[angr] Fwd: The problem to analysis the linux kernel module

Andrew Dutcher andrew at andrewdutcher.com
Thu Oct 6 20:55:51 PDT 2016


Hi, sorry for not getting back to you sooner.

Theoretically, angr can load any file in the ELF format. However, in
practice there are some issues with the relocations present in kernel
objects. A user on github is working on adding support for them, see
https://github.com/angr/cle/pull/24

Thanks,
- Andrew

On Thu, Oct 6, 2016 at 8:44 PM, Donghai <donghaitad at gmail.com> wrote:

>
> ---------- Forwarded message ----------
> From: Donghai <donghaitad at gmail.com>
> Date: Fri, Sep 30, 2016 at 4:31 PM
> Subject: The problem to analysis the linux kernel module
> To: angr at lists.cs.ucsb.edu
>
>
> Hi Angr team,
>
> I ran into some analysis problem with latest development version.
>
> The code is very simple as follows:
>
> import angr
> proj = angr.Project('./8139too.ko')
> cfg = proj.analyses.CFG()
>
> The target kernel module is attached.
>
> The error information is as follows:
>
> Traceback (most recent call last):
>   File "ta1.py", line 2, in <module>
>     proj = angr.Project('./8139too.ko')
>   File "/home/zhujun/Envs/angr-dev/angr/angr/project.py", line 107, in
> __init__
>     self.loader = cle.Loader(self.filename, **load_options)
>   File "/home/zhujun/Envs/angr-dev/cle/cle/loader.py", line 103, in
> __init__
>     self._perform_reloc(self.main_bin)
>   File "/home/zhujun/Envs/angr-dev/cle/cle/loader.py", line 391, in
> _perform_reloc
>     reloc.relocate(([self.main_bin] if self.main_bin is not obj else [])
> + dep_objs + [obj])
>   File "/home/zhujun/Envs/angr-dev/cle/cle/backends/relocations/__init__.py",
> line 140, in relocate
>     self.owner_obj.memory.write_addr_at(self.dest_addr, self.value)
>   File "/home/zhujun/Envs/angr-dev/cle/cle/backends/relocations/generic.py",
> line 15, in value
>     return self.resolvedby.rebased_addr + self.addend
>   File "/home/zhujun/Envs/angr-dev/cle/cle/backends/relocations/__init__.py",
> line 82, in addend
>     return self.owner_obj.memory.read_addr_at(self.addr, orig=True)
>   File "/home/zhujun/Envs/angr-dev/cle/cle/memory.py", line 186, in
> read_addr_at
>     return struct.unpack(self._arch.struct_fmt(),
> ''.join(self.read_bytes(where, self._arch.bytes, orig=orig)))[0]
>   File "/home/zhujun/Envs/angr-dev/cle/cle/memory.py", line 116, in
> read_bytes
>     b.append(self.get_byte(i, orig=orig))
>   File "/home/zhujun/Envs/angr-dev/cle/cle/memory.py", line 87, in
> get_byte
>     raise KeyError(k)
> KeyError: 11056
>
> Can angr load the kernel module?
>
>
>
> Thanks,
> Donghai
>
>
> _______________________________________________
> angr mailing list
> angr at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/angr
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20161006/1fe62476/attachment.html>


More information about the angr mailing list