[angr] Load blob in x86 real mode

Ronny Chevalier chevalier.ronny at gmail.com
Mon Mar 7 07:05:11 PST 2016


On Mon, Mar 7, 2016 at 11:46 AM, Ronald Lai <pewpewsecure at gmail.com> wrote:
> Hi,

Hi,

>
> Is it possible to have the VEX lifter lift x86 in real mode? How would I go
> about loading a project configured for that?
>

VEX in its pure form does not support real mode, but we modified it so
that it have a minimal support. The minimal support was added to run a
BIOS that switch between real and protected mode, and for calling
specific functions.

To enable such feature you need to add DO_CCALLS as option to simuvex,
for example:
    import simuvex
    import angr
    simuvex.o.modes['fastpath'] |= {simuvex.s_options.DO_CCALLS}
    proj = angr.Project(your_binary_path)
    cfg = proj.analyses.CFG()
    simuvex.o.modes['fastpath'] ^= {simuvex.s_options.DO_CCALLS}

However, be aware that it is not fully supported and you might encounter bugs :)

Hope this helps!


More information about the angr mailing list