Retme的未来道具研究所

世界線の収束には、逆らえない

http://blogs.360.cn/360mobile/2014/03/14/rat-trojan/


http://blogs.360.cn/360mobile/2014/03/06/fakedebuggerd-android-rootkit/


这篇文章获取Context方法是受限的,如果你是注入或者被加载的jar包就不能使用
http://blog.csdn.net/hyx1990/article/details/7584789

这时候需要更本质上的方法,Client端大多数结构都是放在ActivityThread中的,反射去取

    public static Context getGlobalApplicationContext()
{
    // ActivityThread at = ActivityThread.currentActivityThread();
    //Class clazz  = ReflectionHelper.getClass("android.app.ActivityThread");

    Class[] type = null;
    Object[] args = null;

    Object AT = ReflectionHelper.invokeStaticMethod("android.app.ActivityThread", type, "currentActivityThread", args);

    if (AT!=null) {
        Object appObject =  ReflectionHelper.invokeNonStaticMethod(AT, type,"getApplication", args);

        if (appObject!=null && appObject instanceof Context) {

            return (Context)appObject;

        }
    }

    return null;
}