[angr] memory write tracking

Yan zardus at gmail.com
Thu Mar 22 09:09:31 PDT 2018


Hello,

Can you elaborate? "It doesn't work" doesn't give us enough information to
go on, and we don't have time to investigate.

>From a quick look at your script, I would start by looking at what the
values are in your list, and what your eip is.

- Yan

On Thu, Mar 22, 2018 at 6:42 AM, alessandro mantovani <alk13 at hotmail.it>
wrote:

> Hi all,
>
> I'm implementing a script to detect all the memory write operations which
> modify an address which is then executed (i.e. the mechanism behind the
> packers). The code I wrote works as follows:
>
> 1) I set a breakpoint for each 'mem_write' with an action func which
> stores the attribute 'mem_write_address' (through 'state.inspect.mem_write_address')
> into a list
>
> 2) I continue execution. For each step() , I check that the current ip
> matches with an address contained in the list (i.e. if the current ip is an
> address which has been written before)
>
> Unfortunately it doesn't work and I think that it could be a problem
> related to the symbolic representation of the state. I attach a script so
> that you can see the code I just explained.
>
> Thanks,
>
> elmanto
>
> _______________________________________________
> angr mailing list
> angr at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/angr
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cs.ucsb.edu/pipermail/angr/attachments/20180322/8880a7d4/attachment.html>


More information about the angr mailing list