[Soot-list] Spark & Android Source Code no main class
Steven Arzt
Steven.Arzt at cased.de
Thu Dec 10 04:32:02 EST 2015
Hi Anshul,
Android apps have no main class like traditional Java programs. Instead, they form plugins to the Android OS. If you just specify the onCreate() method of an Activity as your entry point, you have two problems: Firstly, the SPARK callgraph builder needs a static method as the entry point, or it will not find any outgoing edges for virtual calls on the “this” variable. You callgraph would thus be greatly unsound. Secondly, you would miss all the other methods that are not transitively reachable from your onCreate() method. You would, for instance, never end up in onPause().
In FlowDroid, we solved the problem by automatically generating an artificial dummy main method that emulates the method call sequences that would normally be done within the Android OS. You can re-use the FlowDroid dummy main generator if you like:
SetupApplication app = new SetupApplication
("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",
"D:/Temp/com.tweakersoft.aroundme-1.apk");
app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android Analyse/soot-infoflow-android/SourcesAndSinks.txt");
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakersoft.aroundme-1.apk"));
Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms");
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_class);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
System.out.println(entryPoint.getActiveBody());
PackManager.v().runPacks();
System.out.println(Scene.v().getCallGraph().size());
Best regards,
Steven
Von: Anshul Vij [mailto:vijanshul2 at gmail.com]
Gesendet: Sonntag, 6. Dezember 2015 14:55
An: soot
Cc: jott002 at ucr.edu; soot-list at cs.mcgill.ca; Steven.Arzt at cased.de
Betreff: Re: [Soot-list] Spark & Android Source Code no main class
Hi Steven Arzt,
I am also using Soot framework for creating and using Android application's call graph.
Can you help me in understanding which class should I use as main class?
For me callgraph.size() always returning 0.
I want to find a particular method invocation in all method bodies and backtrack (using edgesInto(method)) until I reach a method that is Android callback method.
I have a list to match the signatures with callback method.
Current problem is that the callgraph contains nothing.
I believe as you pointed here that I need to set a main class and entry point.
So should I make an Activity as a main class and onCreate() as entry point?
Please help in this regard.
Thank you!
Kind regards,
Anshul
On Friday, 27 March 2015 11:15:00 UTC+1, Steven Arzt wrote:
Hi Jason,
You should never need to call „loadClassAndSupport“ on your own. This is done internally by Soot.
For creating a callgraph, you need an entry point. For normal Java applications, this is the main() method. You can either explicitly specify it or have Soot automatically select the only main() method in your Soot classpath.
The easiest way to get a callgraph is to call the Soot main method and pass the correct command-line parameters:
-p cg.spark on This enables SPARK
-process-dir Path to the classes you want to analyze
-cp Path to other classes that might be referenced from your analysis target
-main-class The main class to use
After the call to soot.Main.main(), you should be able to access the callgraph.
A more involved example that calls the required parts of Soot manually goes here:
public static void main(String[] args) {
Options.v().parse(args);
Scene.v().loadNecessaryClasses();
SootClass sc = Scene.v()
.forceResolve("soot.Examples", SootClass.BODIES);
sc.setApplicationClass();
SootMethod method = sc.getMethodByName("main");
List<SootMethod> entryPoints = new ArrayList<SootMethod>();
entryPoints.add(method);
Scene.v().setEntryPoints(entryPoints);
Options.v().set_main_class(method.getSignature());
PackManager.v().runPacks();
CallGraph callgraph = Scene.v().getCallGraph();
System.out.println("[TestSpark] Call graph size " + callgraph.size());
for (Edge edge : callgraph)
System.out.println(edge + "");
}
This is essentially what the normal Soot main method would do.
Best regards,
Steven
Von: soot-lis... at CS.McGill.CA <javascript:> [mailto:soot-lis... at CS.McGill.CA <javascript:> ] Im Auftrag von Jason Ott
Gesendet: Mittwoch, 25. März 2015 06:31
An: soot... at CS.McGill.CA <javascript:>
Betreff: [Soot-list] Spark & Android Source Code no main class
I would like to build a callgraph for each class of the android framework and I am struggling. I haven't found much in the way of documentation or examples for using SPARK in general.
I have a basic program that does the following:
public class DumpClass {
public static void main(String[] args) {
Scene.v().loadBasicClasses();
SootClass mclass;
mclass = Scene.v().loadClassAndSupport(args[0]);
mclass.setApplicationClass();
Options.v().set_whole_program(true);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
Options.v().set_main_class(mclass.getMethods().get(0).toString());
PackManager.v().runPacks();
new SparkTest(mclass);
}
}
Now, when I run this, I get: Exception in thread "main" java.lang.RuntimeException: There is no main class set!
I'm not quite sure what to do with that or what to do next if this thing ever works.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20151210/21e26205/attachment-0001.html
More information about the Soot-list
mailing list