{"id":13389818,"url":"https://github.com/andreafioraldi/IDAngr","last_synced_at":"2025-03-13T14:32:02.381Z","repository":{"id":86885123,"uuid":"120510442","full_name":"andreafioraldi/IDAngr","owner":"andreafioraldi","description":"Use angr in the IDA Pro debugger generating a state from the current debug session","archived":false,"fork":false,"pushed_at":"2020-07-22T15:30:00.000Z","size":31607,"stargazers_count":270,"open_issues_count":3,"forks_count":30,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-02-26T08:42:25.594Z","etag":null,"topics":["angr","concrete","debugger","execution","gui","ida","ida-plugin","ida-pro","idapython","plugin","symbolic","symbolic-execution"],"latest_commit_sha":null,"homepage":"https://andreafioraldi.github.io/IDAngr/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreafioraldi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-02-06T19:12:37.000Z","updated_at":"2025-02-25T17:18:19.000Z","dependencies_parsed_at":"2023-05-29T17:15:41.877Z","dependency_job_id":null,"html_url":"https://github.com/andreafioraldi/IDAngr","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FIDAngr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FIDAngr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FIDAngr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FIDAngr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreafioraldi","download_url":"https://codeload.github.com/andreafioraldi/IDAngr/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422615,"owners_count":20288491,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angr","concrete","debugger","execution","gui","ida","ida-plugin","ida-pro","idapython","plugin","symbolic","symbolic-execution"],"created_at":"2024-07-30T13:01:34.234Z","updated_at":"2025-03-13T14:32:01.217Z","avatar_url":"https://github.com/andreafioraldi.png","language":"Python","readme":"# IDAngr\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"http://andreafioraldi.altervista.org/idangr.png\"\u003e\n\u003c/p\u003e\n\nUse [angr](https://github.com/angr/angr) in the IDA Pro debugger generating a state from the current debug session.\n\n\u003e it works only with x86/x86_64 ELF binaries on linux at the moment\n\nIDAngr needs [angrdbg](https://github.com/andreafioraldi/angrdbg) installed in the same machine of IDA or in a remote machine.\n\n`python2 -m pip install angrdbg`\n\nIDAngr can run only with angr 7 at the moment because IDAPython is only Python 2.\n\n## GUI\n\nThe idangr_gui.py script must be loaded during the debug.\n\nIDAngr adds a panel with a self explanatory interface.\n\nYou can set find/avoid addresses and symbolic memory directly from the context menu in the IDA View.\n\nExplore other useful context menus in the panel with the rigth-click on items.\n\n[![youtube_img](/images/youtube.png)](https://www.youtube.com/watch?v=orFYI9C1KqE)\n\n## Plugin \n\nYou can install indagr as a plugin (see [INSTALL.md](INSTALL.md)), to activate it press Ctrl+Alt+I.\n\n## Api\n\nIDAngr implements the angrdbg api in the IDA debugger.\n\nUse `idangr.init(is_remote=False, host=None, port=None, use_pin=False)` to setup the library environment and access to the angrdbg api at the beginning of everything.\nWhen `is_remote` is True the plugin will connect to a remote angrdbg server (start it on the remote machine using `python -m angrdbg`).\nYou must set `use_pin` to True if you are connected to Intel Pin with a [PinTool compatible with IDAngr](https://github.com/andreafioraldi/IDAngr-PinTool) (this problably does not work when using remote angrdbg).\n\n`idangr.is_initialized()` can be used in a script to check if init must be called or not.\n\n#### StateShot\n\nReturn an angr state from the current debug session state.\n\n#### StateManager\n\nA wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.\n\n##### Methods\n+ `instance.sim(key, size)`        create a symbolic value on a register or on a memory address (size is optional)\n+ `instance[key]`                  get a register or a memory value\n+ `instance.simulation_manager()`  create an angr simulation manager based on the state\n+ `instance.to_dbg(found_state)`   transfer to the debugger state the evaluated value of the symbolic value created before with sim\n\nnote: memory values are the same that are returned by `state.mem[addr]`\n\nA more detailed description of the Api can be found in the [angrdbg](https://github.com/andreafioraldi/angrdbg) repo and in my [Bachelor thesis](https://github.com/andreafioraldi/bsc-thesis).\n\n#### hook_lib_funcs\n\nTry to hook functions that are recognized by IDA as inserted by the compiler to the corrispondent simprocedure if present.\n\n## Example\n\n```python\nPython\u003esm = StateManager()\nPython\u003esm.sim(\"edi\")\nPython\u003esm.sim(\"esi\")\nPython\u003em = sm.simulation_manager()\nPython\u003em.explore(avoid=0x04005D5, find=0x00004005BC)\n\u003cSimulationManager with 1 found, 3 avoid\u003e\nPython\u003eidc.GetRegValue(\"edi\")\n0\nPython\u003eidc.GetRegValue(\"esi\")\n5\nPython\u003esm.to_dbg(m.found[0])\nPython\u003eidc.GetRegValue(\"edi\")\n2\nPython\u003eidc.GetRegValue(\"esi\")\n0\n```\n\nSee [examples](https://github.com/andreafioraldi/IDAngr/tree/master/examples) folder.\n\n## Other Debuggers\n\nIf you want to use angr in other debuggers looks at [angrdbg](https://github.com/andreafioraldi/angrdbg)\n\nI'va also made an almost equal plugin for GDB: [angrgdb](https://github.com/andreafioraldi/angrgdb)\n\n## TODO\n+ add support to angr data dependence graph integration in the ida view\n+ add an iphyton shell to manually change the value in the gui\n+ add a taint engine based on intel pin\n\n## Cite\n\nThesis [PDF](https://arxiv.org/pdf/2006.16601.pdf).\n\nBibtex:\n```\n@misc{fioraldi2020symbolic,\n    title={Symbolic Execution and Debugging Synchronization},\n    author={Andrea Fioraldi},\n    year={2020},\n    eprint={2006.16601},\n    archivePrefix={arXiv},\n    primaryClass={cs.CR}\n}\n```\n","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2FIDAngr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreafioraldi%2FIDAngr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2FIDAngr/lists"}