[Soot-list] Problem in Making Call Flow Graph from Class or Java files.

Steven Arzt Steven.Arzt at cased.de
Sat May 24 11:30:51 EDT 2014 

Hi Vishal,


As I explained, you first need to create an artificial main method that
emulates the Android lifecycle before you can create a callgraph from an APK
file. For this, you can use the AndroidEntryPointCreator component from
FlowDroid. You need the following two projects:

 

                https://github.com/secure-software-engineering/soot-infoflow

 
https://github.com/secure-software-engineering/soot-infoflow-android

 

You can then use the following code to create a callgraph:

 

             SetupApplication app = new SetupApplication

 
("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",

                           "D:/Temp/com.tweakersoft.aroundme-1.apk");

             app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android
Analyse/soot-infoflow-android/SourcesAndSinks.txt");

             

             soot.G.reset();

             

             Options.v().set_src_prec(Options.src_prec_apk);

 
Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakerso
ft.aroundme-1.apk"));

 
Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sd
k/platforms");

             Options.v().set_whole_program(true);

             Options.v().set_allow_phantom_refs(true);

             Options.v().set_output_format(Options.output_format_none);

             Options.v().setPhaseOption("cg.spark", "on");

             

             Scene.v().loadNecessaryClasses();       

             

             SootMethod entryPoint =
app.getEntryPointCreator().createDummyMain();

             Options.v().set_main_class(entryPoint.getSignature());

 
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

             System.out.println(entryPoint.getActiveBody());

             

             PackManager.v().runPacks();

             System.out.println(Scene.v().getCallGraph().size());

 

This example program just prints out the size of the callgraph, but you can
use the CG as you lilke.

 

If you use our technology in a research project, please cite the FlowDroid
paper which you can find together with lots of other information on the tool
at: http://sseblog.ec-spride.de/tools/flowdroid/

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Vishal K4
Gesendet: Samstag, 24. Mai 2014 14:37
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.

 

Hi,

 

Thanks for your fast reply. You got me correctly, actually i need to make a
call graph from the apk file. I need to check all the flow of methods and
classes from tha apk file. So please give some idea to make it from apk file
step by step.

 

Waiting......

 

Thanks & Regards,

Vishal Kumar

Mobility Security- DESS

Tata Consultancy Services
VYDEHI  RC-1 BLOCK
82,EPIP,Whitefield,
Bangalore - 560066,Karnataka
India
Mailto: vishal.k4 at tcs.com
Website: http://www.tcs.com <http://www.tcs.com/> 
____________________________________________
Experience certainty.     IT Services
               Business Solutions
               Consulting
____________________________________________



-----soot-list-bounces at CS.McGill.CA wrote: -----

To: "'Marc-André Laverdière'" <marc-andre.laverdiere-papineau at polymtl.ca>,
<soot-list at CS.McGill.CA>
From: "Steven Arzt" 
Sent by: soot-list-bounces at CS.McGill.CA
Date: 05/23/2014 08:47PM
Subject: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.

Hi Vishal,

Are you trying to create a callgraph from a Java file, a Class file or an
APK file? You mention all three sources in your e-mail. Java and Class file
work out-of-the-box just as Marc-André wrote.

For APK files, you need to do some extra work since the Soot callgraph
creator needs an entry point, i.e. a main method. In Android applications,
such a main method does not exist since Android instead tightly integrates
applications into the OS using a lifecycle. Android applications implement
classes inherited from OS classes and then overwrite the lifecycle methods.
There are ways to handle this (AndroidEntryPointCreator in FlowDroid), so
feel free to ask if you need it.

Best regards,
  Steven

-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Marc-André Laverdière
Gesendet: Freitag, 23. Mai 2014 15:27
An: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.

Hello Vishal,

One can build a call graph by running Soot from the command-line with the -w
option. In order to export and visualize the call graph, I recommend using
ProBe (http://plg.uwaterloo.ca/~olhotak/probe/)

Regards,

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 05/23/2014 02:03 AM, Vishal K4 wrote:
> Hi,
> 
> I am facing a problem in soot. I have an android apk file and i have 
> to make a call graph from the class files or apk files. So can you 
> just give me an example that how can we make a CFG from java files. 
> Please give me some idea about it. I will be waiting for your reply soon.
> 
> I request you to please give an example step by step. Hoping for your 
> response soon.
> 
> Thanks & Regards,
> 
> Vishal Kumar
> 
> 
> =====-----=====-----=====
> Notice: The information contained in this e-mail message and/or 
> attachments to it may contain confidential or privileged information. 
> If you are not the intended recipient, any dissemination, use, review, 
> distribution, printing or copying of the information contained in this 
> e-mail message and/or attachments to it are strictly prohibited. If 
> you have received this communication in error, please notify us by 
> reply e-mail or telephone and immediately and permanently delete the 
> message and any attachments. Thank you
> 
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> 
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140524/ea46ae6d/attachment-0001.html

More information about the Soot-list mailing list