[angr] pypy & CFG()

Fish Wang fish.thss at gmail.com
Tue Nov 7 02:58:15 PST 2017


It's a PyPy issue. PyPy's Python-C binding behaves differently from the CPython's native Python-C binding.

I think we submitted a patch to capstone to fix a similar issue before, and was merged to master. Is there any chance that you are using an old version of capstone?

Best,
Fish

> -----Original Message-----
> From: angr [mailto:angr-bounces at lists.cs.ucsb.edu] On Behalf Of Patrick
> Harsdorf
> Sent: Tuesday, November 7, 2017 5:40 PM
> To: angr at lists.cs.ucsb.edu
> Subject: [angr] pypy & CFG()
> 
> Hey guys,
> 
> I may have found a bug in angr/capstone/pypy?
> 
> I run p.analyses.CFG() on the sakura binary from HITCON 2017 quals.
> https://github.com/ymgve/ctf-writeups/blob/master/hitcon2017quals/rev-sakur
> a/sakura-fdb3c896d8a3029f40a38150b2e30a79?raw=true
> 
> This works fine with python 2.7 but breaks with pypy.
> Both virtualenvs use angr 7.7.9.21 and capstone 3.0.4
> 
> Also angr is awesome. Thanks!
> Patrick
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> (a)➜  sakura python --version
> Python 2.7.12
> (a)➜  sakura pip list --format=freeze | grep angr
> angr==7.7.9.21
> 
> 
> (p)➜  sakura python --version
> Python 2.7.10 (5.1.2+dfsg-1~16.04, Jun 16 2016, 17:37:42)
> [PyPy 5.1.2 with GCC 5.3.1 20160413]
> (p)➜  sakura pip list --format=freeze | grep angr
> angr==7.7.9.21
> 
> 
> 
> 
> 
> (p)➜  sakura python s_angr.py
> WARNING | 2017-11-07 10:04:08,547 | cle.loader | The main binary is a
> position-independent executable. It is being loaded with a base address
> of 0x400000.
> Traceback (most recent call last):
>   File "s_angr.py", line 88, in <module>
>     main()
>   File "s_angr.py", line 58, in main
>     deadends = find_deadends(p)
>   File "s_angr.py", line 46, in find_deadends
>     cfg = p.analyses.CFG()
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/analysis.py",
> line 96, in make_analysis
>     oself.__init__(*args, **kwargs)
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg.py", line
> 58, in __init__
>     CFGFast.__init__(self, **kwargs)
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
> line 810, in __init__
>     self._analyze()
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/forward_analysis.py",
> line 507, in _analyze
>     self._post_analysis()
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
> line 1360, in _post_analysis
>     self._remove_redundant_overlapping_blocks()
>   File
> "/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
> line 2537, in _remove_redundant_overlapping_blocks
>     insns = block.capstone.insns
>   File "/home/user/.virtualenvs/p/site-packages/angr/block.py", line
> 159, in capstone
>     for cs_insn in cs.disasm(self.bytes, self.addr):
>   File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
> line 821, in disasm
>     yield CsInsn(self, all_insn[i])
>   File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
> line 424, in __init__
>     self._raw = copy_ctypes(all_info)
>   File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
> line 417, in copy_ctypes
>     ctypes.pointer(dst)[0] = src
>   File "/usr/lib/pypy/lib_pypy/_ctypes/pointer.py", line 117, in __setitem__
>     self._subarray(index)[0] = cobj._get_buffer_value()
> TypeError: 'StructureInstance' object does not support item assignment
> 
> _______________________________________________
> angr mailing list
> angr at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/angr




More information about the angr mailing list