-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to load external library and sync it? #24
Comments
Here is my code _avatar_gdb_target = ArmVMGDBConcreteTarget(avatar2.archs.arm.ARM, self.TARGET_HOSTNAME, _host_gdbserver_port)
self.target = '/tmp/squashfs-root/usr/sbin/httpd'
force_load_libs = ['/tmp/squashfs-root/usr/lib/libnvram.so']
_project = angr.Project(self.target, concrete_target=_avatar_gdb_target, ld_path=ld_path, use_sim_procedures=True)
for _load_lib in force_load_libs:
_project.loader.dynamic_load(_load_lib)
self._current_state = _entry_state = _project.factory.entry_state()
self.run_concretly(["nvram_get"]) # break at nvram_get in libnvram
self.sync_state()
_current_simgr = _project.factory.simgr(self._current_state.copy(), save_unconstrained=True, save_unsat=True)
_succ_path = _current_simgr.copy().step()
# _succ_path.errored will be No bytes in memory for block starting at 0xf7f03ae4.
_succ_path_active_states = _succ_path.active
def sync_state(self, wait_time=1):
"""
sync state from concrete in gdbserver
:return:
"""
new_state = self._current_state
# FIXME wait target hang
time.sleep(wait_time)
new_state.concrete.sync()
self._current_state = new_state |
I also tried |
Can you try to step a few instructions into the concrete process (i.e., set a breakpoint at the beginning) and grab the concrete state? |
I can step a few instruction into concrete process and grab the concrete state successfully(I checked in GDB remote, instructions are valid ). But I failed to use the step via |
I use
current_state.concrete.sync()
to sync data from gdb target. But the library of the target didn't sync.How can I load external library and sync the library memory to angr project?
I tried:
It works!
But when I use simstate to step
succ_path.active is empty, and succ_path.errored:
SimEngineError State errored with "No bytes in memory for block starting at 0xf7f03ae4."
The text was updated successfully, but these errors were encountered: