1. Advisor
  2. archr
  3. functions
  4. archr.arsenal.RRTracerBow
View all archr analysis

How to use the archr.arsenal.RRTracerBow function in archr

To help you get started, we’ve selected a few archr examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / rex / tests / broken_hammer_controller_docker.py View on Github external
def test_hammer_controller_rr_tracer():
    try:
        import trraces
    except ImportError:
        raise nose.SkipTest('need trraces')

    build_docker()

    t = archr.targets.DockerImageTarget('rex_tests:hammer_controller').build().start()
    tb = archr.arsenal.RRTracerBow(t, local_trace_dir='/tmp/rex_hammer_controller_trace', symbolic_fd=0)

    crash = rex.Crash(t, b"\x41"*120 + b'\n', aslr=False, tracer_bow=tb)

    exploit = crash.exploit()
    assert 'rop_chess_control' in exploit.arsenal
    exploit.arsenal['rop_chess_control'].script()
    exploit.arsenal['rop_chess_control'].script("x2.py")
github angr / archr / tests / test_bow_rr.py View on Github external
def get_ls_trace(self,t):
        crash = b"A" * 272
        b = archr.arsenal.RRTracerBow(t)
        res = b.fire(testcase=crash)
        print("Done! You can find your trace in {} (timed out?: {})".format(res.trace_dir.name, res.timed_out))
github angr / archr / tests / test_bow_rr.py View on Github external
def get_miniupnpd_trace(self,t):
        crash = b"A" * 272
        b = archr.arsenal.RRTracerBow(t)
        res = b.fire(testcase=crash)
        print("Done! You can find your trace in {} (timed out?: {})".format(res.trace_dir.name, res.timed_out))
github angr / rex / rex / crash.py View on Github external
# Prepare the initial state

        if pov_file is not None:
            test_case = TracerPoV(pov_file)
            channel = None
        else:
            input_data = self.crash
            channel = self.input_type_to_channel_type(self.input_type)
            if channel != "stdio":
                channel += ":0"
            test_case = input_data

        # collect a concrete trace
        save_core = True
        if isinstance(self.tracer_bow, archr.arsenal.RRTracerBow):
            save_core = False
        r = self.tracer_bow.fire(testcase=test_case, channel=channel, save_core=save_core)

        if save_core:
            # if a coredump is available, save a copy of all registers in the coredump for future references
            if r.core_path and os.path.isfile(r.core_path):
                tiny_core = TinyCore(r.core_path)
                self.core_registers = tiny_core.registers
            else:
                l.error("Cannot find core file (path: %s). Maybe the target process did not crash?",
                        r.core_path)

        if self.initial_state is None:
            self.initial_state = self._create_initial_state(input_data, cgc_flag_page_magic=cgc_flag_page_magic)

        simgr = self.project.factory.simulation_manager(

archr

Target-centric program analysis.

GitHub
BSD-2-Clause
Latest version published 7 days ago

Package Health Score

75 / 100
Full package analysis

Popular archr functions

Similar packages