[angr] memory write tracking
zardus at gmail.com
Thu Mar 22 09:09:31 PDT 2018
Can you elaborate? "It doesn't work" doesn't give us enough information to
go on, and we don't have time to investigate.
>From a quick look at your script, I would start by looking at what the
values are in your list, and what your eip is.
On Thu, Mar 22, 2018 at 6:42 AM, alessandro mantovani <alk13 at hotmail.it>
> Hi all,
> I'm implementing a script to detect all the memory write operations which
> modify an address which is then executed (i.e. the mechanism behind the
> packers). The code I wrote works as follows:
> 1) I set a breakpoint for each 'mem_write' with an action func which
> stores the attribute 'mem_write_address' (through 'state.inspect.mem_write_address')
> into a list
> 2) I continue execution. For each step() , I check that the current ip
> matches with an address contained in the list (i.e. if the current ip is an
> address which has been written before)
> Unfortunately it doesn't work and I think that it could be a problem
> related to the symbolic representation of the state. I attach a script so
> that you can see the code I just explained.
> angr mailing list
> angr at lists.cs.ucsb.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the angr