How to use the angr.state_plugins.sim_action.SimActionData function in angr
To help you get started, we’ve selected a few angr examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / angr / engines / vex / expressions / get.py View on Github 
def SimIRExpr_Get(_, state, expr):
size_in_bits = get_type_size(expr.ty)
size = size_in_bits // state.arch.byte_width
# get it!
result = state.registers.load(expr.offset, size)
if expr.type.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state, state.registers.id, SimActionData.READ, addr=expr.offset,
size=size_in_bits, data=result
)
state.history.add_action(r)
return resultsize_in_bits = get_type_size(expr.descr.elemTy)
size = size_in_bits // state.arch.byte_width
array_base = expr.descr.base
array_index = (ix + expr.bias) % expr.descr.nElems
offset = array_base + array_index*size
# get it!
result = state.registers.load(offset, size)
if expr.descr.elemTy.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state, state.registers.id, SimActionData.READ, addr=offset, size=size_in_bits, data=result)
state.history.add_action(r)
return resultdef _perform_vex_expr_RdTmp(self, tmp):
result = super()._perform_vex_expr_RdTmp(tmp)
# finish it and save the tmp reference
if o.TRACK_TMP_ACTIONS in self.state.options:
r = SimActionData(self.state, SimActionData.TMP, SimActionData.READ, tmp=tmp, size=self.irsb.tyenv.sizeof(tmp), data=result)
self.state.history.add_action(r)
a = frozenset((r,))
else:
a = self.__tmp_deps.get(tmp, frozenset())
return result, aif o.DO_LOADS not in state.options:
# only do the load if, uh, we have to
result = state.solver.Unconstrained("load_expr_%#x_%d" % (state.scratch.ins_addr, state.scratch.stmt_idx), size_bits)
else:
# load from memory and fix endianness
result = state.memory.load(addr, size, endness=expr.endness)
if expr.type.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the mem read
if o.TRACK_MEMORY_ACTIONS in state.options:
addr_ao = SimActionObject(addr, deps=addr_actions, state=state)
r = SimActionData(state, state.memory.id, SimActionData.READ, addr=addr_ao, size=size_bits, data=result)
state.history.add_action(r)
return resultdef check_for_constraint(self):
actions = [x for x in self.state.history.actions]
for action in actions:
if type(
action
) == angr.state_plugins.sim_action.SimActionData and action.actual_value is not None:
value_str = self.state.se.eval(action.actual_value,
cast_to=bytes).decode(
'utf-8', 'ignore')
value_print_str = ''.join(
(c if c in string.printable else '' for c in value_str))
value_hex = hex(self.state.se.eval(action.actual_value))
value_address = str(action.actual_addrs).replace(
"[", "").replace("]", "").replace("L", "")
value_address = int(value_address)
if "`ls`" in value_str or "`reboot`" in value_str:
return (True, value_str, value_address)
for x, y, z in self.state.globals['args']:
value_str = self.state.se.eval(z, cast_to=bytes).decode(
'utf-8', 'ignore')
value_print_str = ''.join(
(c if c in string.printable else '' for c in value_str))# first resolve the address and record stuff
with state.history.subscribe_actions() as addr_deps:
addr = engine._handle_expression(state, stmt.addr)
# now get the value and track everything
with state.history.subscribe_actions() as data_deps:
data = engine._handle_expression(state, stmt.data)
expr = data.raw_to_bv()
# track the write
if o.TRACK_MEMORY_ACTIONS in state.options:
data_ao = SimActionObject(expr, deps=data_deps, state=state)
addr_ao = SimActionObject(addr, deps=addr_deps, state=state)
size_ao = SimActionObject(len(data))
a = SimActionData(state, SimActionData.MEM, SimActionData.WRITE, data=data_ao, size=size_ao, addr=addr_ao)
state.history.add_action(a)
else:
a = None
# Now do the store (if we should)
if o.DO_STORES in state.options:
state.memory.store(addr, data, action=a, endness=stmt.endness)"""
self.state._inspect('tmp_write', BP_BEFORE, tmp_write_num=tmp, tmp_write_expr=content)
tmp = self.state._inspect_getattr('tmp_write_num', tmp)
content = self.state._inspect_getattr('tmp_write_expr', content)
if o.SYMBOLIC_TEMPS not in self.state.options:
# Non-symbolic
self.temps[tmp] = content
else:
# Symbolic
self.state.add_constraints(self.temps[tmp] == content)
# get the size, and record the write
if o.TRACK_TMP_ACTIONS in self.state.options:
data_ao = SimActionObject(content, reg_deps=reg_deps, tmp_deps=tmp_deps, deps=deps, state=self.state)
r = SimActionData(self.state, SimActionData.TMP, SimActionData.WRITE, tmp=tmp, data=data_ao, size=content.length)
self.state.history.add_action(r)
self.state._inspect('tmp_write', BP_AFTER)
def SimIRStmt_StoreG(engine, state, stmt):
with state.history.subscribe_actions() as addr_deps:
addr = engine.handle_expression(state, stmt.addr)
with state.history.subscribe_actions() as data_deps:
data = engine.handle_expression(state, stmt.data)
expr = data.raw_to_bv()
with state.history.subscribe_actions() as guard_deps:
guard = engine.handle_expression(state, stmt.guard)
if o.TRACK_MEMORY_ACTIONS in state.options:
data_ao = SimActionObject(expr, deps=data_deps, state=state)
addr_ao = SimActionObject(addr, deps=addr_deps, state=state)
guard_ao = SimActionObject(guard, deps=guard_deps, state=state)
size_ao = SimActionObject(len(expr))
a = SimActionData(state, state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, condition=guard_ao, size=size_ao)
state.history.add_action(a)
else:
a = None
state.memory.store(addr, expr, condition=guard == 1, endness=stmt.end, action=a)def SimIRStmt_Put(engine, state, stmt):
# value to put
with state.history.subscribe_actions() as data_deps:
data = engine.handle_expression(state, stmt.data)
# track the put
if o.TRACK_REGISTER_ACTIONS in state.options:
data_ao = SimActionObject(data, deps=data_deps, state=state)
size_ao = SimActionObject(len(data))
a = SimActionData(state, SimActionData.REG, SimActionData.WRITE, addr=stmt.offset, data=data_ao, size=size_ao)
state.history.add_action(a)
else:
a = None
# do the put (if we should)
if o.DO_PUTS in state.options:
state.registers.store(stmt.offset, data, action=a)angr
A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
Package Health Score
88 / 100Popular angr functions
- angr.analyses.AnalysesHub.register_default
- angr.analyses.identifier.func.TestData
- angr.errors
- angr.errors.AngrError
- angr.errors.SimMemoryError
- angr.errors.SimMergeError
- angr.errors.SimValueError
- angr.exploration_techniques
- angr.options
- angr.Project
- angr.sim_options
- angr.SIM_PROCEDURES
- angr.sim_state.SimState
- angr.sim_state.SimState.register_default
- angr.sim_type.SimTypeInt
- angr.SimProcedure
- angr.SimState
- angr.state_plugins.plugin.SimStatePlugin
- angr.state_plugins.sim_action.SimActionData
- angr.storage.memory_object.SimMemoryObject