Abstract library to generate angr states from a debugger state
Works with both angr 7 and 8.
pip install angrdbg
Before installing angrdbg you must install Visual C++ Redistributable Packages for Visual Studio 2013.
Then type in the command prompt:
py -m pip install capstone-windows
py -m pip install angrdbg
The library uses an abstract class, Debugger
, to be agnostic from the debugger api.
The user must implement a derived class, see abstract_debugger.py to view the methods that must be implemented.
After this register an instance of the derived class with the register_debugger
function.
To create an angr state from the current debugger state use StateShot
.
Return an angr state from the current debug session state.
A wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.
instance.sim(key, size)
create a symbolic value on a register or on a memory address (size is optional)instance[key]
get a register or a memory valueinstance.simulation_manager()
create an angr simulation manager based on the stateinstance.to_dbg(found_state)
transfer to the debugger state the evaluated value of the symbolic value created before with sim
note: memory values are the same that are returned by state.mem[addr]
load_project
and reload_project
are used to get or lazily create a project based on the current debugger state.
The memory type defines how angrdbg get the memory from the debugger and from the cle backer. Use get_memory_type
to know what the active one.
You can change the memory type with set_memory_type
.
SIMPROCS_FROM_CLE
import only not-stubs simprocedures in the got from the cle backer (defaut)ONLY_GOT_FROM_CLE
import the entire got from the cle backerUSE_CLE_MEMORY
import memory from the cle backer firstlyGET_ALL_DISCARD_CLE
full debugger memory mode (the only avaiable for PE at the moment)
Thesis PDF.
Bibtex:
@misc{fioraldi2020symbolic,
title={Symbolic Execution and Debugging Synchronization},
author={Andrea Fioraldi},
year={2020},
eprint={2006.16601},
archivePrefix={arXiv},
primaryClass={cs.CR}
}