[Soot-list] How to change AndroidInstrument.java to trace function enterings?

Moshe Rubin moshe.rubin at gmail.com
Tue Jan 21 15:30:51 EST 2020 

Using Soot I would like to instrument a subset of functions of an Android
APK, by outputting the function's name on entry.  I'm basing my code on the
AndroidInstrument.java source file as detailed on the page "Instrumenting
Android Apps with Soot" (
https://github.com/Sable/soot/wiki/Instrumenting-Android-Apps-with-Soot)
and found at
https://raw.githubusercontent.com/wiki/Sable/soot/code/androidinstr/AndroidInstrument.java_.txt
.

Building and running AndroidInstrument.java shows that the app intercepts
the 'jtp' phase. inserting a trace statement before calling a function.
For example, the instrumented Java code (as displayed by Jadx) looks like
this:

<snippet>
private boolean a(Context context, int i) {
    *System.out.println("<com.foobar.matrix.trace.core.AppMethodCall: void
i(int)>");*
    AppMethodCall.i(179814);
    if (i > 0) {
        String $r2 = q.d(context);
        *System.out.println("<c.t.m.c.q: boolean a(java.lang.String)>");*
        q.a($r2);
        String $r22 = q.h(context);
        *System.out.println("<c.t.m.c.q: boolean a(java.lang.String)>");*
        q.a($r22);
        *System.out.println("<c.t.m.c.q: void a()>");*
        q.a();
        f $r3 = f.a(context);
        *System.out.println("<c.t.m.c.f: void c()>");*
        $r3.c();
    }
    try {
        DexClassLoader $r4 = f.a(context).a();
        if ($r4 == null) {

*System.out.println("<java.lang.StringBuilder: void <init>()>");
System.out.println("<c.t.m.c.j: void a(java.lang.String)>");*
            j.a("class loader is null," + i);
            e $r6 = e.b();
            *System.out.println("<c.t.m.c.e: void
a(java.lang.String,java.lang.String)>");*
            $r6.a("LMI", "41");
            this.mInitStatus = 4;
            *System.out.println("<com.foobar.matrix.trace.core.AppMethodCall:
void o(int)>");*
            AppMethodCall.o(179814);
            return false;
        }
</snippet>

As can be seen, every *function call* is *preceded* by an instrumentation
println() outputting the to-be-called function name.

I would like to insert a single System.out.println("<function just
entered>") per function, as the first statement in the desired functions:

- What phase do I need intercept (e.g., 'jb', 'jtp')?

- What Soot calls need to be made to insert the trace statement as the
first statement in the function?

Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20200121/9e1424ff/attachment.html>

More information about the Soot-list mailing list