Skip to content

Abstract library to generate angr states from a debugger state

License

Notifications You must be signed in to change notification settings

andreafioraldi/angrdbg

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

angrdbg

Abstract library to generate angr states from a debugger state

Works with both angr 7 and 8.

Install

pip install angrdbg

Windows

Before installing angrdbg you must install Visual C++ Redistributable Packages for Visual Studio 2013.

Then type in the command prompt:

py -m pip install capstone-windows
py -m pip install angrdbg

Usage

The library uses an abstract class, Debugger, to be agnostic from the debugger api.

The user must implement a derived class, see abstract_debugger.py to view the methods that must be implemented.

After this register an instance of the derived class with the register_debugger function.

To create an angr state from the current debugger state use StateShot.

Api

StateShot

Return an angr state from the current debug session state.

StateManager

A wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.

Methods
  • instance.sim(key, size) create a symbolic value on a register or on a memory address (size is optional)
  • instance[key] get a register or a memory value
  • instance.simulation_manager() create an angr simulation manager based on the state
  • instance.to_dbg(found_state) transfer to the debugger state the evaluated value of the symbolic value created before with sim

note: memory values are the same that are returned by state.mem[addr]

Managing the Project

load_project and reload_project are used to get or lazily create a project based on the current debugger state.

Memory type

The memory type defines how angrdbg get the memory from the debugger and from the cle backer. Use get_memory_type to know what the active one.

You can change the memory type with set_memory_type.

  • SIMPROCS_FROM_CLE import only not-stubs simprocedures in the got from the cle backer (defaut)
  • ONLY_GOT_FROM_CLE import the entire got from the cle backer
  • USE_CLE_MEMORY import memory from the cle backer firstly
  • GET_ALL_DISCARD_CLE full debugger memory mode (the only avaiable for PE at the moment)

Frontends

Cite

Thesis PDF.

Bibtex:

@misc{fioraldi2020symbolic,
    title={Symbolic Execution and Debugging Synchronization},
    author={Andrea Fioraldi},
    year={2020},
    eprint={2006.16601},
    archivePrefix={arXiv},
    primaryClass={cs.CR}
}

About

Abstract library to generate angr states from a debugger state

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages