Skip to content
/ angrdbg Public

Abstract library to generate angr states from a debugger state

License

BSD-2-Clause license
59 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andreafioraldi/angrdbg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
angrdbg
angrdbg
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

angrdbg

Abstract library to generate angr states from a debugger state

Works with both angr 7 and 8.

Install

pip install angrdbg

Windows

Before installing angrdbg you must install Visual C++ Redistributable Packages for Visual Studio 2013.

Then type in the command prompt:

py -m pip install capstone-windows
py -m pip install angrdbg

Usage

The library uses an abstract class, Debugger, to be agnostic from the debugger api.

The user must implement a derived class, see abstract_debugger.py to view the methods that must be implemented.

After this register an instance of the derived class with the register_debugger function.

To create an angr state from the current debugger state use StateShot.

Api

StateShot

Return an angr state from the current debug session state.

StateManager

A wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.

Methods
  • instance.sim(key, size) create a symbolic value on a register or on a memory address (size is optional)
  • instance[key] get a register or a memory value
  • instance.simulation_manager() create an angr simulation manager based on the state
  • instance.to_dbg(found_state) transfer to the debugger state the evaluated value of the symbolic value created before with sim

note: memory values are the same that are returned by state.mem[addr]

Managing the Project

load_project and reload_project are used to get or lazily create a project based on the current debugger state.

Memory type

The memory type defines how angrdbg get the memory from the debugger and from the cle backer. Use get_memory_type to know what the active one.

You can change the memory type with set_memory_type.

  • SIMPROCS_FROM_CLE import only not-stubs simprocedures in the got from the cle backer (defaut)
  • ONLY_GOT_FROM_CLE import the entire got from the cle backer
  • USE_CLE_MEMORY import memory from the cle backer firstly
  • GET_ALL_DISCARD_CLE full debugger memory mode (the only avaiable for PE at the moment)

Frontends

Cite

Thesis PDF.

Bibtex:

@misc{fioraldi2020symbolic,
    title={Symbolic Execution and Debugging Synchronization},
    author={Andrea Fioraldi},
    year={2020},
    eprint={2006.16601},
    archivePrefix={arXiv},
    primaryClass={cs.CR}
}

About

Abstract library to generate angr states from a debugger state

Topics

debugger synchronization concrete angr

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

59 stars

Watchers

11 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy