[angr] identifying statically- and/or dynamically-linked library calls
chrissalls5 at gmail.com
Fri May 6 18:19:52 PDT 2016
For dynamically linked binaries you might look at
On Fri, May 6, 2016 at 6:05 PM, Yan <zardus at gmail.com> wrote:
> Sorry about the late response; I was trying to be lazy and see if someone
> else would answer it :-)
> For statically linked binaries, the only thing we really have that can
> identify functions is probably the bindiff implementation (see
> `project.analyses.BinDiff`), by abusing it to detect functions similar to
> the function you want to identify. It's not really made for this, but could
> probably work. We don't have FLIRT itself implemented, though.
> The dynamic case is tricky.. I was going to say that you should use
> CFGFast to get all functions that end in a single indirect jump, but
> CFGFast probably won't support what you need. Fish, do you have any ideas?
> - Yan
> On Tue, May 3, 2016 at 1:06 PM, Hira Agrawal <hagrawal at appcomsci.com>
>> How do I use angr to identify calls to statically- and/or dynamically
>> linked library functions in a binary? I want to find all Vex statements
>> that call functions such read, fread, getc, fgetc, scanf, etc., in a
>> binary, so I can use angr's VSA_DDG analysis to find all other statements
>> that directly or indirectly depend upon such calls.
>> IDA employs its FLIRT technology to identify statically linked library
>> functions. Is there an analogous technique in angr?
>> For dynamically linked library functions, binaries often contain thunk
>> "functions" that end with an indirect jump via an entry in a table stored
>> in the data segment. Is there a way in angr to identify such calls and
>> their target library functions?
>> -- Hira
>> angr mailing list
>> angr at lists.cs.ucsb.edu
> angr mailing list
> angr at lists.cs.ucsb.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the angr