Questions tagged [angr]

Questions addressing the platform-agnostic binary analysis framework angr. Use together with python-tag.

Angr is a suite of Python 3 libraries that let you load binary data and treat it in different ways:

Disassembly and intermediate-representation lifting
Program instrumentation
Symbolic execution
Control-flow analysis
Data-dependency analysis
Value-set analysis (VSA)
Decompilation

38 questions

vote

1 answer

Error when I'm trying to install angr on OS X

When I try to install angr I get this error: >> pip install angr > Collecting angr > Using cached angr-7.7.9.21.tar.gz > Collecting ana (from angr) > Using cached ana-0.03.zip > Collecting bintrees (from angr) > Using…

python macos angr

asked Dec 02 '17 at 23:49

LOGA

vote

1 answer

In angr, how to Load and Analyze a binary file that only contains function instructions, not a ELF file

I have some binary files, each of them contain instructions of a function, (may be a little more in the end). The begining of the file is also the start point of the function. This files were extracted from a ELF file.The platform is arm64. So, how…

reverse-engineering angr

asked Feb 13 '17 at 09:05

Swing

vote

1 answer

Why can't I install angr-z3 using pip on Windows when Python is 64-bit?

It says the module machine type doesn't match; why? (Note: This is a self-answered question; see below.)

python pip 64-bit z3 angr

asked Jan 15 '16 at 11:37

user541686

205,094
128
528
886

votes

0 answers

How Can I execute a function in angr using concrete value?

In Angr, I have a code like this #include typedef struct A_struct { int data1; int data2; } A; void bar(A* a){ a->data2 += 1; } void foo(A* a) { a->data1 += 1; bar(a); } int main() { A a; a.data1 =…

reverse-engineering angr symbolic-execution

asked Jul 24 '23 at 19:51

damaoooo

votes

1 answer

angr - project.loader.find_symbol("main") does not works on Windows

I have very simple C code - compiled on MSVC using clang++ compiler. When I am running it under angr environment - it simply does not finds main() function, while it can do so for other things like strcmp etc. Also, the same program when run under…

reverse-engineering angr

asked Jun 12 '23 at 07:44

ultimate cause

2,264
4
27
44

votes

1 answer

angr and claripy: defining non-contiguos constraints

I'm playing with angr and I'm trying to constraint my input to printable chars. I did it in the "well-known" way like this: import angr import claripy base_addr = 0x800000 proj = angr.Project("binary", main_opts={'base_addr':…

z3 angr

asked Apr 19 '23 at 16:03

cips

votes

0 answers

pip install angr: ERROR: Could not build wheels for pyvex, which is required to install pyproject.toml-based projects

When I install angr according to the instructions, the following error occurs: ImportError:…

python pip angr

asked Apr 16 '23 at 14:34

kiki Shao

votes

0 answers

Angr considers REP instruction as the end of a basic block

I'm developing a python script for Angr that has to find all the basic blocks present in each function in a binary. I have noticed that Angr splits the basic blocks when he finds a REP instruction, I'm wondering if I can tell Angr to not split basic…

python disassembly angr

asked Mar 16 '23 at 15:31

Luca

votes

0 answers

Memory leak in angr

I have a project where i try disassemble with the help of angr a bunch of executables but i have a memory leak. This is the main function where i have a while like this: def main(): mypath =…

python angr

asked Feb 18 '23 at 14:48

Baroj

votes

0 answers

Angr for a HTB challenge, no solution found

I'm new to RE. I'm trying to solve a HackTheBox challenge called RAuth, with angr. I understand how to analyze and solve this challenge differently, without angr, but I really want to understand what is wrong with my angr script, or maybe what is…

reverse-engineering angr

asked Jan 13 '23 at 08:03

niksa

votes

0 answers

Simulate global variable access with Claripy

I need to simulate this decompiled line of code in a Python script using claripy as solver engine, *(ulong *)(global_variable + (ulong)((uint)local_variable[local_inedx + 1] & 1) * 8) global_variable is basically an array cointaining a 0 and an…

security z3 ctf symbolic-execution angr

asked Dec 26 '22 at 14:30

batodev

votes

0 answers

Step to a specific address in angr

I'm trying to use angr to explore possible execution states from a point in a program that I know will be reached. My program takes an optional text input file as an argument, which I am providing. I can't get the simulation manager to the known…

angr

asked Dec 23 '22 at 05:38

Jousboxx

votes

1 answer

Clean Angr disassemble output

I'm developing a python script for Angr that has to print as output something in the form of: Instruction_disassembled opcode_bytes_of_instruction This is my python script: f = open(sys.argv[2], 'w') base_addr = 0x100000 p =…

python reverse-engineering disassembly angr

asked Nov 16 '22 at 08:51

Luca

votes

0 answers

Angr warnings. Remove this

How I can remove this "WARNING"s ? In [7]: simgr.step() WARNING | 2022-10-10 12:07:49,364 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing memory with an unspecified value. This could indicate unwanted behavior. WARNING |…

symbolic-math angr

asked Oct 10 '22 at 09:18

TossSky

votes

1 answer

angr strcmp cannot work when length >= 60

Why angr cannot solve the problem when the length >= 60? I just get one deadended. When I check only g[66], the answer is correct.But I cannot get the forked state when using strcmp with length more than 59. solve.py import angr import claripy p =…

c python-3.x angr

asked Feb 14 '22 at 17:08

TSW

Prev 1

3 Next