首页 » 技术分享 » android手机杀毒

android手机杀毒

 

手机杀毒的几种方式:

1. 基于签名的特征码的扫描(hash-md5特征码的扫描)

特征只能查杀已知的病毒,不能查杀未知的病毒。

大概原理:根据病毒数据库进行查杀,病毒库中保存病毒对应的hash,通过比较程序签名和病毒库中的签名判断是否病毒。

补充:各杀毒软件的原理都是相同的,区别主要在于杀毒引擎。

杀毒引擎用于获取硬件上文件的hash码,并依据此hash查询数据库的算法.


2.主动防御

通过监控敏感api进行防御,例如监控以下敏感操作:

更改浏览器主页

注册开机启动的行为

应用程序的内存注入


3.启发式扫描:

根据程序敏感的api 提示风险代码


4.云查杀

利用服务器端的病毒数据库进一步查询可疑程序。

人工智能:引用人工智能算法,即一套复杂的if语句

下面是根据第1种方式实现简单杀毒功能核心程序代码:

package com.alex.mobilesafe.ui;

import java.util.List;

import android.app.Activity;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.graphics.drawable.AnimationDrawable;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.view.MotionEvent;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.ProgressBar;
import android.widget.ScrollView;
import android.widget.TextView;

import com.alex.mobilesafe.util.MD5Encoder;

import com.alex.mobilesafe.R;

public class AntiVirusActivity extends Activity {
	protected static final int STOP = 100;
	private ImageView iv;
	private ProgressBar pb;
	private LinearLayout ll;
	private AnimationDrawable anim;
	private ScrollView sv;
	private SQLiteDatabase db;
	private boolean flagscanning = false;
	private Handler handler = new Handler() {

		@Override
		public void handleMessage(Message msg) {
			super.handleMessage(msg);
			 if(msg.what==STOP){
			     ll.removeAllViews();
				 anim.stop();
				 
				 }
			 String str = (String) msg.obj;
			 TextView tv = new TextView(getApplicationContext());
			 tv.setText(str);
			 ll.setOrientation(LinearLayout.VERTICAL);
			 ll.addView(tv);
			 sv.scrollBy(0, 20);

			System.out.println(str);

		}

	};
	@Override
	public void onCreate(Bundle savedInstanceState) {
		super.onCreate(savedInstanceState);
		setContentView(R.layout.antivirus);
		//antivirus.db 为手机病毒库
		db = SQLiteDatabase.openDatabase("/sdcard/antivirus.db", null,SQLiteDatabase.OPEN_READONLY);
		iv = (ImageView) this.findViewById(R.id.iv);
		//扫描病毒进度条
		pb = (ProgressBar) this.findViewById(R.id.progressBar1);
		ll = (LinearLayout) this.findViewById(R.id.ll);
		//设置ImageView背景资源为动画文件
		iv.setBackgroundResource(R.drawable.anti_anim);
		//sv用来显示病毒的扫描结果
		sv = (ScrollView) this.findViewById(R.id.sv);
		anim = (AnimationDrawable) iv.getBackground();
	}
	
	@Override
	public boolean onTouchEvent(MotionEvent event) {
		//如果程序正在杀毒过程中,拒绝再次启动杀毒线程
		if(flagscanning){
			return false;
		}
		
		//如果用户触摸屏幕,则开启杀毒线程	
		if (event.getAction() == MotionEvent.ACTION_UP) {
			flagscanning= true;
			anim.start();
			new Thread() {
				public void run() {
					// 获取每一个应用程序的签名,签名须与数据库的签名想比较
					List<PackageInfo> infos = getPackageManager()
							.getInstalledPackages(PackageManager.GET_UNINSTALLED_PACKAGES | PackageManager.GET_SIGNATURES);
					//设置进度条的扫描范围
					pb.setMax(infos.size());
					int total = 0;
					int virustotal = 0;//设置初始病毒数为0
					for (PackageInfo info : infos) {
						total++;
						try {
							sleep(20);//只为便于观察扫描效果和进度,无实质作用
						} catch (InterruptedException e) {
							e.printStackTrace();
						}
						Message msg = Message.obtain();
						msg.obj = "正在扫描" + info.packageName;
						handler.sendMessage(msg);
						Signature[] signs = info.signatures;
						String str = signs[0].toCharsString();
						
						String md5 = MD5Encoder.encode(str);
						//将应用程序签名与数据库中保存的签名进行比较,如果相一致,则使病毒数加1,并通过handler在界面显示病毒包名
						Cursor cursor = db.rawQuery("select desc from datable where md5=?",new String[] { md5 });
						if (cursor.moveToFirst()) {
							String desc = cursor.getString(0);
							msg = Message.obtain();
							msg.obj = info.packageName + ": " + desc;
							handler.sendMessage(msg);
							virustotal++;
						}
						cursor.close();
						pb.setProgress(total);

					}
					Message msg = Message.obtain();
					msg.what = STOP;
					msg.obj = "扫描完毕 ,共发现" + virustotal + "个病毒";
					handler.sendMessage(msg);
					flagscanning = false;
					pb.setProgress(0);
				};
			}.start();
		}
		return super.onTouchEvent(event);
	}

	@Override
	protected void onDestroy() {
		if (db.isOpen())
			db.close();
		super.onDestroy();
	}
}
package com.alex.mobilesafe.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class MD5Encoder {
	//获得传入字符串的数据摘要,并通过与操作转化为字符串形式的摘要信息
	public static String encode(String source){
		String result = null;
		try {
			MessageDigest md = MessageDigest.getInstance("md5");
			byte[] output = md.digest(source.getBytes());
			StringBuffer sb = new StringBuffer();
			for(int i=0;i<output.length;i++){
				String s = Integer.toHexString(0xff&output[i]);
				if(s.length()==1){
					sb.append("0"+s);
				}else{
					sb.append(s);
				}
			}
			result= sb.toString();
			
		} catch (NoSuchAlgorithmException e) {
			//since the exception won't never happen , we can process the exception here .
			//In normal case , we should always throw the exception .
			e.printStackTrace();
		}
		return result;
	}
}


运行效果:



转载自原文链接, 如需删除请联系管理员。

原文链接:android手机杀毒,转载请注明来源!

0