1 Dex File Poisoning Access 2 ========================= 3 4 These set of executables are useful for condensing large amounts of memory reads 5 of Dex Files into smaller, split pieces of information. Two kinds of information 6 are provided: 7 1. Visualizing what part of a Dex File is being accessed at what time 8 as a graph 9 2. Ordering stack traces by most commonly occurring 10 Both of these kinds of information can be split up further by providing category 11 names as arguments. A trace is put into a category if the category name is a 12 substring of the symbolized trace. 13 14 How: 15 ====== 16 These set of tools work in conjunction with the class 17 DexFileTrackingRegistrar, which marks sections of Dex Files as poisoned. As Dex 18 Files are marked for poisoning, their starting addresses are logged in logcat. 19 In addition, when poisoned sections of memory are accesses, their stack trace is 20 also outputted to logcat. 21 22 sanitizer_logcat_analysis.sh is the main executable that will use the other two 23 in order to give both types of information. The other two are used in some of 24 the intermediary steps which are described in sanitizer_logcat_analysis.sh, 25 though they can also be executed individually if provided the necessary input. 26 27 Why: 28 ====== 29 30 The main reason for splitting the functionality across multiple files is because 31 sanitizer_logcat_analysis.sh uses external executable development/scripts/stack. 32 This is necessary in order to get symbolized traces from the output given by 33 Address Sanitizer. 34 35 How to Use: 36 37 sanitizer_logcat_analysis.sh at minimum requires all logcat output in the form 38 of a file. Additional options specified below are useful for removing 39 unnecessary trace information. 40 41 =========================================================================== 42 Usage: sanitizer_logcat_analysis.sh [options] [LOGCAT_FILE] [CATEGORIES...] 43 -a 44 Forces all pids associated with registered dex 45 files in the logcat to be processed. 46 default: only the last pid is processed 47 48 -b [DEX_FILE_NUMBER] 49 Outputs data for the specified baksmali 50 dump if -p is provided. 51 default: first baksmali dump in order of dex 52 file registration 53 54 -d OUT_DIRECTORY 55 Puts all output in specified directory. 56 If not given, output will be put in a local 57 temp folder which will be deleted after 58 execution. 59 60 -e 61 All traces will have exactly the same number 62 of categories which is specified by either 63 the -m argument or by prune_sanitizer_output.py 64 65 -f 66 Forces redo of all commands even if output 67 files exist. Steps are skipped if their output 68 exist already and this is not enabled. 69 70 -m [MINIMUM_CALLS_PER_TRACE] 71 Filters out all traces that do not have 72 at least MINIMUM_CALLS_PER_TRACE lines. 73 default: specified by prune_sanitizer_output.py 74 75 -o [OFFSET],[OFFSET] 76 Filters out all Dex File offsets outside the 77 range between provided offsets. 'inf' can be 78 provided for infinity. 79 default: 0,inf 80 81 -p [PACKAGE_NAME] 82 Using the package name, uses baksmali to get 83 a dump of the Dex File format for the package. 84 85 -t [TIME_OFFSET],[TIME_OFFSET] 86 Filters out all time offsets outside the 87 range between provided offsets. 'inf' can be 88 provided for infinity. 89 default: 0,inf 90 91 CATEGORIES are words that are expected to show in 92 a large subset of symbolized traces. Splits 93 output based on each word. 94 95 LOGCAT_FILE is the piped output from adb logcat. 96 =========================================================================== 97 98 99 100 101
