[angr] Help with angr

Niddodi, Chaitra chaitra at illinois.edu
Sun Mar 11 14:14:48 PDT 2018

I'm trying to use angr to get the list of syscalls from the binary of a simple C code. However, there are no syscalls listed in the output.

This is my test code:


Where am I going wrong ?


From: Audrey Dutcher [audrey at rhelmot.io]
Sent: Wednesday, February 14, 2018 3:24 PM
To: Niddodi, Chaitra
Cc: angr at lists.cs.ucsb.edu
Subject: Re: [angr] Help with angr

Of course - you can just add an instrumentation breakpoint (SimInspect) on syscalls, and you'll be notified whenever there's a syscall. However, "exploring all paths" is rarely a feasible analysis option due to the number of paths being exponential with respect to the number of branches. You could control this state explosion via an exploration technique that decides how to explore the state space, but you may run into issues with environment support - if the decision to call one syscall is based on the output of another syscall for which angr doesn't have a model implemented, that syscall will appear impossible to reach.

On Tue, Feb 13, 2018 at 7:30 PM, Niddodi, Chaitra <chaitra at illinois.edu<mailto:chaitra at illinois.edu>> wrote:

I have a quick question. Using angr, can I get the list of all possible system calls by exploring all paths in the binary?


angr mailing list
angr at lists.cs.ucsb.edu<mailto:angr at lists.cs.ucsb.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20180311/2c600b19/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot (185).png
Type: image/png
Size: 30855 bytes
Desc: Screenshot (185).png
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20180311/2c600b19/attachment-0001.png>

More information about the angr mailing list