siberider / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

improve is_dyn_code #98

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Add the following packages to dynamic code loading check:
def is_dyn_code(dx):
    """
        Dynamic code loading is present ?
        :param dx : the analysis virtual machine
        :type dx: a :class:`VMAnalysis` object
        :rtype: boolean
    """
    paths = dx.get_tainted_packages().search_methods("Ldalvik/system/DexClassLoader;", ".", ".")
    if paths != []:
        return True
     paths = dx.get_tainted_packages().search_methods("Ljava/lang/Runtime;", "load", ".")
    if paths != []:
        return True
    paths = dx.get_tainted_packages().search_methods("Ljava/lang/Runtime;", "loadLibrary", ".")
    if paths != []:
        return True
    paths = dx.get_tainted_packages().search_methods("Ljava/lang/ClassLoader", ".", ".")
    if paths != []:
        return True
    paths = dx.get_tainted_packages().search_methods("Ljava/security/SecureClassLoader", ".", ".")
    if paths != []:
        return True
    paths = dx.get_tainted_packages().search_methods("Ljava/net/URLClassLoader", ".", ".")
    if paths != []:
        return True
    return False 

Original issue reported on code.google.com by liadalex82@gmail.com on 3 Jan 2013 at 9:06

GoogleCodeExporter commented 9 years ago

Original comment by anthony....@gmail.com on 3 Jan 2013 at 5:33

GoogleCodeExporter commented 9 years ago
mv load* to is_native_code

Original comment by anthony....@gmail.com on 3 Jan 2013 at 6:04