[Soot-list] Question about instrument android using Soot

nudt_liujihao nudt_liujihao at 163.com
Thu Apr 6 08:57:46 EDT 2017 

Hi, steven
     Today, I have tried again. Now I want to explain my purpose for you.
      My main purpose is to extract the URL runtime values for a certain network connection.
      For example, here is network connection:     InputStreamReader in = new InputStreamReader(HttpURLConnection.getInputStream());   If I want to need to extract the runtime URL, I need to insert the statement:   URLConnection connection=HttpURLConnection;  String url = connection.getURL().toString(); Then use Log to dump the url..
     
       Next, I will show you my code:
       Soot settings is as follows:
        Options.v().set_no_bodies_for_excluded(true);
  Options.v().set_allow_phantom_refs(true);
  Options.v().set_whole_program(true);
  Options.v().set_prepend_classpath(true);
  Options.v().set_validate(true);
  Options.v().set_output_format(Options.output_format_dex);
  Options.v().set_output_dir(outputfolder);
  Options.v().set_process_dir(Collections.singletonList(inputapk+File.separator+filename));
  Options.v().set_android_jars(androidjar);
  Options.v().set_src_prec(Options.src_prec_apk);
    String class_path=Scene.v().getAndroidJarPath(androidjar, inputapk+File.separator+filename);
  Options.v().set_soot_classpath(class_path);
    Main.v().autoSetOptions();
    Scene.v().loadClassAndSupport("java.net.URI");
  Scene.v().loadClassAndSupport("java.net.HttpURLConnection");
  Scene.v().loadNecessaryClasses();
  Scene.v().loadBasicClasses();


    My instrument code is as follows:
    List<Unit> beforegenerated = new ArrayList<Unit>();
    SootMethod sm1 = Scene.v().getMethod("<java.net.HttpURLConnection: java.net.URL getURL()>");
    SootMethod sm2 = Scene.v().getMethod("<java.net.URL: java.lang.String toString()>");
     Local connection = generateNewLocal(body,RefType.v("java.net.HttpURLConnection"));
    Local URL=generateNewLocal(body,RefType.v("java.net.URL"));
    Local str=generateNewLocal(body,RefType.v("java.lang.String"));
    // u is the insert point :  InputStreamReader in = new InputStreamReader(HttpURLConnection.getInputStream());  
    for(ValueBox v:u.getUseBoxes())
    {
     if(v.getValue().getType().toString().equals("java.net.HttpURLConnection"))
     {
      AssignStmt assign=Jimple.v().newAssignStmt(connection, v.getValue());
      beforegenerated.add(assign);
      VirtualInvokeExpr invokeExpr = Jimple.v().newVirtualInvokeExpr(connection,sm1.makeRef()); 
      AssignStmt assign1 = Jimple.v().newAssignStmt(URL, invokeExpr);
      beforegenerated.add(assign1);
      VirtualInvokeExpr invokeExpr1 = Jimple.v().newVirtualInvokeExpr(URL,sm2.makeRef());
      AssignStmt assign2 = Jimple.v().newAssignStmt(str, invokeExpr1);
      beforegenerated.add(assign2);
      StaticInvokeExpr invokeExpr2 = Jimple.v().newStaticInvokeExpr(sm.makeRef(), logType, str);
      Unit invoke1 = Jimple.v().newInvokeStmt(invokeExpr2);
      beforegenerated.add(invoke1);
     }
    }
      body.getUnits().insertBefore(beforegenerated, u);


      Now I can instrument an app successfully, however the instrumented app cannot run on the real device (always stopped). My current question is :
      Do you think this code is right? Why the instrumented cannot run normally? How to solve this?
      Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170406/0a92d5af/attachment.html>

More information about the Soot-list mailing list