[Soot-list] Android Framework Methods in Callgraph
Dacong Yan
tonywinslow1986 at gmail.com
Sat Jun 14 02:01:55 EDT 2014
Have you tried this "Options.v().setPhaseOption("cg", "all_reachable")"?
On Fri, Jun 13, 2014 at 12:54 PM, Bernd Bergler <bernd.bergler at gmail.com> wrote:
> Hi!
> I am currently working on the analysis of an Android application with soot.
> After a bit of research and a lot of info from this mailing list everything
> is working quite nicely.
> I can construct the CallGraph and solve the IFDSReachingDefinitions problem
> as expected.
>
>
> I am interested in the input of specific Android framework methods(e.g.
> ContentRecolver.query()).
> But I am to able to get the Units which contain the actual invoke. I works
> as expected for methods within the app.
> I cant even get edges from or to the desired method from the callgraph, but
> when looking at the jimple file I see
> as expected the invoke of the method which should result in an edge in the
> callgraph.
>
> $r6 = virtualinvoke $r1.<android.content.ContentResolver:
> android.database.Cursor
> query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>($r2,
> null, null, null, null);
>
> It seems like the callgraph contains only app internal calls. Is there a
> setting so i get the full call graph( wich all the edges to the stubs in the
> android.jar)
>
> Any suggestions what could be wrong or how i could get the desired result?
>
> The code which should return the associated units.
> CallGraph callGraph = Scene.v().getCallGraph();
> String method = "<android.content.ContentResolver:
> android.database.Cursor
> query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)>";
> SootMethod smX = Scene.v().getMethod(method);
> Iterator<Edge> edges = callGraph.edgesInto(smX);
> while (edges.hasNext()) {
> //Returns no edge
> System.out.println(smX.getName());
> }
>
> edges = callGraph.edgesOutOf(smX);
> while (edges.hasNext()) {
> //Returns no edge
> System.out.println(smX.getName());
> }
>
>
> //System.out.println(smX.getActiveBody());
> //crashes because not body asscocaited with framework mehtod
>
> Collection<Unit> units = icfg.getCallersOf(smX);
>
> for (Unit unit : units) {
> //Returns no edge
> System.out.println(unit.toString());
> }
>
>
> The code to generate the callgraph:
>
> Options.v().set_src_prec(Options.src_prec_apk);
>
> Options.v().set_process_dir(Collections.singletonList(getApkFile().getAbsolutePath()));
> Options.v().set_android_jars(platfromFolder);
> Options.v().set_whole_program(true);
> Options.v().set_allow_phantom_refs(true);
> Options.v().set_output_format(Options.output_format_none);
> Options.v().setPhaseOption("cg.spark", "on");
> Options.v().ignore_resolution_errors();
> Options.v().set_output_format(Options.output_format_J);
>
> Scene.v().loadNecessaryClasses();
>
> SootMethod entryPoint =
> app.getEntryPointCreator().createDummyMain();
> Options.v().set_main_class(entryPoint.getSignature());
> Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
>
> I use a self built version of soot and heros.
>
> Bernd
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
--
Dacong (Tony) Yan
Ph.D. Student
Computer Science and Engineering
The Ohio State University, Columbus
http://www.cse.ohio-state.edu/~yan
More information about the Soot-list
mailing list