1. Advisor
  2. angr
  3. functions
  4. angr.state_plugins.plugin.SimStatePlugin
View all angr analysis

How to use the angr.state_plugins.plugin.SimStatePlugin function in angr

To help you get started, we’ve selected a few angr examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / angr / angr / storage / memory.py View on Github external
    @SimStatePlugin.memo
    def copy(self, memo): # pylint: disable=unused-argument
        r = RegionMap(is_stack=self.is_stack)

        # A shallow copy should be enough, since we never modify any RegionDescriptor object in-place
        r._address_to_region_id = self._address_to_region_id.copy()
        r._region_id_to_address = self._region_id_to_address.copy()

        return r
github angr / angr / angr / state_plugins / cgc.py View on Github external
def __init__(self):
        SimStatePlugin.__init__(self)

        self.allocation_base = 0xb8000000
        self.time = 0

        self.max_allocation = 0x10000000

        # CGC error codes
        self.EBADF = 1
        self.EFAULT = 2
        self.EINVAL = 3
        self.ENOMEM = 4
        self.ENOSYS = 5
        self.EPIPE = 6

        # other CGC constants
        self.FD_SETSIZE = 1024
github angr / angr / angr / state_plugins / javavm_memory.py View on Github external
    @SimStatePlugin.memo
    def copy(self, memo): # pylint: disable=unused-argument
        return SimJavaVmMemory(
            memory_id=self.id,
            stack=[stack_frame.copy() for stack_frame in self._stack],
            heap=self.heap.copy(),
            vm_static_table=self.vm_static_table.copy(),
            load_strategies=[s.copy() for s in self.load_strategies],
            store_strategies=[s.copy() for s in self.store_strategies]
        )
github fabros / angr-antievasion / angr_antievasion / paranoid_plugin.py View on Github external
from angr.state_plugins.plugin import SimStatePlugin
from win32_patches import TICKS_PER_MS


class ParanoidPlugin(SimStatePlugin):
    """
        This state plugin keeps track of various paranoid stuff that may be checked during malware evasion
    """

    def __init__(self):
        SimStatePlugin.__init__(self)
        self.tsc = 50 * 1000 * 60 * TICKS_PER_MS  # init tick count ~= 50 minutes
        self.last_error = 0  # should be thread-local, but angr does NOT currently support threads
        self.open_regkeys = {}  # handle -> string id

    def copy(self):
        c = ParanoidPlugin()
        c.tsc = self.tsc
        c.last_error = self.last_error
        c.open_regkeys = self.open_regkeys.copy()  # shallow copy should be enough (handles don't change target)
        return c
github angr / angr / angr / state_plugins / symbolizer.py View on Github external
    @SimStatePlugin.memo
    def copy(self, memo): # pylint: disable=unused-argument
        sc = SimSymbolizer()
        sc._symbolize_all = self._symbolize_all
        sc.symbolization_target_pages = set(self.symbolization_target_pages)
        sc.ignore_target_pages = set(self.ignore_target_pages)
        sc.symbolized_count = self.symbolized_count
        sc._LE_FMT = self._LE_FMT
        sc._BE_FMT = self._BE_FMT
        sc._min_addr = self._min_addr
        sc._max_addr = self._max_addr
        sc.page_symbols = dict(sc.page_symbols)
        return sc
github angr / angr / angr / storage / memory.py View on Github external
self.endness = endness

        # was this store done?
        self.completed = False

        # stuff that's determined during handling
        self.actual_addresses = None
        self.constraints = [ ]

        self.stored_values = None

    def _adjust_condition(self, state):
        self.condition = state._adjust_condition(self.condition)


class SimMemory(SimStatePlugin):
    """
    Represents the memory space of the process.
    """
    def __init__(self, endness=None, abstract_backer=None, stack_region_map=None, generic_region_map=None):
        SimStatePlugin.__init__(self)
        self.id = None
        self.endness = "Iend_BE" if endness is None else endness

        # Boolean or None. Indicates whether this memory is internally used inside SimAbstractMemory
        self._abstract_backer = abstract_backer

        #
        # These are some performance-critical thresholds
        #

        # The maximum range of a normal write operation. If an address range is greater than this number,
github angr / angr / angr / state_plugins / globals.py View on Github external
import logging

from .plugin import SimStatePlugin

l = logging.getLogger(name=__name__)


class SimStateGlobals(SimStatePlugin):
    def __init__(self, backer=None):
        super(SimStateGlobals, self).__init__()
        self._backer = backer if backer is not None else {}

    def set_state(self, state):
        pass

    def merge(self, others, merge_conditions, common_ancestor=None): # pylint: disable=unused-argument

        for other in others:
            for k in other.keys():
                if k not in self:
                    self[k] = other[k]

        return True
github angr / angr / angr / state_plugins / unicorn_engine.py View on Github external
l.info('native plugin is enabled')

        return h
    except (OSError, AttributeError) as e:
        l.warning('failed loading "%s", unicorn support disabled (%s)', libfile, e)
        raise ImportError("Unable to import native SimUnicorn support") from e

try:
    _UC_NATIVE = _load_native()
    #_UC_NATIVE.logSetLogLevel(2)
except ImportError:
    _UC_NATIVE = None


class Unicorn(SimStatePlugin):
    '''
    setup the unicorn engine for a state
    '''

    UC_CONFIG = {} # config cache for each arch

    def __init__(
        self,
        syscall_hooks=None,
        cache_key=None,
        unicount=None,
        symbolic_var_counts=None,
        symbolic_inst_counts=None,
        concretized_asts=None,
        always_concretize=None,
        never_concretize=None,
github angr / angr / angr / state_plugins / inspect.py View on Github external
shell = IPython.terminal.embed.InteractiveShellEmbed()
            shell.mainloop(display_banner="This is an ipython shell for you to happily debug your state!\n" + \
                           "The state can be accessed through the variable 'state'. You can\n" +\
                           "make modifications, then exit this shell to resume your analysis.")
        else:
            self.action(state)

    def __repr__(self):
        return "" % \
               (self.when, self.kwargs, "no" if self.condition is None else "with", "no" if self.action is None
               else "with")

from .plugin import SimStatePlugin


class SimInspector(SimStatePlugin):
    """
    The breakpoint interface, used to instrument execution. For usage information, look here:
    https://docs.angr.io/core-concepts/simulation#breakpoints
    """
    BP_AFTER = BP_AFTER
    BP_BEFORE = BP_BEFORE
    BP_BOTH = BP_BOTH

    def __init__(self):
        SimStatePlugin.__init__(self)
        self._breakpoints = { }
        for t in event_types:
            self._breakpoints[t] = [ ]

        for i in inspect_attributes:
            setattr(self, i, None)
github angr / angr / angr / state_plugins / solver.py View on Github external
    @SimStatePlugin.memo
    def copy(self, memo): # pylint: disable=unused-argument
        return type(self)(solver=self._solver.branch(), all_variables=self.all_variables, temporal_tracked_variables=self.temporal_tracked_variables, eternal_tracked_variables=self.eternal_tracked_variables)

angr

A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries

GitHub
BSD-2-Clause
Latest version published 7 days ago

Package Health Score

88 / 100
Full package analysis

Popular angr functions

Similar packages