns
CN108846280A (en) * 2018-06-29 2018-11-20 江苏通付盾信息安全技术有限公司 The hulling method and device of application file
CN108846280B (en) * 2018-06-29 2021-04-02 江苏通付盾信息安全技术有限公司 Application file shelling method and device

Also Published As

Publication number Publication date
CN107341392B (en) 2019-12-06

Similar Documents

Publication Publication Date Title
CN108595970B (en) Configuration method and device of processing assembly, terminal and storage medium
US10614212B1 (en) Secure software containers
US11093981B2 (en) Smart broadcasting device
CN105528229B (en) Improve the method and device that mobile terminal first powers on speed
US8036598B1 (en) Peer-to-peer transfer of files with back-office completion
WO2017198161A1 (en) Network connection method, apparatus, storage medium, and terminal
WO2014198136A1 (en) Method and device for sharing content between different terminals
CN111954051A (en) Method, equipment and system for transmitting video and audio
CN105677335A (en) Method and device for increasing first starting speed of mobile terminal
CN110704202B (en) Multimedia recording data sharing method and terminal equipment
CN104700003B (en) A kind of file shell adding and hulling method, apparatus and system
CN109564598A (en) A kind of endpoint detection methods and terminal
WO2009082901A1 (en) Information control method and equipment in bluetooth device and bluetooth system
US20160246978A1 (en) Electronic Device and Method for Providing DRM Content by Electronic Device
CN108090345B (en) Linux system external command execution method and device
US9241269B1 (en) Method to identify a customer on a Wi-Fi network
CN104811485A (en) Resource sharing method
CN105988925A (en) Method, device and system for testing start-up time of application program
US11741175B2 (en) Performance metrics collection and promulgation from within a mobile application
US10284614B2 (en) Method for downloading contents of electronic device and electronic device thereof
CN107341392A (en) File hulling method and device in android system
US10031734B2 (en) Device and method for generating application package
CN110909319B (en) Application processing method and related product
CN112491956B (en) Upgrading method and device of communication module in Internet of things equipment and computer equipment
CN110471717B (en) Data processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant