Questions tagged [angr]
angr is a Python binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish. project URL: https://github.com/angr/angr
38
questions
1
vote
0
answers
52
views
Argument section recovery for binaries
I am developing a static analysis automation tool to help me on CTFs. It would be nice for me to discover from where a certain argument of certain functions is coming from (does it come from a ...
- 11
0
votes
0
answers
28
views
Get WinAPI's parameters with angr
First, sorry for my bad english.
I want to make my script to parse PE binary and find some specific API's parameters value automatically.
For example,
.text:000000014002DF60 48 89 5C 24 08 ...
- 63
1
vote
0
answers
163
views
Analyse a statically linked binary and extract syscall from it using angr
How to extract all syscalls from analysing a statically linked binary.
I have a script written using angr(Latest - v9.2.78) but when I start my script I get few syscalls and the analysis is like hung ...
- 11
2
votes
0
answers
163
views
Angr with 'No bytes in memory for block starting at'
I am playing with the project here: https://github.com/foreverbell/angr-rust-example
After running make solve, I cannot get the desired output.
I added print(sm.errored) to the end of the script and ...
- 21
1
vote
0
answers
104
views
angr - project.loader.find_symbol("main") does not works
I have very simple C code - compiled on MSVC using clang++ compiler. When I am running it under angr environment - it simply does not finds main() function, while it can do so for other things like ...
- 121
2
votes
0
answers
78
views
Angr considers REP instruction as the end of a basic block
I'm developing a python script for angr that has to find all the basic blocks present in each function in a binary. I have noticed that angr splits the basic blocks when it finds a REP instruction, I'...
- 121
2
votes
0
answers
73
views
Why the global string varable exploitation using angr doesn't work?
To learn the angr module, I have made a simple C code like follows.
test.c
#include <stdio.h>
#include <string.h>
char input[6];
int main(void)
{
scanf("%s", input);
...
- 55
2
votes
1
answer
78
views
Why did I have gotten only null bytes argv variable from angr?
I have made simple program to test the angr.
My python code is here.
import angr
import claripy
p=angr.Project('./test2')
buf=claripy.BVS('buf', 8*10)
initial_state=p.factory.entry_state(args=[&...
- 55
2
votes
1
answer
125
views
Clean Angr disassemble output
I'm developing a python script for Angr that has to print as output something in the form of:
Instruction_disassembled opcode_bytes_of_instruction
This is my python script:
f = open(sys....
- 121
2
votes
0
answers
47
views
How to get the APIs present in a particular block in a CFG using Angr?
I'm doing binary analysis based on Control Flow Graph (CFG). As I suppose to get the APIs from every block in the CFG. I'm finding it very difficult to do so using Angr as I don't have enough grip on ...
- 39
1
vote
1
answer
295
views
Using Angr's Claripy to bruteforce a number
I'm trying to bruteforce an address as part of a CTF challenge using Angr's Claripy.
The function is the following:
unsigned __int64 __fastcall sub_555555555310(
unsigned __int64 rand_addr,
...
- 13
0
votes
1
answer
547
views
How can valid inputs be generated using the simulation manager in angr?
I have a binary compiled for x86_64 that looks like this:
#include <stdio.h>
#include <string.h>
void options(char *input) {
if (strcmp(input, "A") == 0) {
printf(&...
- 105
5
votes
0
answers
438
views
Using angr as a pure concrete emulator
I am able to successfully run my target binary under Qiling, an emulator that supplements Unicorn with hooks for system libraries. I would like to do the same thing under angr. I don't need any ...
- 267
1
vote
0
answers
460
views
Symbolic gloabal variables in angr
I am learning angr and for that I wrote a code containing two global variables.
char pwd[8];
char flag[16];
int main()
{
printf("\n\nEnter your password and the flag: ");
...
- 11
1
vote
1
answer
378
views
Proper workflow for x64dbg to Angr?
I am trying to use Angr to reverse engineer a plugin for an application. This plugin is loaded via DLL by the main application. To debug, I use x64dbg to attach to the main application exe. I then set ...
- 21