替换地方
protected void attachBaseContext(Context base)
base 也可以通过getBaseContext()获取
base.mOuterContext
base.mMainThread.mInitialApplication
base.mMainThread.mAllApplications(ArrayList)
base.mMainThread.mBoundApplication.info.mApplication
base.mMainThread.mBoundApplication.info.mApplicationInfo.className=app_name
或者
base.mMainThread.mBoundApplication.appInfo.className=app_name
base.mMainThread.mBoundApplication.info == base.mPackageInfo (LoadedApk)
base.mMainThread.mBoundApplication.appInfo == base.mPackageInfo.mApplicationInfo (ApplicationInfo)
base.mPackageInfo.mApplication
base.mPackageInfo.mApplicationInfo.className=app_name
Activity,Service,BroadcastReceiver组件,创建时,都是在Application的onCreate方法完成之后进行创建 ;
而ContentProvider是在Application是在attachBaseContext与onCreate之间创建(installContentProviders);
ActivityThread
Application--handleBindApplication(makeApplication)
Activity--handleLaunchActivity(performLaunchActivity)
Service--handleCreateService
BroadcastReceiver--handleReceiver
ContentProvider--handleBindApplication(installContentProviders->installProvider)
相关文章
https://blog.csdn.net/shulianghan/category_10559800.html
【Android 安全】DEX 加密 ( Application 替换....)系列
关于android加固的简单实现------Application替换
https://www.codeleading.com/article/20114156531/
解决ContentProviders方式
用app的application手动去调用installProvider方法,然后把data.providers置空,避免后来系统流程再次调用installProvider,
反射替换的阶段在OnCreate
Application app;
@Override
protected void attachBaseContext(Context base) {
super.attachBaseContext(base);
...
...
app = Reflect.on(loadedApkInfo).call("makeApplication", new Object[]{false, null}).get();
List<ProviderInfo> providers = Reflect.on(getBoundApplication()).field("providers").get();
Log.e("ggg shell", "ggg providers = " + providers);
if (providers != null) {
Reflect.on(currentActivityThread).call("installContentProviders", app, providers);
provider
最低0.47元/天 解锁文章
扫一扫
