[Soot-list] Help Regarding Intra and Inter Procedural Analysis

LOKESH JAIN lokeshjain92 at gmail.com
Wed Feb 4 11:48:04 EST 2015 

Hi,

Thanks for the reply.

Eric, yeah it's notifying me the flows but that's not only what i want. I
need to analyze the data flow.

For eg. in the RV2013.apk i got the o/p
Found a flow to sink virtualinvoke $r4.<android.telephony.SmsManager: void
sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6,
null, $r7, null, null) on line 31, from the following sources:
    - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void
sendSms(android.view.View)>)
    - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void
sendSms(android.view.View)>)

I actually need the analyses(some data dependency graph) that could depict
the flow ,a node sendsms() followed by(i.e edge) the node gettext() that is
in the argument of sendTextMessage(...) followed by node
sendTextMessage(...)  etc.

How do i get this?? I think i could get that flow using flowdroid, but i am
not able to get how to i convert it to dot file.

Dacong, I will definitely try that tool.

Thanks & Regards
Lokesh Jain




On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric <eric.bodden at sit.fraunhofer.de>
wrote:

> Hi Lokesh.
>
> > I want to do intra and inter procedural data flow analysis for an .apk
> file.
> > For this I have used FlowDroid. I followed
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> this tutorial in eclipse and it worked fine. But i am not able to deduce
> anything useful from the output. Is there any way, I can get the Data
> dependency graph from this ?
>
> Yes, sure. That's the main data structure that FlowDroid supports. The
> textual output indeed won't help you much, though. FlowDroid provides
> callbacks instead, which notify you of any flows found. That's usually how
> people use the tool.
>
> > Also is FlowDroid is good option for getting Data dependency or is there
> any other option better than this?
>
> There are other tools but FlowDroid is certainly one of the most stable
> and thorough ones.
>
> Cheers,
> Eric
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150204/2f7dea43/attachment-0001.html

More information about the Soot-list mailing list