[angr] memory write tracking

alessandro mantovani alk13 at hotmail.it
Thu Mar 22 06:42:12 PDT 2018


Hi all,

I'm implementing a script to detect all the memory write operations which modify an address which is then executed (i.e. the mechanism behind the packers). The code I wrote works as follows:

1) I set a breakpoint for each 'mem_write' with an action func which stores the attribute 'mem_write_address' (through 'state.inspect.mem_write_address') into a list

2) I continue execution. For each step() , I check that the current ip matches with an address contained in the list (i.e. if the current ip is an address which has been written before)

Unfortunately it doesn't work and I think that it could be a problem related to the symbolic representation of the state. I attach a script so that you can see the code I just explained.

Thanks,

elmanto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20180322/584700e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: track_execution_example.py
Type: text/x-python
Size: 561 bytes
Desc: track_execution_example.py
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20180322/584700e3/attachment.py>


More information about the angr mailing list