Comments (4)
fmagin
commented on July 28, 2024
The first issue seems to be that the call() method in https://github.com/angr/claripy/blob/3c05b8ebb256842ff7fb4de14a2b268e948cc419/claripy/backends/__init__.py#L189-L199 does not enforce that args actually contain anything, but I that still leaves the question why it even gets called without any args
from angrop.
fmagin
commented on July 28, 2024
After wrapping a try catch around the first statement of the trace and printing the addresses with errors I got the following list:
failed_addrs = [0x10006b4c, 0x10006b4e, 0x1000a14f, 0x1000a3bf, 0x1000aac7, 0x1000ac81,0x1000ad5f ,0x1000bb05 ,0x1000c691, 0x1002f25e, 0x1002f260]
failed_blocks = [proj.factory.block(addr) for addr in failed_addrs]
for block in blocks:
block.pp()
print("")0x10006b4c: mov dh, 4
0x10006b4e: adc bh, bh
0x10006b50: adc eax, 0x10036208
0x10006b55: pop edi
0x10006b56: ret
0x10006b4e: adc bh, bh
0x10006b50: adc eax, 0x10036208
0x10006b55: pop edi
0x10006b56: ret
0x1000a14f: adc bh, bh
0x1000a151: adc eax, 0x10036314
0x1000a156: pop esi
0x1000a157: ret
0x1000a3bf: adc bh, bh
0x1000a3c1: adc eax, 0x100361e0
0x1000a3c6: pop edi
0x1000a3c7: pop esi
0x1000a3c8: pop ebx
0x1000a3c9: leave
0x1000a3ca: ret
0x1000aac7: adc bh, bh
0x1000aac9: adc eax, 0x100361b4
0x1000aace: pop edi
0x1000aacf: pop esi
0x1000aad0: ret
0x1000ac81: adc bh, bh
0x1000ac83: salc
0x1000ac84: pop esi
0x1000ac85: ret
0x1000ad5f: adc bh, bh
0x1000ad61: adc eax, 0x10036320
0x1000ad66: pop ebp
0x1000ad67: ret
0x1000bb05: adc bh, bh
0x1000bb07: adc eax, 0x10036200
0x1000bb0c: pop esi
0x1000bb0d: ret
0x1000c691: adc bh, bh
0x1000c693: adc eax, 0x1003616c
0x1000c698: ret
So the obvious thing is that they all contain an adc bh, bh instruction which in hindsight makes sense due to this section of the stack trace
/home/fmagin/gits/angr-dev/angr/angr/engines/vex/ccall.py in pc_actions_ADC(state, nbits, cc_dep1, cc_dep2, cc_ndep, platform)
324 zf = calc_zerobit(state, res)
325 sf = res[nbits - 1]
--> 326 of = ((arg_l ^ arg_r ^ -1) & (arg_l ^ res))[nbits-1]
327
328 return pc_make_rdata(data[platform]['size'], cf, pf, af, zf, sf, of, platform=platform)I don't understand yet why exactly this is an issue but my guess is that because in operations.py
if filter_func: new_args = filter_func(new_args)leads to new_args being empty after applying the filter function this leads to issues further down.
from angrop.
github-actions
commented on July 28, 2024
This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.
from angrop.
github-actions
commented on July 28, 2024
This issue has been closed due to inactivity.
from angrop.
Related Issues (20)
- Bad chain produced by write_to_mem HOT 2
- SimUnsatError during gadget chain construction HOT 3
- angrop fails as `xor` argument get lost in space HOT 3
- Does angrop support PE files? HOT 11
- AttributeError: 'unicode' object has no attribute '__slots__' HOT 5
- Does add_to_mem ever work? HOT 3
- Values passed on stack ignoring badbytes HOT 9
- Import error HOT 3
- Helping with the project [Passing strings to function calls]
- `test_rop_i386_cgc` timeout in CI HOT 4
- Reference to missing angr.option HOT 2
- angr-bot dead on this repo HOT 4
- add ignore_registers support for func_call() HOT 2
- Moving register values HOT 6
- support conditional execution in arm
- Multiple Register Pops Not Working in ARM. HOT 3
- filter out privileged instructions HOT 5
- Bad Assumption About Rebasing Data Bytes in Chains against Binaries With PIE HOT 2
- write_to_mem Broken for 32 bit Binaries HOT 6
- TODO Features
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angrop.