[angr] Simple static disassembly

Dimitrios Tatsis dtouch3d at gmail.com
Fri May 12 15:30:27 PDT 2017


Hey,

You can use the hook[1] API for that. You can pass the address to hook directly,
or use hook_symbol() to hook a known exported symbol. This will probably be what
you are looking for.

As for iterating through all instructions, you could get the CFG[2] and use the
function manager to traverse all the basic blocks with "func.blocks". Then
disassembling with capstone should be straightforward.

-- dtouch3d

[1]: https://docs.angr.io/docs/simprocedures.html
[2]: https://docs.angr.io/docs/analyses/cfg_accurate.html


On 05/12/2017 03:37 PM, Patrick v. Harsdorf wrote:
> Hi guys,
> 
> How would I go about some mundane programmatic static disassembly tasks
> with angr?
> 
> E.g.:
> 
> - Iterate over all instructions in all functions (e.g. to identify
> functions with syscall instructions)
> 
> - find all places e.g. __memcpy_chk() gets called (so I can hook them)
> 
> I did not find any examples for stuff like that.
> 
> 
> Thanks!
> 
> Patrick
> 
> 
> 
> 
> _______________________________________________
> angr mailing list
> angr at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/angr
> 


More information about the angr mailing list