[Soot-list] Generating Android APK CallFlowGraph
Stefan Gommer
gommer at informatik.uni-bremen.de
Sun Jul 20 05:27:32 EDT 2014
Hi Lokesh,
I did it like this (I skipped the standard soot settings:
private static DotGraph dot = new DotGraph("CallGraph“);
...
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
…
PackManager.v().runPacks();
CallGraph cg = Scene.v().getCallGraph();
visit(cg, entryPoint);
…
dot.plot("/Users/neji/Desktop/graph"+ dot.DOT_EXTENSION);
…
private static void visit(CallGraph cg, SootMethod k)
{
String identifier = k.getName();
visited.put(k.getSignature(), true);
dot.drawNode(identifier);
//iterate over unvisited parents
Iterator<MethodOrMethodContext> ptargets = new Targets(cg.edgesInto(k));
if(ptargets != null){
while(ptargets.hasNext())
{
SootMethod p = (SootMethod) ptargets.next();
if(p == null) System.out.println("p is null");
if(!visited.containsKey(p.getSignature()))
visit(cg,p);
}
}
//iterate over unvisited children
Iterator<MethodOrMethodContext> ctargets = new Targets(cg.edgesOutOf(k));
if(ctargets != null){
while(ctargets.hasNext())
{
SootMethod c = (SootMethod) ctargets.next();
if(c == null) System.out.println("c is null");
dot.drawEdge(identifier, c.getName());
if(!visited.containsKey(c.getSignature()))
visit(cg,c);
}
}
}
Am 20.07.2014 um 09:44 schrieb LOKESH JAIN <lokeshjain92 at gmail.com>:
> I have tried DotGraph class from the soot.util.dot package but it's giving me null pointer exception. Following is the tried code.
>
> I have converted QueueReader object into string as DotGraph takes only string argument. It's getting complicated. Please suggest some simple solution.
>
> import java.io.IOException;
> import java.io.OutputStream;
> import java.util.Collections;
> import java.util.LinkedList;
> import java.util.List;
>
> import org.xmlpull.v1.XmlPullParserException;
>
> import soot.PackManager;
> import soot.Scene;
> import soot.SootMethod;
> import soot.jimple.infoflow.android.SetupApplication;
> import soot.options.Options;
> import soot.util.dot.DotGraphUtility;
> import soot.util.dot.Renderable;
> public class CFG {
> //private static Map options;
> static DotGraph dg;
> public CFG() {
> //this.options=options;
> // TODO Auto-generated constructor stub
>
> }
> /*public DotGraph createSubGraph(String label)
> {
>
> DotGraph createSubGraph = DotGraph.createSubGraph(Scene.v().getCallGraph().listener().toString());
> }*/
> public static void main(String[] args) {
>
> // TODO Auto-generated method stub
>
> SetupApplication app = new SetupApplication("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar","/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk");
>
> try {
>
> app.calculateSourcesSinksEntrypoints("/home/lokesh/Downloads/soot-infoflow-android-develop/SourcesAndSinks.txt");
>
>
> } catch (IOException e) {
>
> // TODO Auto-generated catch block
>
> e.printStackTrace();
>
> } catch (XmlPullParserException e) {
>
> // TODO Auto-generated catch block
>
> e.printStackTrace();
>
> }
>
> soot.G.reset();
>
> Options.v().set_src_prec(Options.src_prec_apk);
>
> Options.v().set_process_dir(Collections.singletonList("/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk"));
> Options.v().set_force_android_jar("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar");
>
> Options.v().set_whole_program(true);
>
> Options.v().set_allow_phantom_refs(true);
>
> Options.v().set_output_format(Options.output_format_none);
>
> Options.v().setPhaseOption("cg.spark verbose:true", "on");
>
> Scene.v().loadNecessaryClasses();
>
> SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
>
> Options.v().set_main_class(entryPoint.getSignature());
>
> Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
>
> System.out.println("............"+entryPoint.getActiveBody());
>
> PackManager.v().runPacks();
>
> System.out.println(Scene.v().getCallGraph().size());
> String label = Scene.v().getCallGraph().listener().toString();
> dg.createSubGraph(label);
> }
> }
>
> import java.io.IOException;
> import java.io.OutputStream;
> import java.util.LinkedList;
> import java.util.List;
>
> import soot.util.dot.DotGraphUtility;
> import soot.util.dot.Renderable;
>
> public class DotGraph implements Renderable
> {
> private boolean isSubGraph;
> private List<Renderable> drawElements;
> private String graphname;
> public DotGraph(String graphname)
> {
> this.drawElements = new LinkedList<Renderable>();
> }
> public DotGraph createSubGraph(String label)
> {
> DotGraph subgraph = new DotGraph(label);
> subgraph.isSubGraph = true;
> this.drawElements.add(subgraph);
> System.out.println(subgraph);
> return subgraph;
> }
> @Override
> public void render(OutputStream out, int indent) throws IOException {
> String graphname = this.graphname;
> if (!isSubGraph) {
> DotGraphUtility.renderLine(out, "digraph \""+graphname+"\" {", indent);
> } else {
> DotGraphUtility.renderLine(out, "subgraph \""+graphname+"\" {", indent);
>
> }
>
> }
> }
>
> Thanks & Regards
> Lokesh
>
>
> On Sat, Jul 19, 2014 at 10:57 PM, Stefan Gommer <gommeriphone at googlemail.com> wrote:
> Hi Lokesh,
>
> you could use the DotGraph class from the soot.util.dot package and build a Graph on your own while traversing through the cfg. I don’t know if there is a method to do this automatically.
>
> Stefan
>
>
> Am 19.07.2014 um 15:16 schrieb LOKESH JAIN <lokeshjain92 at gmail.com>:
>
>> Hi Steven,
>> this Scene.v().getCallgraph().listener() is giving me QueueReader object. But I am not able to create a dot file from it. I have tried dump_cfg and various others options but all are of no help.
>>
>> 1. Please can you tell me how do i print a dot file out of QueueReader object?
>>
>> Also I am getting the call graph size as 54 for the general example apk "RV2013.apk".
>>
>> 2. How come call graph size is 54?
>>
>>
>>
>> On Fri, Jul 18, 2014 at 9:37 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>> Hi Lokesh,
>>
>>
>>
>> You can manually iterate over the callgraph using Scene.v().getCallgraph().listener() and print it out in dot format which should be fairly simple as it is just a QueueReader over the edges. Still, I think Soot can also directly do that, but I have never used the dot visualizer for callgraphs.
>>
>>
>>
>> Afterwards, you can visualize the dot file using GraphViz.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>> Von: LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
>> Gesendet: Freitag, 18. Juli 2014 18:04
>> An: Steven Arzt
>> Cc: Modhi Alsobiehy; soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca; soot-list at googlegroups.com
>>
>>
>> Betreff: Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi,
>>
>> A gentle reminder. Please reply fast. I need it for my research project.
>>
>>
>>
>> Regards
>>
>> Lokesh
>>
>>
>>
>> On Thu, Jul 17, 2014 at 9:21 PM, LOKESH JAIN <lokeshjain92 at gmail.com> wrote:
>>
>> Thanks a lot Steven and Modhi. It worked.
>>
>> It is showing call graph in words. How can I graphically see the call graph for apk files as we see for java files??
>>
>>
>>
>> Regards
>>
>> Lokesh Jain
>>
>>
>>
>> On Thu, Jul 17, 2014 at 6:11 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>>
>> Hi Lokesh,
>>
>>
>>
>> It seems that you are missing the axml-2.0.jar library on your Java classpath.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>> Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Modhi Alsobiehy
>> Gesendet: Donnerstag, 17. Juli 2014 14:39
>> An: LOKESH JAIN
>> Cc: soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca; soot-list at googlegroups.com
>> Betreff: Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi Lokesh,
>>
>>
>>
>> Open the folder of your project and add the call back file into it.
>>
>>
>>
>> -Best,
>>
>> Modhi
>>
>>
>> On Jul 17, 2014, at 12:03 PM, "LOKESH JAIN" <lokeshjain92 at gmail.com> wrote:
>>
>> Hi all,
>>
>> Modhi, I am using your code for generating call graph for apk file. But, I am getting following error
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError: pxb/android/axml/NodeVisitor
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.handle(Unknown Source)
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>> at soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown Source)
>> at soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown Source)
>> at CFG.main(CFG.java:33)
>> Caused by: java.lang.ClassNotFoundException: pxb.android.axml.NodeVisitor
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>> ... 6 more
>>
>> It's pretty much the same error that you were getting. Though I had checked , there is no duplicate library added. Also there is already AndroidCallbacks.txt in soot-infoflow-android, i haven't understood how to add it into my project.
>> Any help would be appreciated. Thank You
>> Regards
>> Lokesh
>>
>>
>> On Saturday, 5 July 2014 23:04:49 UTC+5:30, Modhi Alsobiehy wrote:
>>
>> Hi all,
>>
>> I need to traverse the call flow graph of android apps( apk files).
>>
>> I understand that I must set an entry point so to start, I tried the following code :
>>
>>
>>
>> ----------------------------------------------------------------------------------------------------
>>
>> mport java.io.IOException;
>>
>> import java.util.Collections;
>>
>> import org.xmlpull.v1.XmlPullParserException;
>>
>> import soot.PackManager;
>>
>> import soot.Scene;
>>
>> import soot.SootMethod;
>>
>> import soot.jimple.infoflow.android.SetupApplication;
>>
>> import soot.options.Options;
>>
>> public class CFG {
>>
>> public CFG() {
>>
>> // TODO Auto-generated constructor stub
>>
>> }
>>
>> public static void main(String[] args) {
>>
>> // TODO Auto-generated method stub
>>
>> SetupApplication app = new SetupApplication("D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms","D:/APKs/location.apk");
>>
>> try {
>>
>> app.calculateSourcesSinksEntrypoints("D:/FlowDroid/SourcesAndSinks.txt");
>>
>> } catch (IOException e) {
>>
>> // TODO Auto-generated catch block
>>
>> e.printStackTrace();
>>
>> } catch (XmlPullParserException e) {
>>
>> // TODO Auto-generated catch block
>>
>> e.printStackTrace();
>>
>> }
>>
>> soot.G.reset();
>>
>> Options.v().set_src_prec(Options.src_prec_apk);
>>
>> Options.v().set_process_dir(Collections.singletonList("D:/APKs/location.apk"));
>>
>> Options.v().set_android_jars("D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms");
>>
>> Options.v().set_whole_program(true);
>>
>> Options.v().set_allow_phantom_refs(true);
>>
>> Options.v().set_output_format(Options.output_format_none);
>>
>> Options.v().setPhaseOption("cg.spark", "on");
>>
>> Scene.v().loadNecessaryClasses();
>>
>> SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
>>
>> Options.v().set_main_class(entryPoint.getSignature());
>>
>> Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
>>
>> System.out.println(entryPoint.getActiveBody());
>>
>> PackManager.v().runPacks();
>>
>> System.out.println(Scene.v().getCallGraph().size());
>>
>> }
>>
>> }
>>
>> ---------------------------------------------------------------------------------------------------------------------
>>
>> Unfortunately, I am getting the following error:
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError: pxb/android/axml/NodeVisitor
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.handle(Unknown Source)
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>>
>> at soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown Source)
>>
>> at soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown Source)
>>
>> at apkCFG.CFG.main(CFG.java:25)
>>
>> Caused by: java.lang.ClassNotFoundException: pxb.android.axml.NodeVisitor
>>
>> at java.net.URLClassLoader$1.run(Unknown Source)
>>
>> at java.net.URLClassLoader$1.run(Unknown Source)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at java.net.URLClassLoader.findClass(Unknown Source)
>>
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>>
>> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
>>
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>>
>> ... 6 more
>>
>>
>>
>> Any help or advise on how to do that would be deeply appreciated!
>>
>> Thanx!!
>>
>>
>>
>>
>>
>> Sent from Windows Mail
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at CS.McGill.CA
>> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140720/de40c7ab/attachment-0003.html
More information about the Soot-list
mailing list