search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.89k stars 708 forks source link

Resolved field is null Exception #866

Open mjblackhorse opened 6 years ago

mjblackhorse commented 6 years ago

I tried to use soot to analyse an apk, but encountered the following exception.

Exception in thread "Thread-7" Exception in thread "main" Resolved field is null: in unit: $r5 = in body: private void (android.os.Parcel) { com.wsi.android.framework.routes.InrixRoutesRequestOptions $r0; android.os.Parcel $r1; com.wsi.android.framework.settings.MeasurementUnitsSystem $r3; java.util.List $r4; com.google.android.gms.maps.model.i $r5; int $i0; java.io.Serializable $r6; java.util.ArrayList r7; android.os.Parcelable$Creator r8; $r0 := @this: com.wsi.android.framework.routes.InrixRoutesRequestOptions; $r1 := @parameter0: android.os.Parcel; specialinvoke $r0.<java.lang.Object: void ()>(); r7 = new java.util.ArrayList; specialinvoke r7.<java.util.ArrayList: void ()>(); $r0. = r7; $r0. = 0; $r0. = -1; $r0. = -1; $r3 = ; $r0. = $r3; r7 = new java.util.ArrayList; specialinvoke r7.<java.util.ArrayList: void ()>(); $r0. = r7; $r4 = $r0.; $r5 = ; r8 = (android.os.Parcelable$Creator) $r5; virtualinvoke $r1.<android.os.Parcel: void readTypedList(java.util.List,android.os.Parcelable$Creator)>($r4, r8); $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $r6 = virtualinvoke $r1.<android.os.Parcel: java.io.Serializable readSerializable()>(); $r3 = (com.wsi.android.framework.settings.MeasurementUnitsSystem) $r6; $r0. = $r3; return; } CREATOR> in body: private void (android.os.Parcel) { com.wsi.android.framework.routes.InrixRoutesRequestOptions $r0; android.os.Parcel $r1; com.wsi.android.framework.settings.MeasurementUnitsSystem $r3; java.util.List $r4; com.google.android.gms.maps.model.i $r5; int $i0; java.io.Serializable $r6; java.util.ArrayList r7; android.os.Parcelable$Creator r8; $r0 := @this: com.wsi.android.framework.routes.InrixRoutesRequestOptions; $r1 := @parameter0: android.os.Parcel; specialinvoke $r0.<java.lang.Object: void ()>(); r7 = new java.util.ArrayList; specialinvoke r7.<java.util.ArrayList: void ()>(); $r0. = r7; $r0. = 0; $r0. = -1; $r0. = -1; $r3 = ; $r0. = $r3; r7 = new java.util.ArrayList; specialinvoke r7.<java.util.ArrayList: void ()>(); $r0. = r7; $r4 = $r0.; $r5 = ; r8 = (android.os.Parcelable$Creator) $r5; virtualinvoke $r1.<android.os.Parcel: void readTypedList(java.util.List,android.os.Parcelable$Creator)>($r4, r8); $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $i0 = virtualinvoke $r1.<android.os.Parcel: int readInt()>(); $r0. = $i0; $r6 = virtualinvoke $r1.<android.os.Parcel: java.io.Serializable readSerializable()>(); $r3 = (com.wsi.android.framework.settings.MeasurementUnitsSystem) $r6; $r0. = $r3; return; } at soot.jimple.validation.FieldRefValidator.validate(FieldRefValidator.java:50) at soot.jimple.JimpleBody.validate(JimpleBody.java:115) at soot.jimple.JimpleBody.validate(JimpleBody.java:98) at soot.baf.BafBody.(BafBody.java:88) at soot.baf.Baf.newBody(Baf.java:560) at soot.PackManager.convertJimpleBodyToBaf(PackManager.java:1036) at soot.PackManager.runBodyPacks(PackManager.java:991) at soot.PackManager.access$000(PackManager.java:112) at soot.PackManager$1.run(PackManager.java:620) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

The source code for analyzing is

public class Demo { static Logger log = LoggerFactory.getLogger(Demo.class); public void handleService(List services, String apk, String start_bind) { synchronized (Scene.v()) { soot.G.reset(); Options.v().set_whole_program(true); Options.v().set_allow_phantom_refs(true); Options.v().set_android_api_version(26); // prefer Android APK files// -src-prec apk Options.v().set_src_prec(Options.src_prec_apk);

        Options.v().set_android_jars("E:\\IDE\\Android\\sdk\\platforms");
        Options.v().set_process_dir(Collections.singletonList(apk));

        // resolve the PrintStream and System soot-classes
        Scene.v().addBasicClass("java.io.PrintStream", SootClass.SIGNATURES);
        Scene.v().addBasicClass("java.lang.System", SootClass.SIGNATURES);
        Scene.v().addBasicClass("android.graphics.ColorFilter", SootClass.SIGNATURES);
        Scene.v().addBasicClass("com.google.android.gms.tagmanager.bq", SootClass.HIERARCHY);
        Options.v().setPhaseOption("cg.spark", "on");
        Scene.v().loadNecessaryClasses();
        LinkedList<SootMethod> entrypoints = new LinkedList<SootMethod>();
        for (String clsname : services) {
            SootClass scls = Scene.v().loadClassAndSupport(clsname);
            scls.setApplicationClass();
            if (start_bind.equals("start")) {
                try {
                    SootMethod method = scls.getMethodByName("onStart");
                    entrypoints.add(method);
                } catch (Exception e) {

                    log.debug(e.getMessage());
                }
                try {
                    SootMethod method = scls.getMethodByName("onStartCommand");
                    entrypoints.add(method);
                } catch (Exception e) {

                    log.debug(e.getMessage());
                    System.out.println();
                }
            }
        }
        Scene.v().setEntryPoints(entrypoints);
        final List<SootMethod> entryPoints = Scene.v().getEntryPoints();
        PackManager.v().runPacks();
    }
}

public static void main(String[] args) {
    LinkedList<String> services = new LinkedList<String>();
    services.add("com.jakewharton.processphoenix.ProcessPhoenix");
    String apk = "Apps/com.barringtontv.android.kgbt.apk";
    Demo finder = new Demo();
    finder.handleService(services, apk, "start");
}

}

public class CallGraphFetcher extends SceneTransformer {

    public CallGraph callGraph;

    @Override
    protected void internalTransform(String phaseName, Map options) {
        CHATransformer.v().transform();
        System.out.println("CallGraphFetcher.internalTransform() fetching call graph from scene");
        this.callGraph = Scene.v().getCallGraph();
    }

    public CallGraph getCallGraph() {
        return callGraph;
    }
}

The apk is attached. com.barringtontv.android.kgbt.zip

I am not sure is this an issue of soot or is there something wrong of my settings and configurations.

pavanupb commented 5 years ago

Could you please post the command line you are using to analyze the apk