Comments (8)
axt
commented on May 16, 2024
Do you use the plot_cfg function? It has a remove_imports parameter which defaults to True, and it will remove calls to SimProcedures from the graph. You can set it to False.
If you use bingraphvis directly and you see missing nodes/edges from a graph, then give me an example binary, where it is wrong, and I will have a look.
from angr-utils.
frapik99
commented on May 16, 2024
@axt ,
so I have attached a zip file containing pngpixel and the relative cfg. As you will see for exampe png_create_info_struct does not have any leaf and it is grey. I have used the following code:
import angr
from angrutils import plot_cfg
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
#cfg = b.analyses.CFGFast()
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100)
for addr,func in proj.kb.functions.iteritems():
if func.name == "func.name":
pass
#plot_cfg(cfg, "%s_%s_full" % (name, func.name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
#plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=False, remove_path_terminator=False)
#plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
if __name__ == "__main__":
proj = angr.Project("../samples/pngpixel", load_options={'auto_load_libs':True})
main = proj.loader.main_bin.get_symbol("main")
analyze(proj, main.addr, "pngpixel")
from angr-utils.
axt
commented on May 16, 2024
If png_create_info_struct is grey, it means the libpng16.so.16 binary was not loaded, so that symbol was replaced with a ReturnUnconstrained SimProcedure.
I've placed the binary next to your executable, and created a CFG with context_sensitivity_level=0 which created a graph so big (~4000 nodes) what plot_cfg couldn't render into png in a reasonable time.
from angr-utils.
frapik99
commented on May 16, 2024
@axt , I'm sorry but I tried again putting libpng16.so.16 in the same dir of the python script but I don't have a proper result. I have used the following code:
#! /usr/bin/env python
import angr
from angrutils import plot_cfg
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
#cfg = b.analyses.CFGFast()
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=0, keep_state=True, call_depth=100)
for addr,func in proj.kb.functions.iteritems():
if func.name == "png_create_info_struct":
print "Creating the graph"
#pass
#plot_cfg(cfg, "%s_%s_full" % (name, func.name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=False, remove_path_terminator=False)
#plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
#plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
if __name__ == "__main__":
proj = angr.Project("../samples/pngpixel", load_options={'auto_load_libs':True})
main = proj.loader.main_bin.get_symbol("main")
analyze(proj, main.addr, "pngpixel")
I have attached the generated images... Thanks for your help
png.zip
from angr-utils.
axt
commented on May 16, 2024
Are you using the latest angr?
I've attached my 'so' file, and the graph. Maybe try with this file, placed the same dir as the executable.
from angr-utils.
frapik99
commented on May 16, 2024
Hi,
yes I have updated to the latest angr and angr-utils but I still have the same empty image. I have also noticed that the sentence Creating the graph is printed twice. I'm not sure why... I cannot really see why I'm having this problem...
from angr-utils.
frapik99
commented on May 16, 2024
So I have amended bingraphvis making it print the number of nodes from within generate function. For some reason png_create_info_struct is found twice and the first time there are 2 nodes and 1 edge, Instead for the second 0 nodes and 0 edge... I cannot really understand why.. I assume there are few problems with the cfg but I have generated it: cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=0, keep_state=True, call_depth=100) Should I change something?
Thanks for your patience
from angr-utils.
axt
commented on May 16, 2024
That is normal. One is the PLT entry, and the other is the SimProcedure. If you print .is_plt property of those two functions, for one it will be true and for the other it will be false.
Unfortunately I have no idea, why it doesn't loads the library for you, you should try to seek help for that issue from the official angr channels.
from angr-utils.
Related Issues (20)
- plot_cfg not working HOT 3
- how to speed up cfg_path HOT 1
- Getting error while running examples HOT 5
- WARNING | 2018-07-16 17:19:33,677 | angr.analyses.disassembly_utils | Your version of capstone does not support MIPS instruction groups. HOT 2
- No module named "expr" HOT 3
- Multiple duplicated CFG in a graph HOT 2
- RuntimeError when running angrutils.plot_ddg_data(ddg.simplified_data_graph, xxx) HOT 2
- Getting VEX-IR of a function HOT 1
- Save CFG to a file instead of rendering in new window HOT 2
- plot_cfg(): Plotted CFG is not readable HOT 2
- DDG example HOT 1
- Are there limitations to plot_cfg()? HOT 2
- can't generate graph HOT 1
- Is there a way to walk a dissasembly graph? HOT 2
- graph is not getting generated HOT 1
- No module named 'angrutils' HOT 1
- plot_ CFG cannot draw disassembly code HOT 8
- AttributeError: 'XRef' object has no attribute 'sort' HOT 5
- I got an error when I was import angr HOT 3
- Regarding CFG construction HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angr-utils.