Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andreafioraldi/angrdbg

Abstract library to generate angr states from a debugger state
https://github.com/andreafioraldi/angrdbg

angr concrete debugger synchronization

Last synced: 2 months ago
JSON representation

Abstract library to generate angr states from a debugger state

Host: GitHub
URL: https://github.com/andreafioraldi/angrdbg
Owner: andreafioraldi
License: bsd-2-clause
Created: 2018-05-10T11:35:07.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2020-07-05T09:00:39.000Z (over 4 years ago)
Last Synced: 2024-09-21T14:19:51.696Z (4 months ago)
Topics: angr, concrete, debugger, synchronization
Language: Python
Size: 85 KB
Stars: 58
Watchers: 11
Forks: 15
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # angrdbg

Abstract library to generate angr states from a debugger state

Works with both angr 7 and 8.

## Install

```

pip install angrdbg

```

### Windows

Before installing angrdbg you must install Visual C++ Redistributable Packages for Visual Studio 2013.

Then type in the command prompt:

```

py -m pip install capstone-windows

py -m pip install angrdbg

```

## Usage

The library uses an abstract class, `Debugger`, to be agnostic from the debugger api.

The user must implement a derived class, see [abstract_debugger.py](angrdbg/abstract_debugger.py) to view the methods that must be implemented.

After this register an instance of the derived class with the `register_debugger` function.

To create an angr state from the current debugger state use `StateShot`.

## Api

#### StateShot

Return an angr state from the current debug session state.

#### StateManager

A wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.

##### Methods

+ `instance.sim(key, size)`        create a symbolic value on a register or on a memory address (size is optional)

+ `instance[key]`                  get a register or a memory value

+ `instance.simulation_manager()`  create an angr simulation manager based on the state

+ `instance.to_dbg(found_state)`   transfer to the debugger state the evaluated value of the symbolic value created before with sim

note: memory values are the same that are returned by `state.mem[addr]`

##### Managing the Project

`load_project` and `reload_project` are used to get or lazily create a project based on the current debugger state.

#### Memory type

The memory type defines how angrdbg get the memory from the debugger and from the cle backer. Use `get_memory_type` to know what the active one.

You can change the memory type with `set_memory_type`.

+ `SIMPROCS_FROM_CLE` import only not-stubs simprocedures in the got from the cle backer (defaut)

+ `ONLY_GOT_FROM_CLE` import the entire got from the cle backer

+ `USE_CLE_MEMORY` import memory from the cle backer firstly

+ `GET_ALL_DISCARD_CLE` full debugger memory mode (the only avaiable for PE at the moment)

## Frontends

+ GDB -> [angrgdb](https://github.com/andreafioraldi/angrgdb)

+ IDA Pro debugger -> [IDAngr](https://github.com/andreafioraldi/IDAngr)

+ radare2 -> [r2angrdbg](https://github.com/andreafioraldi/r2angrdbg)

## Cite

Thesis [PDF](https://arxiv.org/pdf/2006.16601.pdf).

Bibtex:

```

@misc{fioraldi2020symbolic,

    title={Symbolic Execution and Debugging Synchronization},

    author={Andrea Fioraldi},

    year={2020},

    eprint={2006.16601},

    archivePrefix={arXiv},

    primaryClass={cs.CR}

}

```