diff --git a/README.md b/README.md
index 3e94dec..946396c 100644
--- a/README.md
+++ b/README.md
@@ -33,4 +33,4 @@
     √ 特征so库扫描：通过对比加固特征so库名/路径，判断是否有加固
     √ 校验签名：校验V2签名，判断是否存在Janus漏洞
     √ 密钥泄露：扫描Apk文件内容，匹配是否有密钥字符串
-    √ 反环境检测：扫描Dex文件搜索是否有Root、模拟器检测
+    √ 反环境检测：扫描Dex文件搜索是否有Root、模拟器、反调试检测
diff --git a/ScanAntiByDex.go b/ScanAntiByDex.go
index de44a35..9a32628 100644
--- a/ScanAntiByDex.go
+++ b/ScanAntiByDex.go
@@ -80,6 +80,19 @@ var emulatorStrings = []string{
 	"/dev/qemu_trace",
 }
 
+// 反调试检测
+var DebugStrings = []string{
+	"checkFridaRunningProcesses",          //getSystemService("activity").getRunningServices(300)
+	"checkRunningProcesses",               //"frida-server"、"fridaserver"
+	"checkRunningServices",                //supersu、superuser进程名检测
+	"threadCpuTimeNanos",                  // cpu计算时间差检测是否被调试
+	"TamperingWithJavaRuntime",            //篡改Java运行时
+	"com.android.internal.os.ZygoteInit",  //篡改Java运行时
+	"com.saurik.substrate.MS$2",           //篡改Java运行时
+	"de.robv.android.xposed.XposedBridge", //篡改Java运行时
+	"detectBypassSSL",
+}
+
 func ScanDexAnti(dexData []byte, filePath string) {
 	// 搜索dex文件中是否包含root检测特征字符串
 	for _, str := range rootstringsCommonpaths {
@@ -95,6 +108,13 @@ func ScanDexAnti(dexData []byte, filePath string) {
 			break
 		}
 	}
+	// 搜索dex文件中是否包含运行篡改检测特征函数
+	for _, str := range DebugStrings {
+		if bytes.Contains(dexData, []byte(str)) {
+			fmt.Printf("发现反调试检测特征 [dex]: %s->%s\n", str, filePath)
+			//break //因为包含了反调试、反sslbypass、反java运行篡改 不做直接跳出
+		}
+	}
 }
 
 func ScanAPKAnti(apkpath string) bool {