[Soot-list] Any way to get the body of callback methods (not android default handlers) ?
Xinxin Jin
xinxinjin89 at gmail.com
Thu Feb 19 04:15:11 EST 2015
Hi Steven,
Thank you very much ! Finally I got the reason...
In this case, how can I include the required jar into my analysis ?
On Thu, Feb 19, 2015 at 12:54 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:
> Hi all,
>
>
> Soot at the moment does not load any additional JAR files from the APK, so
> the library will be missing and the callgraph will be incomplete. In the
> long run, we should have an option to merge all JAR files (and additional
> dex files as well) contained in the APK into the Scene.
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Xinxin Jin
> *Gesendet:* Donnerstag, 19. Februar 2015 02:08
> *An:* Dacong Yan
> *Cc:* Soot list
> *Betreff:* Re: [Soot-list] Any way to get the body of callback methods
> (not android default handlers) ?
>
>
>
> Hi Dacong,
>
>
>
> I didn't modify any soot options related with Volley library. The library
> jar is included in the app's apk, so I think soot should be able to
> decompile it.
>
>
>
> Thanks a lot !
>
>
>
> On Wed, Feb 18, 2015 at 4:59 PM, Dacong Yan <tonywinslow1986 at gmail.com>
> wrote:
>
> Purely based on code search:
>
> The call sites for onResponse() and onErrorResponse() are inside the
> Volley library: line 60 at
> <
> https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/toolbox/StringRequest.java
> >
> and line 517 at
> <
> https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/Request.java
> >.
> Did you include the Volley library code in your call graph
> construction? You may want to check that, but I'm not saying you
> should or should not include it.
>
>
> On Wed, Feb 18, 2015 at 1:55 PM, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> > As a follow up, I manually checked the jimple files generated from the
> apk.
> > And in "VolleyActivity$1.jimple ", I can clearly see the method body of
> > onResponse(). That means there is no problem with jimple file, but why
> it
> > is not parsed by soot (FlowDroid)?
> >
> > Thanks,
> >
> > On Wed, Feb 18, 2015 at 1:43 PM, Xinxin Jin <xinxinjin89 at gmail.com>
> wrote:
> >>
> >> Hi Eric,
> >>
> >> Thanks for your reply. I checked all the reachable methods and found no
> >> place invoking onResponse and onErrorResponse.
> >>
> >> The statement that invokes StringRequest() method is :
> >>
> >> <com.android.volley.toolbox.StringRequest: void
> >>
> <init>(int,java.lang.String,com.android.volley.Response$Listener,com.android.volley.Response$ErrorListener)>(
> >> "http://www.google.com", $r7, $r8)
> >>
> >> Here parameters $r7, $r8 correspond to Response.Listener() and
> >> Response.ErrorListener(). Then I continued to track the definition of
> r7:
> >>
> >> $r7 = new edu.ucsd.mytest.VolleyActivity$1
> >>
> >> But there is no useful statement in edu.ucsd.mytest.VolleyActivity$1
> ....
> >>
> >> Any ideas ?
> >>
> >> Thank you a lot !!
> >>
> >> On Wed, Feb 18, 2015 at 11:47 AM, Bodden, Eric
> >> <eric.bodden at sit.fraunhofer.de> wrote:
> >>>
> >>> Hi Xinxin.
> >>>
> >>> I think the problem is that the bytecode's structure differs from the
> >>> source code's. Although in the source the two anonymous subclasses of
> >>> Listener resp. ErrorListener are lexically contained in the constructor
> >>> call, they are not in the bytecode. Please inspect the call to
> >>> StringRequest.<init>. You should see references the second and third
> >>> parameter both being initialized with instances of classes such as
> >>> Response.Listener$1. You have to inspect the bodies of the onResponse
> >>> methods in those classes.
> >>>
> >>> Hope that helps,
> >>> Eric
> >>>
> >>> > On 18.02.2015, at 18:21, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> >>> >
> >>> > Hi all,
> >>> >
> >>> > I have an application which calls new StringRequest()of Volley
> library:
> >>> >
> >>> >
> >>> > StringRequest request = new StringRequest(url,
> >>> > new Response.Listener() {
> >>> > @Override
> >>> > public void onResponse(Object response) {
> >>> > Log.d(TAG, "response " + ((String)
> >>> > response).substring(0,500));
> >>> > }
> >>> > }, new Response.ErrorListener() {
> >>> > @Override
> >>> > public void onErrorResponse(VolleyError error) {
> >>> > Log.d(TAG, "error message");
> >>> > }
> >>> > });
> >>> >
> >>> >
> >>> > It contains two callbacks as its parameters: Response.Listener() and
> >>> > Response.ErrorListener().
> >>> >
> >>> > When I parse reached methods of this application, it can only reach
> >>> > SootMethod StringRequest: <init>, but when I examine all the
> statements in
> >>> > this method, I cannot find bodies of the two registered listeners.
> Is there
> >>> > any way to get the method body of onResponse() ?
> >>> >
> >>> > Thank you for your help !
> >>> >
> >>> > --
> >>> > Xinxin
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > Soot-list mailing list
> >>> > Soot-list at CS.McGill.CA
> >>> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >>>
> >>> --
> >>> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> >>> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and
> >>> EC SPRIDE
> >>> Tel: +49 6151 16-75422 Fax: +49 6151 869-127
> >>> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
> >>>
> >>
> >>
> >>
> >> --
> >> Xinxin
> >
> >
> >
> >
> > --
> > Xinxin
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
>
>
>
>
>
> --
>
> Xinxin
>
--
Xinxin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150219/7ca8e88b/attachment.html
More information about the Soot-list
mailing list