-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Evaluate memory contents #4627
Comments
Now, I have not actually evaluated any of the advice I'm about to give you, nor is it code that I have ever used myself. However! It sounds like what you're looking for is the underconstrained symbolic execution feature. With this option, angr will allocate a new memory region for each unconstrained dereference, and constrain the pointer to point to this region. With this, you should be able to eval rdi at the program point you're interested in and find the memory address that angr is using to reason about rdi. UCSE can be enabled via state option |
Question
Hello!
I have the following instruction in a binary:
add (%rdi),%eax
I want to evaluate the memory content in the address dereferenced there (with some other constraints set for %eax).
After exploring with a simulation and finding the state "
final_state
", when I runfinal_state.regs.eax.variables
I getSo I have the address and the size that I want to evaluate, (but this changes with every simulation)
But when I do the following
Doesn't return the value I expected (returns 0).
My hypothesis is that the
sym_var
should be stored in memory before thesimulation.explore(find=addr)
but before that I don't know the address referenced by therdi
register.I could just store the
sym_var
in the entry state using the content of therdi
register but I want to generalize this part of my program and I don't want to assume that therdi
register is being dereferenced, that's why I'm using thefinal_state.regs.eax.variables
.So the question is,
How can I evaluate the memory content pointed by rdi (without explicitly talking about rdi)?
Thank you!
The text was updated successfully, but these errors were encountered: