Android 逆向(四) - adb常用逆向命令
本篇文章继续记录下adb 的一些常用逆向命令.
1: adb shell ps
该命令可以查看进程信息.
用法: adb shell ps |grep [pname]
shell
zh@zh:~/workSpace$ adb shell ps
USER PID PPID VSZ RSS WCHAN ADDR S NAME
root 1 0 2189532 3660 0 0 S init
root 2 0 0 0 0 0 S [kthreadd]
root 3 2 0 0 0 0 I [rcu_gp]
root 4 2 0 0 0 0 I [rcu_par_gp]
root 8 2 0 0 0 0 I [mm_percpu_wq]
root 9 2 0 0 0 0 S [ksoftirqd/0]
root 10 2 0 0 0 0 I [rcu_preempt]
root 11 2 0 0 0 0 I [rcu_sched]
root 12 2 0 0 0 0 I [rcu_bh]
root 13 2 0 0 0 0 S [rcuop/0]
root 14 2 0 0 0 0 S [rcuos/0]
root 16 2 0 0 0 0 S [rcuob/0]
root 17 2 0 0 0 0 S [migration/0]
root 18 2 0 0 0 0 S [cpuhp/0]
root 19 2 0 0 0 0 S [cpuhp/1]
root 20 2 0 0 0 0 S [migration/1]
root 21 2 0 0 0 0 S [ksoftirqd/1]
root 23 2 0 0 0 0 I [kworker/1:0H-kblockd]
root 24 2 0 0 0 0 S [rcuop/1]
root 25 2 0 0 0 0 S [rcuos/1]
root 26 2 0 0 0 0 S [rcuob/1]
root 27 2 0 0 0 0 S [cpuhp/2]
root 28 2 0 0 0 0 S [migration/2]
root 29 2 0 0 0 0 S [ksoftirqd/2]
root 31 2 0 0 0 0 I [kworker/2:0H-kblockd]
root 32 2 0 0 0 0 S [rcuop/2]
root 33 2 0 0 0 0 S [rcuos/2]
root 34 2 0 0 0 0 S [rcuob/2]
root 35 2 0 0 0 0 S [cpuhp/3]过滤进程名称:
shell
zh@zh:~/workSpace$ adb shell ps |grep com.sohu.inputmethod.sogou
u0_a434 29729 733 6858060 173656 0 0 S com.sohu.inputmethod.sogou
u0_a434 29968 733 7345116 174220 0 0 S com.sohu.inputmethod.sogou:homepython 用法:
python 执行adb 命令的代码也很简单,如下:
python
import subprocess
subprocess.run(["adb", "shell", "ps |grep com.sohu.inputmethod.sogou"])执行结果:
shell
/usr/bin/python3 /home/zh/workSpace/python/Test1/venv/adb.py
u0_a434 29729 733 6858060 173656 0 0 S com.sohu.inputmethod.sogou
u0_a434 29968 733 7327680 174220 0 0 S com.sohu.inputmethod.sogou:home
Process finished with exit code 02: adb shell top
该命令可以实时查看资源占用情况
用法: adb shell top
shell
Tasks: 744 total, 6 running, 737 sleeping, 0 stopped, 1 zombie
Mem: 7823156K total, 7527928K used, 295228K free, 2592768 buffers
Swap: 4194300K total, 1431156K used, 2763144K free, 3952064K cached
800%cpu 179%user 31%nice 116%sys 451%idle 3%iow 14%irq 5%sirq 0%host
PID USER PR NI VIRT RES SHR S[%CPU] %MEM TIME+ ARGS
31951 u0_a170 10 -10 7.3G 216M 141M R 109 2.8 0:02.01 com.android.mms
29729 u0_a434 20 0 6.5G 166M 150M S 67.0 2.1 59:40.47 com.sohu.input+
1585 system 18 -2 12G 321M 321M S 38.6 4.1 1051:25.3 system_server
1049 system -2 -8 2.6G 17M 13M R 15.0 0.2 510:12.70 surfaceflinger
3855 radio 20 0 6.7G 55M 55M S 9.6 0.7 61:15.16 com.android.ph+
156 root 20 0 0 0 0 S 8.0 0.0 8:42.71 [kswapd0:0]
533 logd 30 10 2.1G 5.8M 2.6M S 7.6 0.0 140:49.31 logd
947 system -3 0 2.2G 5.1M 4.3M S 4.6 0.0 135:51.76 vendor.qti.har+
29120 shell 20 0 2.1G 5.7M 4.3M S 3.3 0.0 0:07.47 adbd --root_se+
31581 root 20 0 0 0 0 I 3.0 0.0 0:00.44 [kworker/u16:1+
549 system 20 0 2.0G 2.5M 2.3M S 3.0 0.0 0:56.66 android.hardwa+
31938 shell 20 0 2.0G 4.4M 3.0M R 2.3 0.0 0:00.37 top
2711 root 19 -1 0 0 0 S 2.3 0.0 91:36.77 [cds_ol_rx_thr+
731 root 20 0 2.3G 3.8M 3.3M S 2.3 0.0 18:27.65 netd
3396 u0_a116 20 0 7.9G 106M 106M S 2.0 1.3 201:44.89 com.android.sy+
22626 u0_a185 20 0 6.1G 110M 94M S 1.6 1.4 0:07.73 com.oppo.userc+
1501 mediacodec 20 0 2.6G 4.2M 4.2M S 1.6 0.0 0:27.59 media.swcodec +
1410 root 30 10 2.0G 5.1M 3.1M S 1.6 0.0 3:56.47 storaged
10841 u0_a179 20 0 5.4G 89M 89M S 1.3 1.1 0:31.45 com.nearme.sta+
^C 730 statsd 20 0 2.1G 2.0M 2.0M S 1.3 0.0 7:27.43 statsd列含义:
- PID(Process ID):进程号
- USER:进程所属用户
- PR(Priority):优先级
- NI(Nice value): 进程优先级的调整值
- VIRT(Virtual Image (kb)):进程使用的虚拟内存大小
- RES(Resident size (kb)):进程使用的物理内存大小
- SHR(Shared memory (kb)):进程使用的共享内存大小
- S(Process Status): 进程状态 R:运行 S:睡眠
- %CPU:当前瞬间占用cpu的百分比
- %MEM:进程使用的内存百分比
- TIME+:进程运行的累计时间
- ARGS:进程的命令名称
3: 查询UID
用法: adb shell dumpsys package |grep userId
shell
zh@zh:~$ adb shell dumpsys package com.sohu.inputmethod.sogou |grep userId
userId=10434