Notice
Recent Posts
Recent Comments
Link
«   2024/09   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
Tags more
Archives
Today
Total
관리 메뉴

난 정말 최고야 멋있어

게임 가디언 분석2 본문

카테고리 없음

게임 가디언 분석2

n00bh4cker 2020. 4. 10. 18:18

 

root@shamu:/data/local/tmp # ps | wc -l
108  //게임가디언 실행전 프로세스 수
root@shamu:/data/local/tmp # ps | wc -l
116  //게임가디언 실행 후 프로세스 수
root@shamu:/data/local/tmp # ps > beforegg
root@shamu:/data/local/tmp # ps > aftergg
root@shamu:/data/local/tmp # diff beforegg aftergg
--- beforegg
+++ aftergg
@@ -67,21 +67,21 @@
root 1457 1 12088 1644 00000000 b769a0f5 S /system/bin/lmkd
system 1458 1 10244 1012 00000000 b766dfb6 S /system/bin/servicemanager
root 1459 1 19936 3228 ffffffff b7618581 S /system/bin/vold
-system 1460 1 57632 6236 ffffffff b76c20f5 S /system/bin/surfaceflinger
-root 1465 1 23168 2128 ffffffff b7625581 S /system/bin/netd
+system 1460 1 81932 6220 ffffffff b76c20f5 S /system/bin/surfaceflinger
+root 1465 1 23168 2120 ffffffff b7625581 S /system/bin/netd
root 1466 1 11016 1492 00000000 b767a273 S /system/bin/debuggerd
radio 1467 1 18640 2608 ffffffff b76e3581 S /system/bin/rild
drm 1468 1 26224 5680 ffffffff b7679fb6 S /system/bin/drmserver
media 1469 1 141532 24688 ffffffff b7602fb6 S /system/bin/mediaserver
install 1470 1 10260 1180 00000000 b77365d6 S /system/bin/installd
keystore 1471 1 14232 3012 00000000 b76d1fb6 S /system/bin/keystore
-root 1473 1 978828 100004 ffffffff b74c1b85 S zygote
-system 1760 1473 1112528 152476 ffffffff b74c20f5 S system_server
+root 1473 1 978828 99996 ffffffff b74c1b85 S zygote
+system 1760 1473 1112548 152804 ffffffff b74c20f5 S system_server
u0_a11 1857 1473 1046396 129692 ffffffff b74c20f5 S com.android.systemui
system 1896 1473 992172 71892 ffffffff b74c20f5 S com.android.inputservice
wifi 1979 1 14984 4784 00000000 b74d1b85 S /system/bin/wpa_supplicant
radio 1987 1473 1007696 82924 ffffffff b74c20f5 S com.android.phone
-system 2068 1473 1146376 175956 ffffffff b74c20f5 S com.vphone.launcher
+system 2068 1473 1144752 176748 ffffffff b74c20f5 S com.vphone.launcher
u0_a2 2109 1473 990256 73048 ffffffff b74c20f5 S android.process.acore
dhcp 2125 1 10172 1084 00000000 b769a6f0 S /system/bin/dhcpcd
root 2186 1 9620 516 00000000 080f9b63 S /system/xbin/su
@@ -97,12 +97,19 @@
u0_a8 2824 1473 985088 57452 ffffffff b74c20f5 S com.android.onetimeinitializer
u0_a34 2843 1473 1006856 79608 ffffffff b74c20f5 S com.facebook.lite
u0_a34 2881 1473 999176 70952 ffffffff b74c20f5 S com.facebook.lite:fwkstartlog
-u0_a15 2901 1473 1197224 133284 ffffffff b74c20f5 S com.google.android.play.games
+u0_a15 2901 1473 1195168 133492 ffffffff b74c20f5 S com.google.android.play.games
u0_a14 3109 1473 1059104 94328 ffffffff b74c20f5 S com.android.vending:download_service
u0_a6 3151 1473 1161720 123372 ffffffff b74c20f5 S com.google.android.gms.unstable
u0_a6 3223 1473 1149276 117660 ffffffff b74c20f5 S com.google.android.gms.ui
root 3350 1456 9884 980 00000000 b766af83 S logcat
-system 3540 1473 1000800 80492 ffffffff b74c20f5 S com.android.settings
+system 3540 1473 1000800 80612 ffffffff b74c20f5 S com.android.settings
root 3873 2 0 0 00000000 00000000 S kworker/0:0
root 3936 2 0 0 00000000 00000000 S kworker/1:0
-root 3992 3353 12112 1548 00000000 b761b5d6 R ps
+u0_a83 4015 1473 1053100 131060 ffffffff b74c20f5 S com.y.ktljqcbqzl.dhjhpfm
+u0_a83 4044 4015 9620 520 00000000 080f9ccb S su
+u0_a83 4050 4044 9620 116 00000000 080f9d56 S su
+root 4053 1 9620 116 00000000 080f9ccb S /system/xbin/su
+root 4056 4053 9620 132 00000000 080f9ccb S /system/xbin/su
+root 4057 4056 24100 1740 ffffffff b7196b85 S rrcblmnfljgkpz    //게임가디언 데몬 프로세스로 추정
+root 4061 4057 0 0 00000000 00000000 Z main
+root 4083 3353 12112 1552 00000000 b76995d6 R ps

 

ps 같은 친구들을 제외해도 게임가디언 실행시 분명 한가지 프로세스만 실행되는것이 아니라는것을 알 수 있다

그럼 어떻게 탐지해야할까.. 고민 좀 해봐야겠따