[Soot-list] Android Framework Methods in Callgraph
Marc-André Laverdière-Papineau
marc-andre.laverdiere-papineau at polymtl.ca
Sat Jun 14 00:11:44 EDT 2014
I had a similar problem with missing edges on iterator.next. I had to enrich the call graph to deal with that, as I was missing propagations otherwise.
--
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
Sent from my Android device with K-9 Mail. Please excuse my brevity.
On June 13, 2014 10:24:43 PM GMT+05:30, Bernd Bergler <bernd.bergler at gmail.com> wrote:
>Hi!
>I am currently working on the analysis of an Android application with
>soot.
>After a bit of research and a lot of info from this mailing list
>everything
>is working quite nicely.
>I can construct the CallGraph and solve the IFDSReachingDefinitions
>problem
>as expected.
>
>
>I am interested in the input of specific Android framework methods(e.g.
>ContentRecolver.query()).
>But I am to able to get the Units which contain the actual invoke. I
>works
>as expected for methods within the app.
>I cant even get edges from or to the desired method from the callgraph,
>but
>when looking at the jimple file I see
>as expected the invoke of the method which should result in an edge in
>the
>callgraph.
>
>$r6 = virtualinvoke $r1.<android.content.ContentResolver:
>android.database.Cursor
>query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>($r2,
>null, null, null, null);
>
>It seems like the callgraph contains only app internal calls. Is there
>a
>setting so i get the full call graph( wich all the edges to the stubs
>in
>the android.jar)
>
>Any suggestions what could be wrong or how i could get the desired
>result?
>
>The code which should return the associated units.
> CallGraph callGraph = Scene.v().getCallGraph();
> String method = "<android.content.ContentResolver:
>android.database.Cursor
>query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>";
> SootMethod smX = Scene.v().getMethod(method);
> Iterator<Edge> edges = callGraph.edgesInto(smX);
> while (edges.hasNext()) {
> //Returns no edge
> System.out.println(smX.getName());
> }
>
> edges = callGraph.edgesOutOf(smX);
> while (edges.hasNext()) {
> //Returns no edge
> System.out.println(smX.getName());
> }
>
>
> //System.out.println(smX.getActiveBody());
> //crashes because not body asscocaited with framework mehtod
>
> Collection<Unit> units = icfg.getCallersOf(smX);
>
> for (Unit unit : units) {
> //Returns no edge
> System.out.println(unit.toString());
> }
>
>
>The code to generate the callgraph:
>
> Options.v().set_src_prec(Options.src_prec_apk);
>
>Options.v().set_process_dir(Collections.singletonList(getApkFile().getAbsolutePath()));
> Options.v().set_android_jars(platfromFolder);
> Options.v().set_whole_program(true);
> Options.v().set_allow_phantom_refs(true);
> Options.v().set_output_format(Options.output_format_none);
> Options.v().setPhaseOption("cg.spark", "on");
> Options.v().ignore_resolution_errors();
> Options.v().set_output_format(Options.output_format_J);
>
> Scene.v().loadNecessaryClasses();
>
> SootMethod entryPoint =
>app.getEntryPointCreator().createDummyMain();
> Options.v().set_main_class(entryPoint.getSignature());
> Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
>
>I use a self built version of soot and heros.
>
>Bernd
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Soot-list mailing list
>Soot-list at CS.McGill.CA
>https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
More information about the Soot-list
mailing list