Taintdroid 4.3 source code
In dalvik.system.Taint.cpp,there are many functions for adding taint like this.
static void Dalvik_dalvik_system_Taint_addTaintByteArray(const u4* args,
JValue* pResult)
{
ArrayObject *arr = (ArrayObject *) args[0];
u4 tag = args[1];
if (arr) {
arr->taint.tag |= tag;
}
RETURN_VOID();
}
static void Dalvik_dalvik_system_Taint_addTaintInt(const u4* args,
JValue* pResult)
{
u4 val = args[0];
u4 tag = args[1]; /* the tag to add */
u4* rtaint = (u4*) &args[2]; /* pointer to return taint tag */
u4 vtaint = args[3]; /* the existing taint tag on val */
*rtaint = (vtaint | tag);
RETURN_INT(val);
}
I have 2 questions about it.
1,Why can it do forced type conversion ? from byte[] to ArrayObject? //ArrayObject *arr = (ArrayObject *) args[0];
2,How to return a value with taint tag by pResult? //RETURN_INT(val);
Thanks in advance!