1. Advisor
  2. archr
  3. functions
  4. archr.arsenal.angrStateBow
View all archr analysis

How to use the archr.arsenal.angrStateBow function in archr

To help you get started, we’ve selected a few archr examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / archr / tests / test_angr_tracing.py View on Github external
def test_angr_tracing(self):
        target = archr.targets.LocalTarget(os.path.join(test_location, '../../binaries/tests/x86_64/true'))
        dsb = archr.arsenal.DataScoutBow(target)
        apb = archr.arsenal.angrProjectBow(target, dsb)
        asb = archr.arsenal.angrStateBow(target, apb)
        qtb = archr.arsenal.QEMUTracerBow(target)

        trace = qtb.fire()
        p = apb.fire()
        s = asb.fire()
        tech = trace.tracer_technique()
        simgr = p.factory.simulation_manager(s)
        simgr.use_technique(tech)
        simgr.run()

        assert len(simgr.traced) == 1
github angr / archr / tests / test_bow_angr.py View on Github external
def angr_checks(self, t):
        dsb = archr.arsenal.DataScoutBow(t)
        apb = archr.arsenal.angrProjectBow(t, dsb)
        asb = archr.arsenal.angrStateBow(t, apb)
        project = apb.fire()
        assert all(obj.binary.startswith("/tmp") for obj in project.loader.all_elf_objects[1:])
        state = asb.fire()
        initial_stack = state.solver.eval(state.memory.load(state.regs.rsp, 200), cast_to=bytes)
        assert b"ARCHR=YES" in initial_stack

        assert state.solver.eval_one(state.posix.brk == apb._mem_mapping['[heap]'])
        assert state.solver.eval_one((state.regs.sp + 0xfff) & ~claripy.BVV(0xfff, project.arch.bits) == apb._mem_mapping['[stack-end]'])

        # now screw with the memory map
        apb._mem_mapping['[stack-end]'] = 0x1337000
        state = asb.fire()
        assert state.solver.eval_one((state.regs.sp + 0xfff) & ~claripy.BVV(0xfff, project.arch.bits) == apb._mem_mapping['[stack-end]'])
        project.loader.close()
github angr / rex / rex / crash.py View on Github external
input_sock = SimPreconstrainedFileStream(
                    preconstraining_handler=self._preconstrain_file,
                    name="aeg_tcp_in_%d" % i,
                    ident='aeg_stdin_%d' % i
                )
                output_sock = SimFileStream(name="aeg_tcp_out_%d" % i)
                socket_queue.append([input_sock, output_sock])
        else:
            stdin_file = SimPreconstrainedFileStream(
                preconstraining_handler=self._preconstrain_file,
                name='stdin',
                ident='aeg_stdin'
            )
        self._preconstraining_input_data = input_data

        state_bow = archr.arsenal.angrStateBow(self.target, self.angr_project_bow)
        initial_state = state_bow.fire(
            mode='tracing',
            add_options=add_options,
            remove_options=remove_options,
        )

        # initialize other settings
        initial_state.register_plugin('posix', SimSystemPosix(
            stdin=stdin_file,
            stdout=SimFileStream(name='stdout'),
            stderr=SimFileStream(name='stderr'),
            argc=initial_state.posix.argc,
            argv=initial_state.posix.argv,
            environ=initial_state.posix.environ,
            auxv=initial_state.posix.auxv,
            socket_queue=socket_queue,
github angr / rex / rex / crash.py View on Github external
input_sock = SimPreconstrainedFileStream(
                    preconstraining_handler=self._preconstrain_file,
                    name="aeg_tcp_in_%d" % i,
                    ident='aeg_stdin_%d' % i
                )
                output_sock = SimFileStream(name="aeg_tcp_out_%d" % i)
                socket_queue.append([input_sock, output_sock])
        else:
            stdin_file = SimPreconstrainedFileStream(
                preconstraining_handler=self._preconstrain_file,
                name='stdin',
                ident='aeg_stdin'
            )
        self._preconstraining_input_data = input_data

        state_bow = archr.arsenal.angrStateBow(self.target, self.angr_project_bow)
        initial_state = state_bow.fire(
            mode='tracing',
            add_options=add_options,
            remove_options=remove_options,
        )

        # initialize other settings
        initial_state.register_plugin('posix', SimSystemPosix(
            stdin=stdin_file,
            stdout=SimFileStream(name='stdout'),
            stderr=SimFileStream(name='stderr'),
            argc=initial_state.posix.argc,
            argv=initial_state.posix.argv,
            environ=initial_state.posix.environ,
            auxv=initial_state.posix.auxv,
            socket_queue=socket_queue,

archr

Target-centric program analysis.

GitHub
BSD-2-Clause
Latest version published 7 days ago

Package Health Score

75 / 100
Full package analysis

Popular archr functions

Similar packages