Embodiment 1:
The embodiment of the present invention can provide a kind of embodiment of the method for broadcast safe detection, it should be noted that in attached drawingProcess the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also,Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown orThe step of description.
Embodiment of the method provided by the embodiment of the present application one can be held in mobile terminal or similar communication deviceRow.For running on mobile terminals, Fig. 2 is a kind of for running the shifting of broadcast safe detection method of the embodiment of the present inventionThe hardware block diagram of dynamic terminal.As shown in Fig. 2, mobile terminal 10 may include at one or more (only showing one in figure)(processor 102 can include but is not limited to the processing dress of Micro-processor MCV or programmable logic device FPGA etc. to reason device 102Set), memory 104 for storing data and the transmitting device 106 for communication function.
It will appreciated by the skilled person that structure shown in Fig. 2 is only to illustrate, not to above-mentioned electronic deviceStructure cause to limit.For example, mobile terminal 10 may also include the more perhaps less component than shown in Fig. 2 or haveThe configuration different from shown in Fig. 2.
Memory 104 can be used for storing the software program and module of application software, such as the broadcast in the embodiment of the present inventionCorresponding program instruction/the module of safety detection method and corresponding database data, processor 102 are stored in by operationSoftware program and module in reservoir 104 realize above-mentioned movement thereby executing various function application and data processingThe processing of terminal communications records.Wherein, memory 104 may include high speed random access memory, may also include nonvolatile memory,Such as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, it storesDevice 104 can further comprise the memory remotely located relative to processor 102, these remote memories can be connected by networkIt is connected to mobile terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile radio communicationAnd combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may includeThe wireless network that the communication providers of mobile terminal 10 provide.In an example, transmitting device 106 may include a networkAdapter (Network Interface Controller, NIC), can be connected by base station with other network equipments so as toIt is communicated with internet.In an example, transmitting device 106 is radio frequency (Radio Frequency, RF) module, is usedIn wirelessly being communicated with internet.
Under above-mentioned running environment, this application provides broadcast safe detection methods as shown in Figure 3.Fig. 3 is according to thisThe flow chart of the broadcast safe detection method of inventive embodiments one.
As shown in figure 3, above-mentioned broadcast safe detection method may include that step is implemented as follows:
Step S20 can obtain the source code file and system list of application program by the processor 102 in Fig. 2File.
In conjunction with Fig. 4 it is found that by taking Android android system as an example, the source generation of the application program in the application above-mentioned steps S20Code file can be java source code, and system list file can be AndroidManifest.xml document.Wherein,AndroidManifest.xml document can be may include composition and be answered with definition application and its structure and metadata of componentWith the node of each component (broadcast component including static registration) of program, and each attribute is provided and is answered to explain in detailWith the metadata of program;The source code file of application program can carry out reverse-engineering processing by the installation kit to application programAnd it obtains.
Step S24 can be executed according to broadcast component loophole rule by the processor 102 in Fig. 2 from application programSource code file and system list file in extract externally exposed broadcast component, constitute broadcast component list, wherein broadcastComponent loophole rule is for determining that broadcast component is in the decision condition of external exposed state.
Still by taking Android Android operation system as an example, above-mentioned broadcast component is preparatory chartered radio receiver(Broadcast Receiver).It can be by adding receiver label in system list file, Lai Shixian is in operationStatic registration radio receiver (Broadcast Receiver) in system, without starting application program with prior;It can also answerWith exploitation radio receiver (Broadcast Receiver) is passed through in program, then this class of radio receiver or objectIt is registered in Android operation system to realize dynamic registration radio receiver.
In conjunction with Fig. 4 it is found that the broadcast component in above-described embodiment in broadcast component list can be and not have signature checkThe broadcast component of logic, can be corresponding wide by carrying out to reverse-engineering treated source code file and system list fileRegistration information matching is broadcast to obtain.
Step S26 can be realized by the processor 102 in Fig. 2 based on the broadcast component mould in broadcast component listIntend at least one test broadcast.
In conjunction with Fig. 4 it is found that the simulation process in above-mentioned steps S26 can be realized by sending broadcast module.
Step S28 can send test broadcast to application program by the transmitting device 106 in Fig. 2, obtain broadcast peaceFull monitoring result.Preferably, if detecting that application program does not respond, it is determined that test broadcast is held as a hostage.
In conjunction with Fig. 4, still by taking Android Android operation system as an example, above-mentioned test process can be detection test broadcastExecutive condition after reaching Android device, to obtain Android broadcast safe testing result.Answering in above-mentioned steps S28The process that the application program is not recorded in list of application can be referred to by not responded with program.
The above embodiments of the present application provide the general side that loophole is kidnapped in broadcast in a kind of automatic detection android systemMethod.Since broadcast component plays the role of length of a game's monitor, upon registration, if it is wide to match with broadcast componentIt broadcasts event intent to be broadcast out by application program, will be immediately performed, thus realize that the process of application program is fully automated,I.e. if a matched Intent is broadcasted, application program will start automatically, and the broadcast component of corresponding registration also canIt brings into operation.It follows that in the above embodiments of the present application, it is available after being screened to the broadcast component of registrationIt is broadcasted for these broadcast components by constructing corresponding test with the broadcast component that high risk is held as a hostage, to realize broadcastAutomated testing method, i.e. construction test broadcasts to corresponding application program, if application program does not respond to, with itThe working condition contradiction that can be normally immediately performed, thus solve the prior art can not the current broadcast of detection system whether canProblem is kidnapped by malice, may thereby determine that current test broadcast is corresponding and be robbed with the broadcast component that high risk is held as a hostageIt holds.
Herein it should be noted that step S20 provided by the above embodiments of the present application to step S28 can be mounted withIt is run on the mobile terminal of Android operation system, in implementation process, mobile terminal in the above-described embodiments can be installationClient after Android operation system, by the application by taking Android Android operation system as an example, above-mentioned Fig. 2 and figureEmbodiment shown in 3 realizes static detection process and dynamic testing process, wherein static detection process, which specifically includes that, is inciting somebody to actionIt, can be according to setting in advance after the installation kit of Android application program is converted to java source code collection by reverse Engineering TechnologyDetermine and the broadcast component loophole rule that is stored in rule base screens the broadcast component of dynamic registration and static registration, determines toolThere is high kidnapping risk, the broadcast component list not verified;Dynamic testing process is specifically included that according to the broadcast detectedThe component list, the corresponding Android application program that construction automation of broadcast continuity is sent, according to holding after arrival Android deviceMarket condition, to obtain Android broadcast safe testing result.
The broadcast detection method that Android is provided may include static detection module and dynamic test module, and static detection is logicalIt crosses AndroidManifest.xml document and java source code automatically extracts the component list externally exposed in app;Dynamic test mouldBlock sends exception Intent or URI for exposure the component list of static detection output automatically one by one and executes test, and by defeatedInformation determines whether that there are security risks out.Detection system detailed process is as follows:
Compared to existing manual method for digging, scheme provided by the present application has a highly effective, whole process automatically completes,Without installation and operation application, and the advantage that accuracy is high.
In the scheme that the above embodiments of the present application one provide, obtaining for step S20 realization can be implemented by the following stepsTake the source code file of application program and the scheme of system list file:
Step S201 reads the installation file of application program.Installation file in step S201 can be a compressionPacket document APK.
Step S203, the installation file of decompression applications program obtain class file collection and binary system inventory.It can adoptAbove-mentioned APK document is decompressed with 7z.exe, contains binary system inventory (i.e. in the file after decompressionAndroidManifest.xml binary documents) and the files such as class file collection (i.e. classes.dex).
Step S205 carries out decompiling to class file collection using reversal technique, generates the source code file of application program, andBinary system inventory is converted into system list file.
Reversal technique may include a variety of implementation methods such as dis-assembling, decompiling, and the application can use the side of decompilingFormula obtains the source code file of application program.
Herein it should be noted that in Android operation system, since AndroidManifest.xml is using softThe core configuration document of part app, the details of most of component for defining application software app, the application can pass throughAndroidManifest.xml binary documents are converted to visual XML document by java program AXMLPrinter2.jar;In addition, classes.dex is the binary file after the conversion of app compilation of source code, and it can be by dex2jar, jad.exe etc. canDecompiling generates java source code.
It is detailed with regard to combining Fig. 5 to carry out the source code file of above-mentioned acquisition application program and the process of system list file belowIt describes in detail bright.
The reverse module of APK is the primary and crucial step of Android application static analysis, input Android application peaceDress packet, exports java source code.APK reverse process is divided into that APK unpacking, dex2jar, jar are unpacked and batch decompiling,As shown in figure 5, specific steps are as follows:
Firstly, decompressing APK packet after the APK installation kit of input Android app, classes.dex text is obtainedPart.Decompression procedure can be completed by 7z.exe herein.
It is then possible to generate java using the programs decompiling classes.dex file such as dex2jar program, jad.exeCode.The step may include: classes.dex to be first converted to jar file, then decompress jar file, obtain class classFile set.
Finally, batch decompiling class class file is to java source file set.
In addition, it is also necessary to by AXMLPrinter2.jar Program transformation AndroidManifest.xml document, generateXML document.
In the above embodiments of the present application, broadcast component BroadcastReceiver can be infused using two waysVolume: static registration and dynamic registration.
Wherein, static registration mode is to define receiver inside the application of AndroidManifest.xmlAnd it is arranged and wants received action.No matter static registration mode changes whether application program is in active state, can all be supervisedIt listens.
<receiver android:name=" MyReceiver ">
<intent-filter>
<action android:name=" MyReceiver_Action "/>
</intent-filter>
</receiver>
Wherein, MyReceiver is the class for inheriting BroadcastReceiver, has rewritten onReceiver method, andBroadcast is handled in onReceiver method.Filter is arranged in<intent-filter>label, and it is wide to receive specified actionIt broadcasts.
Dynamic registration mode is registered by calling a function to inside activity.One parameter is receiver, anotherA is IntentFilter, wherein the inside is to want received action.Dynamic registration mode is after being registered in code, byThis, after closing application program, with regard to no longer being monitored.
MyReceiver receiver=new MyReceiver ();
// creation filter, and specified action, are allowed to for receiving the broadcast with action
IntentFilter filter=new IntentFilter (" MyReceiver_Action ");
// registration radio receiver
registerReceiver(receiver,filter);
Analysis is it is found that since broadcast component BroadcastReceiver can use static registration and two kinds of dynamic registrationMode can have externally exposed broadcast component in the broadcast component set of both logon modes registration, need to illustrate herein, the component that component refers to app opening access authority is exposed, third party app can be to it without any special access rightIt accesses.Exposure component is the entrance of application program app, and malicious third parties app can pass through entrance malice starting appThe illegal operations such as the page, input data, starting service.
Therefore, it in the above embodiments of the present application, can be executed by any one or more following mode according to broadcast groupPart loophole rule extracts the step of broadcast component externally exposed from the source code file of application program and system list file,Preset broadcast component loophole rule can be according to any one or more following mode i.e. in the above embodiments of the present applicationSuccessively detected that (this method can carry out regulation leakage in terms of AndroidManifest.xml document and java source code twoHole rule).
Loophole regular fashion one: extracting the broadcast component without signature verification from the source code file of application program,The broadcast component externally exposed.
Aforesaid way one is described in detail by taking Android operation system as an example:
Android platform provides the Authority Verification mechanism of part broadcast component, and broadcast component may include "Normal ", " dangerous ", " signature ", " signatureOrSystem ", wherein only " signature ", "Both broadcast components of signatureOrSystem " have the function of signature verification, and therefore, extraction does not have signature verificationBroadcast component, the broadcast component as possible potential threat are saved to broadcast component list.
Loophole regular fashion two: it is extracted from the source code file of application program and system class progress dynamic registration is not usedBroadcast component, the broadcast component externally exposed.
Aforesaid way two is described in detail by taking Android operation system as an example:
Since Android platform provides the broadcast component of dynamic registration, due to using LocalBroadcastManagerThe broadcast component registered is only limitted to current process, has the risk being potentially held as a hostage, therefore basisThe Broadcast Receiver of the registerReceiver method registration of LocalBroadcastManager will be mentionedTake, as matched and searched to the broadcast component of dynamic registration save to above-mentioned broadcast component list.
The scheme of aforesaid way one and the offer of mode two is analyzed it is found that for carrying out the wide of dynamic registration in the applicationComponent Broadcast Receiver is broadcast, judgement is executed according to following logic in java source code:
If defining Intent filter object, contain the predefined action of nonsystematic;Pass through in codeRegisterReceiver interface dynamic registration broadcast component, except following two categories broadcast component belongs to, there is no the risk feelings of exposureCondition, other broadcast components all have externally exposed risk: one is registered by system class LocalBroadcastManagerBroadcast Receiver, effect be only limitted in current process;Another kind is that registerReceiver interface has addedPermission verification.
Loophole regular fashion three: the label and/or attribute value of the broadcast component of static registration in detection system inventory file,It extracts label and/or attribute value meets the broadcast component of preset condition as externally exposed broadcast component.
Aforesaid way three is described in detail by taking Android operation system as an example: the source the java generation obtained by reading decompilingWhether the content of text of code file, matching mention if having containing the code characteristic for meeting preset label and/or attribute valueTake the information of corresponding dynamic assembly Broadcast Receiver.For example, exported, permission can be comprehensively consideredWith labels and the attribute such as intent-filter, the exposure component of app is detected.
The process whether the broadcast component Broadcast Receiver of detection static registration as shown in FIG. 6 externally exposesIn, comprehensively consider and has existed simultaneously exported and permission attribute or intent filter label and permissionExposure when attribute.Specific detection process is as follows:
Step S501 obtains the definition file of the broadcast component of current static registration.
Step S502 judges whether the definition file of the broadcast component includes exported label, if comprising enteringOtherwise step S503 is transferred to step S505.
Step S503 judges the attribute value of exported label, if the attribute value of the exported label is false,The broadcast component that then determining current static is registered is non-exposed component, otherwise, if the attribute value of the exported label isTure then enters step S504.
Step S504, judge the broadcast component definition file whether and meanwhile comprising permission attribute, if comprisingThen determine broadcast component register of current static as non-exposed component, otherwise, the broadcast component that expression current static is registered asExposed component.Permission attribute in the step is nonsystematic permission and the customized power that addition signature is protected substantiallyLimit.
Step S505 judges whether the definition file of the broadcast component includes intent filter label, if comprising,S506 is then entered step, otherwise, it determines the broadcast component that current static is registered is non-exposed component.Intent hereinFilter label is non-application software app homepage AUCHER Activity.
Step S506, judge the broadcast component definition file whether and meanwhile comprising permission attribute, if comprisingThen determine broadcast component register of current static as non-exposed component, otherwise, the broadcast component that expression current static is registered asExposed component.
Herein it should be further noted that above-mentioned three kinds of regular fashions provided by the present application can choose it is one of,Two or three of broadcast component externally exposed applied to extraction can be successively in the application process that three kinds of modes all useThe process extracted using three kinds of mode sequences, the sequence of extraction of these three modes can carry out any combination, and the application existsThis is without limitation.
It can be executed by any one or more following mode according to broadcast component loophole rule from the source of application programThe step of broadcast component externally exposed is extracted in code file and system list file, i.e., in the above embodiments of the present application in advanceThe broadcast component loophole rule of setting can successively be detected according to any one or more following mode.
Preferably, in the implementation process of the above embodiments of the present application, step S28 sends test broadcast to application program, obtainsTaking broadcast safe monitoring result may include that process is implemented as follows:
Firstly, sending test broadcast to application program.
It is then detected that in application process list whether include application program process, wherein if detecting application processIt include the process of application program in list, broadcast safe monitoring result is test broadcast safe, if detecting that application process arrangesThe process of application program is not included in table, then broadcast safe monitoring result is that test broadcast is held as a hostage.
Herein it should be noted that above scheme realizes the broadcast component for each exposure, transmission can be passed throughThe corresponding broadcast of the broadcast component is worked as to application program by being tested the result that application program app is responded thereto to testWhether preceding broadcast component is to have the component of risk loophole herein also it should be further noted that the above embodiments of the present applicationIn, simulating the step of at least one test is broadcasted according to the broadcast component in broadcast component list can be real in the following wayIt is existing: to obtain and each matched source code text information of broadcast component in broadcast component list;Made using source code text informationThe corresponding broadcast of broadcast component is constructed for the target object of broadcast, generates test broadcast.
For example, sending module can send building by the way of adb instruction after screening obtains broadcast component listTest be broadcast to application program (such as: adb am broadcast a component Name d broadcasted content), to further pass throughThe response results of application software are detected to determine whether test broadcast is held as a hostage.
In summary, in the Android Android operation system in embodiment one provided by the present application, detection is kidnapped in broadcast canTo be divided into three parts, first part can carry out reverse-engineering processing by the installation compressed package APK to application program, obtainThe source code (i.e. java source code set) and system list file of application program (i.e. broadcast by registrationAndroidManifest.xml file);Second part, the static broadcast component and dynamic for obtaining filtered application registration are infusedThe broadcast component of volume is filtered the broadcast component of static registration in source code and system list file by rule and mentionsIt takes, obtains broadcast component list;Part III, simulation, which is sent, is broadcast to application program, detection application program reaction.I.e. basis obtainsBroadcast component list name, broadcast message is sent by simulation program and arrives application program, apply in further detection system intoJourney whether there is to verify whether the broadcast of initiation is held as a hostage, and kidnap if it does not exist, then explanation can be initiated broadcast.The function of being realized in above-mentioned application scenarios is applied to be described in detail with regard to a kind of optional embodiment of the application below.
Detection process detailed process is as follows:
Firstly, the APK installation kit of input Android application, and extract the broadcast component in broadcast loophole rule baseLoophole rule, as previously mentioned, the broadcast component loophole rule includes three kinds of modes.
Then, APK installation kit is received by the reverse module of APK, java source code file is converted to by reverse decompilingCollection:
(1), APK installation kit is decompressed, classes.dex file is obtained.
(2), using dex2jar program, classes.dex is converted as jar file.
(3), jar file is decompressed, class class file and its bibliographic structure are obtained.
(4), batch decompiling class class file obtains java source file and its bibliographic structure.
Then, for a unchecked java source file in java source file bibliographic structure, file is opened, and is executedIt operates below:
A, file content is read by row, reads next line (or first trip) content of text, and execute b.
B, (the i.e. loophole regular fashion one, if regular of broadcast component loophole rule 1 in characteristic matching broadcast loophole rule baseMultirow is needed to match, automatic to read subsequent rows text), if correct matching, program code text where recording the broadcast component of registrationSource code lines text in this, and skip to e;Otherwise c is skipped to.
C, (the i.e. loophole regular fashion two, if regular of broadcast component loophole rule 2 in characteristic matching broadcast loophole rule baseMultirow is needed to match, automatic to read subsequent rows text), if correct matching, program code text where recording the broadcast component of registrationSource code lines text in this, skips to e;Otherwise d is skipped to.
D, (the i.e. loophole regular fashion three, if regular of broadcast component loophole rule 3 in characteristic matching broadcast loophole rule baseMultirow is needed to match, automatic to read subsequent rows text), if correct matching, program code text where recording the broadcast component of registrationSource code lines text in this, skips to e;Otherwise d is skipped to.
If e, current line is not end-of-file row, a step is skipped to;Otherwise f is skipped to.
F, the information for obtaining broadcast component for matching carries out detection processing.The test processes process includes that step is implemented as followsIt is rapid: firstly, source code text information recorded in above-mentioned b to e is submitted into the broadcast module constructed automatically, the broadcast moduleBroadcast transmission is constructed into system;Then, it by detection list of application, disappears, illustrates to kidnap successfully in process if applied,At this time, it may be necessary to record the title of current broadcast, otherwise returns and continue to construct broadcast module and detected;Finally, mobile terminal canTo acquire in the presence of the successful broadcast component list of abduction as the final detection result of this system.
In above-described embodiment, the temporary file generated in reverse-engineering treatment process can also be further cleared up, to reduceSystem resource waste.
Embodiment 2:
Fig. 7 is the schematic diagram of according to embodiments of the present invention two broadcast safe detection device.
As shown in fig. 7, the broadcast safe detection device being somebody's turn to do may include: to obtain module 60, screening module 62, analog module64 and test module 66.
Wherein, module 60 is obtained, for obtaining the source code file and system list file of application program;Screening module62, for externally exposure to be extracted from the source code file of application program and system list file according to broadcast component loophole ruleBroadcast component, constitute broadcast component list, wherein broadcast component loophole rule is for determining that broadcast component is in externally sudden and violentThe decision condition of dewiness state;Analog module 64, for simulating at least one test based on the broadcast component in broadcast component listBroadcast;Test module 66 obtains broadcast safe monitoring result for sending test broadcast to application program.
Device provided by the above embodiments of the present application can be run on mobile terminals, in implementation process, in above-mentioned realityApplying the network game client in example can be the mobile terminal being mounted with after Android Android operation system.
It follows that the above embodiments of the present application, which provide broadcast in a kind of automatic detection android system, kidnaps leakageThe fexible unit in hole.Since broadcast component plays the role of length of a game's monitor, upon registration, and if broadcast componentThe broadcast event intent to match is broadcast out by application program, will be immediately performed, to realize the process of application programIt is fully automated, i.e., if a matched Intent is broadcasted, application program will start automatically, correspond to the wide of registrationBroadcasting component can also bring into operation.It follows that carrying out screening it to the broadcast component of registration in the above embodiments of the present applicationAfterwards, the available broadcast component being held as a hostage with high risk, it is wide by constructing corresponding test for these broadcast componentsIt broadcasts, Lai Shixian automation of broadcast continuity test method, i.e. construction test broadcasts to corresponding Android application program, if answeredIt is not responded to program, then the working condition contradiction that can be normally immediately performed with it, thus solving the prior art can not examineWhether the current broadcast for surveying Android android system can kidnap problem by malice, may thereby determine that current test broadcast corresponds toThe broadcast component being held as a hostage with high risk be held as a hostage.
Herein it should be noted that obtaining module 60, screening module 62, simulation mould provided by the above embodiments of the present applicationBlock 64 and test module 66 can be run on mobile terminals, and in implementation process, mobile terminal in the above-described embodiments can be withThe client after being mounted with Android operation system, by the application by taking Android Android operation system as an example, it is above-mentionedFig. 2 and embodiment shown in Fig. 3 realize static detection process and dynamic testing process, wherein static detection process is mainly wrappedIt includes:, can basis after the installation kit of Android application program is converted to java source code collection by reverse Engineering TechnologyIt presets and the broadcast component loophole rule that is stored in rule base screens the broadcast component of dynamic registration and static registration,Determining has high kidnapping risk, the broadcast component list not verified;Dynamic testing process specifically includes that basis detectsBroadcast component list, construction automation of broadcast continuity send corresponding Android application program, according to reach Android deviceExecutive condition afterwards, to obtain Android broadcast safe testing result.
Herein it should be noted that acquisition module 60, screening module 62, analog module that the above embodiments of the present application provide64 and test module 66 and embodiment one in method and step S20 to the step S28 application scenarios having the same that provide, but it is unlimitedIn the example that method provides.And above-mentioned modules can be used as a part of hardware and operate in mobile terminal.
Preferably, above-mentioned apparatus can also include: confirmation module, if for detecting that application program does not respond, reallyFixed test broadcast is held as a hostage.
Preferably, as shown in figure 8, the above-mentioned screening module 62 of the application may include any one or more following extraction mouldBlock:
First extraction module 621, for extracting the broadcast without signature verification from the source code file of application programComponent, the broadcast component externally exposed.
System class progress dynamic is not used for extracting from the source code file of application program in second extraction module 623The broadcast component of registration, the broadcast component externally exposed.
Third extraction module 625, label and/or category for the broadcast component of static registration in detection system inventory fileProperty value, extract label and/or attribute value and meet the broadcast component of preset condition as the broadcast component externally exposed.
Herein it should be noted that being provided in each extraction module and embodiment one that the above embodiments of the present application provideThree kinds of loophole regular fashion application scenarios having the same, but the example of method offer is provided.And above-mentioned modules canMobile terminal is operated in using a part as hardware.
Preferably, as shown in figure 9, the above-mentioned test module 66 of the application may include: sending module 661, detection module663, the first testing result module 665 and the second testing result module 667.
Wherein, sending module 661, for sending test broadcast to application program;Detection module 663, for detecting applicationIn process list whether include application program process;First testing result module 665, if for detecting that application process arrangesIt include the process of application program in table, broadcast safe monitoring result is test broadcast safe;Second testing result module 667 is usedIf in detecting that the process for not including application program in application process list, broadcast safe monitoring result are test broadcast quiltIt kidnaps.
Herein it should be noted that sending module 661, detection module 663, first that the above embodiments of the present application provide are examinedThe corresponding method step provided in survey object module 665 and the second testing result module 667 and embodiment one is having the same to answerWith scene, but it is not limited to the example of method offer.And above-mentioned modules can be used as a part of hardware and operate in movementTerminal.
Preferably, as shown in Figure 10, the above-mentioned analog module 64 of the application may include: sub-acquisition module 641 and generation mouldBlock 643.
Wherein, sub-acquisition module 641, for obtaining and the matched source code text of broadcast component each in broadcast component listThis information;Generation module 643, for generating test broadcast using the corresponding broadcast of source code text information construction broadcast component.
Herein it should be noted that sub-acquisition module 641 and generation module 643 and reality that the above embodiments of the present application provideThe corresponding method step application scenarios having the same provided in example one are provided, but the example of method offer is provided.And it is above-mentionedA part that modules can be used as hardware operates in mobile terminal.
Preferably, as shown in figure 11, the acquisition module 60 in the above embodiments of the present application may include: read module 601,Decompression module 603 and reverse-engineering processing module 605.
Wherein, read module 601, for reading the installation file of application program;Decompression module 603, for decompressingThe installation file of application program obtains class file collection and binary system inventory;Reverse-engineering processing module 605, for usingReversal technique carries out decompiling to class file collection, generates the source code file of application program, and binary system inventory is convertedFor system list file.
Herein it should be noted that read module 601, decompression module 603 and inverse that the above embodiments of the present application provideThe corresponding method step application scenarios having the same provided into project treatment module 605 and embodiment one, but the side of being not limited toThe example that method provides.And above-mentioned modules can be used as a part of hardware and operate in mobile terminal.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodimentThe part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed client, it can be by others sideFormula is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, and only oneKind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine orIt is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual itBetween coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or moduleIt connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unitThe component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multipleIn network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unitIt is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated listMember both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent productWhen, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantiallyThe all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other wordsIt embodies, which is stored in a storage medium, including some instructions are used so that a computerEquipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole orPart steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are depositedReservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program codeMedium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the artFor member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answeredIt is considered as protection scope of the present invention.