[angr] Questioin

Andrew Dutcher andrew at andrewdutcher.com
Wed Apr 12 11:00:48 PDT 2017


It sounds like you're trying to analyze THUMB code. You need to specify an
odd address, with its lowest bit set, to specify that angr should analyze
the code at that address in THUMB mode. This is an artifact of the libVEX
lifter.

On Mon, Apr 10, 2017 at 5:57 AM, Yan <yeddayan at 163.com> wrote:

> Hi angr group,
>    Thank you for your brilliant work and kind answers, which helped me a
> great deal.
>    Here is a problem I met when I was using angr to construct CFGAccurate
> of android native libraries: The binary code at the address I started to
> construct the CFG is "F0 B5",which was an ARM instruction and was
> disassembled  to "PUSH {R4-R7,LR}" by IDA. But the CFG I got only contained
> one node which is [<CFGNode PathTerminator (0x407e38) [0]>] .Then I used
> factory.block to lift the code directly,and the result of _vex was as
> follows:
> *IRSB {*
> *   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32 t4:Ity_I32 t5:Ity_I32
> t6:Ity_I32 t7:Ity_I32*
>
> *   00 | ------ IMark(0x407e38, 0, 0) ------*
> *   NEXT: PUT(pc) = 0x00407e38; Ijk_NoDecode*
> *}*
>     I can't figure out why that happened? Could that be some instructions
> of particular architectures can't be parsed properly...presumably?
>     Thank you very much if you may spare your precious time to help me to
> solve the problem.
>
> Yours,
> Huiying Yan
>
>
>
>
>
> _______________________________________________
> angr mailing list
> angr at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/angr
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20170412/e9be72a6/attachment.html>


More information about the angr mailing list