[angr] question about C
zardus at gmail.com
Mon May 9 14:04:14 PDT 2016
Maybe you didn't get our previous replies. Here they are.
First, from Fish:
When performing symbolic execution, angr-management lacks a lot of useful
feedbacks. I would suggest you use angr from IPython or a .py file and do
symbolic execution, and see what sort of warnings/errors you get from
there. Post whatever error you get and we can see what’s going on.
In general, the SimProcedure _isoc99_scanf works for simple parameters. If
your parameters are complex, angr cannot handle it.
Then, my followup:
As an elaboration:
When a SimProcedure can't handle enough complexity (i.e., the case here
with scanf), you can avoid using the SimProcedure. This is done by setting
the `use_sim_procedures` flag to False when creating the Project. You can
also avoid using specific SimProcedures (i.e., just scanf) by passing in a
list of exclusions through the `exclude_sim_procedures_list` parameter. Of
course, the whole point of SimProcedures is to reduce the analysis
complexity, so you might then find that your analysis undergoes a path
explosion. Adding some constraints on the input ahead of time will help
Hope that helped!
On Thu, May 5, 2016 at 12:50 AM, Mohammad Reza Dehghani Tafti <
dehghani735 at gmail.com> wrote:
> I am a student at SBU of I.R.Iran.
> I am using your interesting tool for a couple of days. I have tested the
> fauxware program and seen its symbolic execution.
> But when I want to change the code to what i want, the angr-management
> doesn't execute its symbolic execution and it shows nothing when i press
> "Step PG Until Branch" button.
> I think that it is because the functions that i use. for example when i
> input from console with scanf it doesn't work.
> What is the reason and what is solution.
> Thanks a lot.
> angr mailing list
> angr at lists.cs.ucsb.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the angr