当前位置: 首页 > news >正文

观察应用宝进程的自启动行为

news 2025/7/15 8:55:49

摘要

观察应用宝进程的自启动行为

自启动方式

触发场景/原理

进程标识

拦截策略

BindService绑定服务

通过bindService()绑定系统/其他应用服务,被杀后重新绑定拉活(高频触发)

:live、:privileged_process0

Service拦截策略(含startService和bindService)

ContentProvider拉活

注册ContentProvider,其他应用访问时自动唤醒

:daemon

ContentProvider广播拦截

AccountManager同步

利用系统账户同步机制定期唤醒(同步间隔≥60秒)

:live

Service拦截策略(含startService和bindService)

Broadcast广播拉活

监听系统广播(如开机、网络变化)或第三方应用广播

主进程

广播拦截

NDK守护进程

Native层fork()子进程监控主进程,通过am startservice拉活

:daemon

Service拦截策略(含startService和bindService)

WebView沙箱拉活

绑定WebView沙箱服务(SandboxedProcessService)间接拉活

:sandboxed_process0

Service拦截策略(含startService和bindService)

MediaRoute媒体路由

通过MediaRoute2ProviderServiceProxy绑定服务(本质仍为bindService)

:live

Service拦截策略(含startService和bindService)

JobScheduler定时任务

利用JobScheduler定时唤醒(Android 5.0+替代方案)

主进程

Service拦截策略(含startService和bindService)

startInstrumentation

Instrumentation测试组件

:daemon

startInStrumentation拦截策略

1. 添加观察点-Process.start()

    AMS启动进程最终都会调用Process.start()方法,通过socket向zygote进程发送创建新进程的请求,例如ProcessList.startProcess新增trace调查

0

import android.os.Debug;@GuardedBy("mService")boolean startProcessLocked(ProcessRecord app, HostingRecord hostingRecord,        int zygotePolicyFlags, boolean disableHiddenApiChecks, boolean disableTestApiChecks,        String abiOverride) {    if (app.isPendingStart()) {        return true;    }    if ("com.tencent.android.qqdownloader".equals(app.info.packageName)            || "com.ayst.helloapptype".equals(app.info.packageName)) {        String callers = Debug.getCallers(10);        Slog.i(TAG, "startProcessLocked " + app.processName, new Throwable());    }

2. 命令强杀应用宝观察自启动行为

adb shell am force-stop com.tencent.android.qqdownloader

3.日志观察应用宝自启动行为

重启静静等应用宝装逼就行了哈

3.1 [bindService后台自启动]com.tencent.android.qqdownloader:live或privileged_process0或sandboxed_process0

开机触发,应用宝后从通知栏划掉应用宝的通知触发,后台随时随地触发,高频触发

2025-07-14 16:24:53.637  1626-3165  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:livejava.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444) 2025-07-14 16:32:49.088  1626-3163  ActivityManager         system_server                        I  startProcessLocked com.google.android.webview:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:0java.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444)

拦截建议

0

3.2 [provider后台自启动]com.tencent.android.qqdownloader:daemon 

​​​​​​​

2025-07-14 16:24:56.506  1626-3060  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.ContentProviderHelper.getContentProviderImpl(ContentProviderHelper.java:581)	at com.android.server.am.ContentProviderHelper.getContentProvider(ContentProviderHelper.java:150)	at com.android.server.am.ActivityManagerService.getContentProvider(ActivityManagerService.java:7223)	at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:2966)	at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)	at android.os.Binder.execTransactInternal(Binder.java:1500)	at android.os.Binder.execTransact(Binder.java:1444)

拦截建议

0

3.3 [startInstrumentation]com.tencent.android.qqdownloader:daemon

startInstrumentation方法用于启动一个Instrumentation组件,通常在测试应用程序时使用。当需要对应用程序进行自动化测试、性能测试或UI测试时,可以通过startInstrumentation方法启动一个Instrumentation组件。这个方法通常由测试框架或测试工具调用,而不是应用程序本身​​​​

2025-07-14 16:32:32.018  1626-1789  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ActivityManagerService.addAppLocked(ActivityManagerService.java:7479)	at com.android.server.am.ActivityManagerService.addAppLocked(ActivityManagerService.java:7410)	at com.android.server.am.ActivityManagerService.startInstrumentation(ActivityManagerService.java:16784)	at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3182)	at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)	at android.os.Binder.execTransactInternal(Binder.java:1500)	at android.os.Binder.execTransact(Binder.java:1444)

0

3.4 [sync]com.tencent.android.qqdownloader:live

AccountManagerService.addAccount的bindService方式

​​​​​​​

2025-07-14 16:32:31.921  1626-10518 ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:livejava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)	at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)	at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)	at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)	at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)	at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:2195)	at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:2115)	at com.android.server.accounts.AccountManagerService$Session.bindToAuthenticator(AccountManagerService.java:5400)	at com.android.server.accounts.AccountManagerService$Session.bind(AccountManagerService.java:5168)	at com.android.server.accounts.AccountManagerService.addAccountAndLogMetrics(AccountManagerService.java:3508)	at com.android.server.accounts.AccountManagerService.addAccount(AccountManagerService.java:3415)	at android.accounts.IAccountManager$Stub.onTransact(IAccountManager.java:726)	at com.android.server.accounts.AccountManagerService.onTransact(AccountManagerService.java:1143)	at android.os.Binder.execTransactInternal(Binder.java:1505)	at android.os.Binder.execTransact(Binder.java:1444)

拦截建议同service的拦截

3.5 [broadcast]com.tencent.android.qqdownloader

​​​​​​​

2025-07-14 16:36:00.138  1626-1689  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloaderjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.BroadcastQueueModernImpl.scheduleReceiverColdLocked(BroadcastQueueModernImpl.java:1026)	at com.android.server.am.BroadcastQueueModernImpl.updateRunningListLocked(BroadcastQueueModernImpl.java:561)	at com.android.server.am.BroadcastQueueModernImpl.updateRunningList(BroadcastQueueModernImpl.java:449)	at com.android.server.am.BroadcastQueueModernImpl.lambda$new$0(BroadcastQueueModernImpl.java:299)	at com.android.server.am.BroadcastQueueModernImpl.$r8$lambda$d79aYiK04-SKNC9AXzRIc2ug0aQ(BroadcastQueueModernImpl.java:0)	at com.android.server.am.BroadcastQueueModernImpl$$ExternalSyntheticLambda12.handleMessage(R8$$SyntheticClass:0)	at android.os.Handler.dispatchMessage(Handler.java:103)	at android.os.Looper.loopOnce(Looper.java:232)	at android.os.Looper.loop(Looper.java:317)	at android.os.HandlerThread.run(HandlerThread.java:85)	at com.android.server.ServiceThread.run(ServiceThread.java:46)

拦截建议

0

3.6 [NDK守护进程拉活]com.tencent.android.qqdownloader:daemon​

2025-07-14 17:45:58.957  1626-1677  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActivityManagerService$LocalService.startProcess(ActivityManagerService.java:19655)at com.android.server.wm.ActivityTaskManagerService$$ExternalSyntheticLambda20.accept(R8$$SyntheticClass:0)at com.android.internal.util.function.pooled.PooledLambdaImpl.doInvoke(PooledLambdaImpl.java:363)at com.android.internal.util.function.pooled.PooledLambdaImpl.invoke(PooledLambdaImpl.java:204)at com.android.internal.util.function.pooled.OmniFunction.run(OmniFunction.java:87)at android.os.Handler.handleCallback(Handler.java:959)at android.os.Handler.dispatchMessage(Handler.java:100)at android.os.Looper.loopOnce(Looper.java:232)at android.os.Looper.loop(Looper.java:317)at android.os.HandlerThread.run(HandlerThread.java:85)at com.android.server.ServiceThread.run(ServiceThread.java:46)

拦截建议

0

3.7 [com.google.android.webview拉活]com.google.android.webview:sandboxed_process0

同bindService拦截​​​​​

2025-07-14 17:57:01.305  1450-2960  ActivityManager         system_server                        I  startProcessLocked com.google.android.webview:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:0                                                                                                    java.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444)

3.8 [MediaRoute拉活]com.tencent.android.qqdownloader:live

本质还是bindService哈

通过MediaRoute2ProviderServiceProxy的bindService方式

​​​​​​​

通过MediaRoute2ProviderServiceProxy的bindService方式01-26 03:00:16.621  7461  7461 I ActivityManager: startProcessLocked com.tencent.android.qqdownloader:live01-26 03:00:16.621  7461  7461 I ActivityManager: java.lang.Throwable01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1697)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2418)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2558)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:2858)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:4278)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:2956)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:12782)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:12729)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:2035)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:1974)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.media.MediaRoute2ProviderServiceProxy.bind(MediaRoute2ProviderServiceProxy.java:243)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.media.MediaRoute2ProviderServiceProxy.onBindingDied(MediaRoute2ProviderServiceProxy.java:312)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:2184)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:2221)

http://www.dtcms.com/a/279287.html

相关文章:

  • Spring Boot启动原理:从main方法到内嵌Tomcat的全过程
  • vue vxe-tree 树组件加载大量节点数据,虚拟滚动的用法
  • 每日mysql
  • # 检测 COM 服务器在线状态
  • 在Linux下git的使用
  • 7.14练习案例总结
  • 渗透第一次总结
  • ThreadLocal内部结构深度解析(Ⅰ)
  • Olingo分析和实践——整体架构流程
  • idea下无法打开sceneBulider解决方法
  • JavaScript书写基础和基本数据类型
  • 关于僵尸进程
  • SwiftUI 全面介绍与使用指南
  • SSM框架学习——day1
  • 爬虫-爬取豆瓣top250
  • webrtc之子带分割下——SplittingFilter源码分析
  • vscode插件之markdown预览mermaid、markmap、markdown
  • 直播推流技术底层逻辑详解与私有化实现方案-以rmtp rtc hls为例-优雅草卓伊凡
  • 当 `conda list` 里出现两个 pip:一步步拆解并卸载冲突包
  • 2025年轨道交通与导航国际会议(ICRTN 2025)
  • 【数据同化案例1】ETKF求解参数-状态联合估计的同化系统(完整MATLAB实现)
  • C#结构体:值类型的设计艺术与实战指南
  • 2025年新能源与可持续发展国际会议(ICNESD 2025)
  • 非正常申请有这么多好处,为什么还要大力打击?
  • TreeSize Free - windows下硬盘空间管理工具
  • 一分钟K线实时数据数据接口,逐笔明细数据接口,分时成交量数据接口,实时五档委托单数据接口,历史逐笔明细数据接口,历史分时成交量数据接口
  • RESTful API 设计规范
  • 为什么资深C++开发者大部分选vector?揭秘背后的硬核性能真相!
  • Nginx配置信息
  • 项目进度图不直观,如何优化展示方式