[Soot-list] How to change AndroidInstrument.java to trace function enterings?

Moshe Rubin moshe.rubin at gmail.com
Fri Jan 24 03:43:28 EST 2020 

I was able to solve my own question, and plan on posting my solution to
this mailing list next week. I just wanted to tell the group so no one will
investigate it unnecessarily.

Thanks

On Tue, Jan 21, 2020 at 10:30 PM Moshe Rubin <moshe.rubin at gmail.com> wrote:

> Using Soot I would like to instrument a subset of functions of an Android
> APK, by outputting the function's name on entry.  I'm basing my code on the
> AndroidInstrument.java source file as detailed on the page "Instrumenting
> Android Apps with Soot" (
> https://github.com/Sable/soot/wiki/Instrumenting-Android-Apps-with-Soot)
> and found at
> https://raw.githubusercontent.com/wiki/Sable/soot/code/androidinstr/AndroidInstrument.java_.txt
> .
>
> Building and running AndroidInstrument.java shows that the app intercepts
> the 'jtp' phase. inserting a trace statement before calling a function.
> For example, the instrumented Java code (as displayed by Jadx) looks like
> this:
>
> <snippet>
> private boolean a(Context context, int i) {
>     *System.out.println("<com.foobar.matrix.trace.core.AppMethodCall:
> void i(int)>");*
>     AppMethodCall.i(179814);
>     if (i > 0) {
>         String $r2 = q.d(context);
>         *System.out.println("<c.t.m.c.q: boolean a(java.lang.String)>");*
>         q.a($r2);
>         String $r22 = q.h(context);
>         *System.out.println("<c.t.m.c.q: boolean a(java.lang.String)>");*
>         q.a($r22);
>         *System.out.println("<c.t.m.c.q: void a()>");*
>         q.a();
>         f $r3 = f.a(context);
>         *System.out.println("<c.t.m.c.f: void c()>");*
>         $r3.c();
>     }
>     try {
>         DexClassLoader $r4 = f.a(context).a();
>         if ($r4 == null) {
>
> *System.out.println("<java.lang.StringBuilder: void <init>()>");
>   System.out.println("<c.t.m.c.j: void a(java.lang.String)>");*
>             j.a("class loader is null," + i);
>             e $r6 = e.b();
>             *System.out.println("<c.t.m.c.e: void
> a(java.lang.String,java.lang.String)>");*
>             $r6.a("LMI", "41");
>             this.mInitStatus = 4;
>             *System.out.println("<com.foobar.matrix.trace.core.AppMethodCall:
> void o(int)>");*
>             AppMethodCall.o(179814);
>             return false;
>         }
> </snippet>
>
> As can be seen, every *function call* is *preceded* by an instrumentation
> println() outputting the to-be-called function name.
>
> I would like to insert a single System.out.println("<function just
> entered>") per function, as the first statement in the desired functions:
>
> - What phase do I need intercept (e.g., 'jb', 'jtp')?
>
> - What Soot calls need to be made to insert the trace statement as the
> first statement in the function?
>
> Thanks in advance
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20200124/3095cdc5/attachment.html>

More information about the Soot-list mailing list