[angr] identifying statically- and/or dynamically-linked library calls

Hira Agrawal hagrawal at appcomsci.com
Tue May 3 13:06:24 PDT 2016

How do I use angr to identify calls to statically- and/or dynamically 
linked library functions in a binary? I want to find all Vex statements 
that call functions such read, fread, getc, fgetc, scanf, etc., in a 
binary, so I can use angr's VSA_DDG analysis to find all other 
statements that directly or indirectly depend upon such calls.

IDA employs its FLIRT technology to identify statically linked library 
functions. Is there an analogous technique in angr?

For dynamically linked library functions, binaries often contain thunk 
"functions" that end with an indirect jump via an entry in a table 
stored in the data segment. Is there a way in angr to identify such 
calls and their target library functions?


-- Hira

More information about the angr mailing list