Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to load external library and sync it? #24

Open
SteinsGatep001 opened this issue Jul 12, 2022 · 4 comments
Open

How to load external library and sync it? #24

SteinsGatep001 opened this issue Jul 12, 2022 · 4 comments
Assignees
@degrigis

Comments

@SteinsGatep001
Copy link

SteinsGatep001 commented Jul 12, 2022
edited
Loading

I use current_state.concrete.sync() to sync data from gdb target. But the library of the target didn't sync.
How can I load external library and sync the library memory to angr project?
I tried:

project = angr.Project("/squashfs-root/usr/sbin/httpd")
project.loader.dynamic_load("/squashfs-root/usr/lib/libnvram.so")
# it works
# [<ELF Object libnvram.so, maps [0x1500000:0x1522fdf]>,
# <ExternObject Object cle##externs, maps [0x1600000:0x16000e7]>]

It works!
But when I use simstate to step

succ_path = current_path.copy().step()
_succ_path_active_states = succ_path.active

succ_path.active is empty, and succ_path.errored:

SimEngineError
State errored with "No bytes in memory for block starting at 0xf7f03ae4."
@SteinsGatep001 SteinsGatep001 mentioned this issue Jul 12, 2022
Closed
@SteinsGatep001
Copy link
Author

Here is my code

	_avatar_gdb_target = ArmVMGDBConcreteTarget(avatar2.archs.arm.ARM, self.TARGET_HOSTNAME, _host_gdbserver_port)
	self.target = '/tmp/squashfs-root/usr/sbin/httpd'
	force_load_libs = ['/tmp/squashfs-root/usr/lib/libnvram.so']
	_project = angr.Project(self.target, concrete_target=_avatar_gdb_target, ld_path=ld_path, use_sim_procedures=True)
	for _load_lib in force_load_libs:
		_project.loader.dynamic_load(_load_lib)
	self._current_state = _entry_state = _project.factory.entry_state()
	self.run_concretly(["nvram_get"]) # break at nvram_get in libnvram
	self.sync_state()
	_current_simgr = _project.factory.simgr(self._current_state.copy(), save_unconstrained=True, save_unsat=True)
	_succ_path = _current_simgr.copy().step()
	# _succ_path.errored will be No bytes in memory for block starting at 0xf7f03ae4.
	_succ_path_active_states = _succ_path.active
	
def sync_state(self, wait_time=1):
	"""
	sync state from concrete in gdbserver
	:return:
	"""
	new_state = self._current_state
	# FIXME wait target hang
	time.sleep(wait_time)
	new_state.concrete.sync()
	self._current_state = new_state

@SteinsGatep001
Copy link
Author

SteinsGatep001 commented Jul 13, 2022
edited
Loading

I also tried
_project = angr.Project('/tmp/squashfs-root/usr/lib/libnvram.so', concrete_target=_avatar_gdb_target, ld_path=ld_path, use_sim_procedures=True)
But after _succ_path = _current_simgr.copy().step(), it also failed:
_succ_path.erroed: <State errored with "No bytes in memory for block starting at 0xf77bbae4.">

@degrigis
Copy link
Member

degrigis commented Jul 16, 2022
edited
Loading

Can you try to step a few instructions into the concrete process (i.e., set a breakpoint at the beginning) and grab the concrete state?

@SteinsGatep001
Copy link
Author

I can step a few instruction into concrete process and grab the concrete state successfully(I checked in GDB remote, instructions are valid ). But I failed to use the step via step() function in copy of state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@degrigis degrigis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@degrigis @SteinsGatep001