Android 逆向(四) - adb常用逆向命令

Android 逆向(四) - adb常用逆向命令

本篇文章继续记录下adb 的一些常用逆向命令.

1: adb shell ps

该命令可以查看进程信息.

用法: adb shell ps |grep [pname]

zh@zh:~/workSpace$ adb shell ps
USER PID PPID VSZ RSS WCHAN ADDR S NAME 
root 1 0 2189532 3660 0 0 S init
root 2 0 0 0 0 0 S [kthreadd]
root 3 2 0 0 0 0 I [rcu_gp]
root 4 2 0 0 0 0 I [rcu_par_gp]
root 8 2 0 0 0 0 I [mm_percpu_wq]
root 9 2 0 0 0 0 S [ksoftirqd/0]
root 10 2 0 0 0 0 I [rcu_preempt]
root 11 2 0 0 0 0 I [rcu_sched]
root 12 2 0 0 0 0 I [rcu_bh]
root 13 2 0 0 0 0 S [rcuop/0]
root 14 2 0 0 0 0 S [rcuos/0]
root 16 2 0 0 0 0 S [rcuob/0]
root 17 2 0 0 0 0 S [migration/0]
root 18 2 0 0 0 0 S [cpuhp/0]
root 19 2 0 0 0 0 S [cpuhp/1]
root 20 2 0 0 0 0 S [migration/1]
root 21 2 0 0 0 0 S [ksoftirqd/1]
root 23 2 0 0 0 0 I [kworker/1:0H-kblockd]
root 24 2 0 0 0 0 S [rcuop/1]
root 25 2 0 0 0 0 S [rcuos/1]
root 26 2 0 0 0 0 S [rcuob/1]
root 27 2 0 0 0 0 S [cpuhp/2]
root 28 2 0 0 0 0 S [migration/2]
root 29 2 0 0 0 0 S [ksoftirqd/2]
root 31 2 0 0 0 0 I [kworker/2:0H-kblockd]
root 32 2 0 0 0 0 S [rcuop/2]
root 33 2 0 0 0 0 S [rcuos/2]
root 34 2 0 0 0 0 S [rcuob/2]
root 35 2 0 0 0 0 S [cpuhp/3]

过滤进程名称:

zh@zh:~/workSpace$ adb shell ps |grep com.sohu.inputmethod.sogou
u0_a434 29729 733 6858060 173656 0 0 S com.sohu.inputmethod.sogou
u0_a434 29968 733 7345116 174220 0 0 S com.sohu.inputmethod.sogou:home

python用法:

python 执行adb 命令的代码也很简单,如下:

import subprocess
subprocess.run(["adb", "shell", "ps |grep com.sohu.inputmethod.sogou"])

执行结果:

/usr/bin/python3 /home/zh/workSpace/python/Test1/venv/adb.py 
u0_a434 29729 733 6858060 173656 0 0 S com.sohu.inputmethod.sogou
u0_a434 29968 733 7327680 174220 0 0 S com.sohu.inputmethod.sogou:home
Process finished with exit code 0

2: adb shell top

该命令可以实时查看资源占用情况

用法: adb shell top

Tasks: 744 total, 6 running, 737 sleeping, 0 stopped, 1 zombie
 Mem: 7823156K total, 7527928K used, 295228K free, 2592768 buffers
 Swap: 4194300K total, 1431156K used, 2763144K free, 3952064K cached
800%cpu 179%user 31%nice 116%sys 451%idle 3%iow 14%irq 5%sirq 0%host
 PID USER PR NI VIRT RES SHR S[%CPU] %MEM TIME+ ARGS 
 31951 u0_a170 10 -10 7.3G 216M 141M R 109 2.8 0:02.01 com.android.mms
 29729 u0_a434 20 0 6.5G 166M 150M S 67.0 2.1 59:40.47 com.sohu.input+
 1585 system 18 -2 12G 321M 321M S 38.6 4.1 1051:25.3 system_server
 1049 system -2 -8 2.6G 17M 13M R 15.0 0.2 510:12.70 surfaceflinger
 3855 radio 20 0 6.7G 55M 55M S 9.6 0.7 61:15.16 com.android.ph+
 156 root 20 0 0 0 0 S 8.0 0.0 8:42.71 [kswapd0:0]
 533 logd 30 10 2.1G 5.8M 2.6M S 7.6 0.0 140:49.31 logd
 947 system -3 0 2.2G 5.1M 4.3M S 4.6 0.0 135:51.76 vendor.qti.har+
 29120 shell 20 0 2.1G 5.7M 4.3M S 3.3 0.0 0:07.47 adbd --root_se+
 31581 root 20 0 0 0 0 I 3.0 0.0 0:00.44 [kworker/u16:1+
 549 system 20 0 2.0G 2.5M 2.3M S 3.0 0.0 0:56.66 android.hardwa+
 31938 shell 20 0 2.0G 4.4M 3.0M R 2.3 0.0 0:00.37 top
 2711 root 19 -1 0 0 0 S 2.3 0.0 91:36.77 [cds_ol_rx_thr+
 731 root 20 0 2.3G 3.8M 3.3M S 2.3 0.0 18:27.65 netd
 3396 u0_a116 20 0 7.9G 106M 106M S 2.0 1.3 201:44.89 com.android.sy+
 22626 u0_a185 20 0 6.1G 110M 94M S 1.6 1.4 0:07.73 com.oppo.userc+
 1501 mediacodec 20 0 2.6G 4.2M 4.2M S 1.6 0.0 0:27.59 media.swcodec +
 1410 root 30 10 2.0G 5.1M 3.1M S 1.6 0.0 3:56.47 storaged
 10841 u0_a179 20 0 5.4G 89M 89M S 1.3 1.1 0:31.45 com.nearme.sta+
^C 730 statsd 20 0 2.1G 2.0M 2.0M S 1.3 0.0 7:27.43 statsd

列含义:

  1. PID(Process ID):进程号
  2. USER:进程所属用户
  3. PR(Priority):优先级
  4. NI(Nice value): 进程优先级的调整值
  5. VIRT(Virtual Image (kb)):进程使用的虚拟内存大小
  6. RES(Resident size (kb)):进程使用的物理内存大小
  7. SHR(Shared memory (kb)):进程使用的共享内存大小
  8. S(Process Status): 进程状态 R:运行 S:睡眠
  9. %CPU:当前瞬间占用cpu的百分比
  10. %MEM:进程使用的内存百分比
  11. TIME+:进程运行的累计时间
  12. ARGS:进程的命令名称

3: 查询UID

用法: adb shell dumpsys package |grep userId

zh@zh:~$ adb shell dumpsys package com.sohu.inputmethod.sogou |grep userId
 userId=10434

本文由博客一文多发平台 OpenWrite 发布!

作者:夏沫琅琊原文地址:https://www.cnblogs.com/zhjing/p/18085814

%s 个评论

要回复文章请先登录注册