[Soot-list] Problem in Making Call Flow Graph from Class or Java files.
Marc-André Laverdière
marc-andre.laverdiere-papineau at polymtl.ca
Sun May 25 23:19:15 EDT 2014
The way that I do it is that I create a main class. That main class
could look like this. I'm trying to 'port' from Scala so bear with me if
it doesn't compile.
class Meh{
public static void main(String[] args){
Transform t = new Transform("wjtp.probecg", new CallGraph);
PackManager.v().getPack("wjtp").add(t);
soot.Main(new String[]{"-w", ...}
}
}
Where the ... is the arguments
http://www.sable.mcgill.ca/soot/tutorial/usage/
The most important ones are the soot class path and the soot process path.
Once you run the application, there will be a call graph in the file
CallGraph.gxl.gz. ProBe has a program (probe.CallGraphView) that allows
you to examine it in a browser.
So, to get started, you just need to download the Soot nightly, ProBe,
drop them in your classpath and enjoy :)
http://plg.uwaterloo.ca/~olhotak/probe/
http://vandyk.st.informatik.tu-darmstadt.de/abc/
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 05/25/2014 02:41 PM, Vishal K4 wrote:
> Hi,
>
> ok. Then please just give an example of making a call flow graph from
> java/class files. Will be hoping for the simple steps.
>
> Thanks & Regards,
>
> Vishal Kumar
> Mobility Security- DESS
> Tata Consultancy Services
> VYDEHI RC-1 BLOCK
> 82,EPIP,Whitefield,
> Bangalore - 560066,Karnataka
> India
> Mailto: vishal.k4 at tcs.com <mailto:vishal.k4 at tcs.com>
> Website: http://www.tcs.com <http://www.tcs.com/>
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Consulting
> ____________________________________________
>
>
> -----"Steven Arzt" <Steven.Arzt at cased.de> wrote: -----
> To: "'Vishal K4'" <vishal.k4 at tcs.com>
> From: "Steven Arzt" <Steven.Arzt at cased.de>
> Date: 05/25/2014 04:04PM
> Cc: <soot-list at CS.McGill.CA>
> Subject: AW: [Soot-list] Problem in Making Call Flow Graph from Class or
> Java files.
>
> Hi Vishal,
>
>
>
> Please be specific about the errors you are getting. “I am getting
> errors” is not helping much in understanding what is actually going
> wrong on your side. You say that a certain line of code fails. So what
> happens? Can’t you compile it? Do you get an exception? What exactly are
> your issues with the imported projects?
>
>
>
> For Android APK files, generating a callgraph is not as simple as for
> normal Java class / source files. The reason lies in how the SPARK
> callgraph construction algorithm works. It was designed to start at the
> program’s single entry point, look for method calls there, then take all
> found called methods, look at what they call, and so on. This way, it
> builds a precise graph of what method is (potentially) called where and
> identifies the methods which are reachable over all.
>
>
>
> For Android, such a single entry point however does not exist. There is
> no single method that is called and then (transitively) invokes all the
> rest of the program. Instead, Android applications derive classes from
> certain pre-defined operating system classes such as “Activity” where
> they overwrite certain lifecycle methods. The Android OS instantiates
> these classes and calls the respective lifecycle methods at predefined
> stages during the execution. For SPARK, this poses a problem: Where to
> start looking for method calls? SPARK cannot know that
> “Activity.onCreate()” will ever be called since that call is hidden
> inside the operating system implementation and not visible to Soot.
> Respectively, it would not find any method that ever gets called and
> your callgraph would be empty.
>
>
>
> To solve this problem, we need to create an artificial entry point that
> models all these calls the operating system does when actually executing
> the application. Your idea of taking a single class file as a custom
> entry point is exactly what I have proposed to you. However, you need to
> analyze your APK file and then build a suitable entry point for this
> specific APK file. There is no single class file you can use for all
> your APK files. Generating such tailored entry points is what the
> AndroidEntryPointCreator class from FlowDroid does. The reason why you
> need a bit more is that the analysis process that needs to be done
> before you know what to put in your entry point is not as simple as it
> sounds; Android is a highly dynamic environment with callbacks, external
> configuration files, and the like. You can go ahead and try to come up
> with something on your own, but I can tell you that we have spent
> considerable effort on the subject and that there is no simple solution
> unless you go for really unsound and coarse approximations such as
> leaving out all the callbacks.
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:*Vishal K4 [mailto:vishal.k4 at tcs.com]
> *Gesendet:* Sonntag, 25. Mai 2014 11:29
> *An:* Steven Arzt
> *Cc:* soot-list at CS.McGill.CA
> *Betreff:* AW: [Soot-list] Problem in Making Call Flow Graph from Class
> or Java files.
>
>
>
> Hello,
>
>
>
> I am still facing some problem in this project flow. i am describing my
> step which i have done. Please correct me if possible.
>
>
>
> *Steps:-*
>
> *1. *I imported those two projects into my workspace and then created a
> new project with those codes which you included in the mail.
>
>
>
> *2. *After that i am getting errors in my newly created project near
> calling of entrypoint. Getting error in the highlighted part.Codes
> given below
>
> SootMethod entryPoint =
> app.getEntryPointCreator().*createDummyMain();*
>
>
>
> *3.* And i m also facing issues with those two imported inflow android
> projects and as well what is their need. Can not we directly create a
> custom entry point with a single class file and then make a call graph
> with the apk files.
>
>
>
> *4. * Please give me some simple solution i am getting stuck in this one
> making CFG and also i have to submit the CFG of apk file in next two
> days. So please help me.
>
>
>
>
>
> I have an apk file and make a CFG . So please just give simple solution
> and also anything which i should import.
>
>
>
> Hoping for an easy solution.
>
>
>
>
>
> Thanks & Regards,
>
> Vishal Kumar
>
>
>
>
>
> -----"Steven Arzt" <Steven.Arzt at cased.de <mailto:Steven.Arzt at cased.de>>
> wrote: -----
>
> To: "'Vishal K4'" <vishal.k4 at tcs.com <mailto:vishal.k4 at tcs.com>>
> From: "Steven Arzt" <Steven.Arzt at cased.de <mailto:Steven.Arzt at cased.de>>
> Date: 05/24/2014 09:01PM
> Cc: <soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>>
> Subject: AW: [Soot-list] Problem in Making Call Flow Graph from Class or
> Java files.
>
> Hi Vishal,
>
>
> As I explained, you first need to create an artificial main method that
> emulates the Android lifecycle before you can create a callgraph from an
> APK file. For this, you can use the AndroidEntryPointCreator component
> from FlowDroid. You need the following two projects:
>
>
>
> https://github.com/secure-software-engineering/soot-infoflow
>
>
> https://github.com/secure-software-engineering/soot-infoflow-android
>
>
>
> You can then use the following code to create a callgraph:
>
>
>
> SetupApplication app = *new*SetupApplication
>
>
> ("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",
>
> "D:/Temp/com.tweakersoft.aroundme-1.apk");
>
> app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android
> Analyse/soot-infoflow-android/SourcesAndSinks.txt");
>
>
>
> soot.G./reset/();
>
>
>
> Options./v/().set_src_prec(Options./src_prec_apk/);
>
>
> Options./v/().set_process_dir(Collections./singletonList/("D:/Temp/com.tweakersoft.aroundme-1.apk"));
>
>
> Options./v/().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms");
>
> Options./v/().set_whole_program(*true*);
>
> Options./v/().set_allow_phantom_refs(*true*);
>
> Options./v/().set_output_format(Options./output_format_none/);
>
> Options./v/().setPhaseOption("cg.spark", "on");
>
>
>
> Scene./v/().loadNecessaryClasses();
>
>
>
> SootMethod entryPoint =
> app.getEntryPointCreator().createDummyMain();
>
> Options./v/().set_main_class(entryPoint.getSignature());
>
>
> Scene./v/().setEntryPoints(Collections./singletonList/(entryPoint));
>
> System./out/.println(entryPoint.getActiveBody());
>
>
>
> PackManager./v/().runPacks();
>
> System./out/.println(Scene./v/().getCallGraph().size());
>
>
>
> This example program just prints out the size of the callgraph, but you
> can use the CG as you lilke.
>
>
>
> If you use our technology in a research project, please cite the
> FlowDroid paper which you can find together with lots of other
> information on the tool at: http://sseblog.ec-spride.de/tools/flowdroid/
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:*soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> [mailto:soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Vishal K4
> *Gesendet:* Samstag, 24. Mai 2014 14:37
> *An:* Steven Arzt
> *Cc:* soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>
> *Betreff:* Re: [Soot-list] Problem in Making Call Flow Graph from Class
> or Java files.
>
>
>
> Hi,
>
>
>
> Thanks for your fast reply. You got me correctly, actually i need to
> make a call graph from the apk file. I need to check all the flow of
> methods and classes from tha apk file. So please give some idea to make
> it from apk file step by step.
>
>
>
> Waiting......
>
>
>
> Thanks & Regards,
>
> Vishal Kumar
>
> Mobility Security- DESS
>
> Tata Consultancy Services
> VYDEHI RC-1 BLOCK
> 82,EPIP,Whitefield,
> Bangalore - 560066,Karnataka
> India
> Mailto: vishal.k4 at tcs.com <mailto:vishal.k4 at tcs.com>
> Website: http://www.tcs.com <http://www.tcs.com/>
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Consulting
> ____________________________________________
>
>
>
> -----soot-list-bounces at CS.McGill.CA
> <mailto:-----soot-list-bounces at CS.McGill.CA> wrote: -----
>
> To: "'Marc-André Laverdière'" <marc-andre.laverdiere-papineau at polymtl.ca
> <mailto:marc-andre.laverdiere-papineau at polymtl.ca>>,
> <soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>>
> From: "Steven Arzt"
> Sent by: soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> Date: 05/23/2014 08:47PM
> Subject: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
> Java files.
>
> Hi Vishal,
>
> Are you trying to create a callgraph from a Java file, a Class file or an
> APK file? You mention all three sources in your e-mail. Java and Class file
> work out-of-the-box just as Marc-André wrote.
>
> For APK files, you need to do some extra work since the Soot callgraph
> creator needs an entry point, i.e. a main method. In Android applications,
> such a main method does not exist since Android instead tightly integrates
> applications into the OS using a lifecycle. Android applications implement
> classes inherited from OS classes and then overwrite the lifecycle methods.
> There are ways to handle this (AndroidEntryPointCreator in FlowDroid), so
> feel free to ask if you need it.
>
> Best regards,
> Steven
>
> -----Ursprüngliche Nachricht-----
> Von: soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> [mailto:soot-list-bounces at CS.McGill.CA]
> Im Auftrag von Marc-André Laverdière
> Gesendet: Freitag, 23. Mai 2014 15:27
> An: soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>
> Betreff: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
> Java files.
>
> Hello Vishal,
>
> One can build a call graph by running Soot from the command-line with the -w
> option. In order to export and visualize the call graph, I recommend using
> ProBe (http://plg.uwaterloo.ca/~olhotak/probe/)
>
> Regards,
>
> Marc-André Laverdière-Papineau
> Doctorant - PhD Candidate
>
> On 05/23/2014 02:03 AM, Vishal K4 wrote:
>> Hi,
>>
>> I am facing a problem in soot. I have an android apk file and i have
>> to make a call graph from the class files or apk files. So can you
>> just give me an example that how can we make a CFG from java files.
>> Please give me some idea about it. I will be waiting for your reply soon.
>>
>> I request you to please give an example step by step. Hoping for your
>> response soon.
>>
>> Thanks & Regards,
>>
>> Vishal Kumar
>>
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail message and/or
>> attachments to it may contain confidential or privileged information.
>> If you are not the intended recipient, any dissemination, use, review,
>> distribution, printing or copying of the information contained in this
>> e-mail message and/or attachments to it are strictly prohibited. If
>> you have received this communication in error, please notify us by
>> reply e-mail or telephone and immediately and permanently delete the
>> message and any attachments. Thank you
>>
>>
>>
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
>> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list