All Projects → andreafioraldi → Idangr

andreafioraldi / Idangr

Licence: bsd-2-clause
Use angr in the IDA Pro debugger generating a state from the current debug session

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Idangr

ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (-69.63%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (+67.29%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+542.06%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+174.77%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-90.19%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Hyara
Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (-33.64%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
obfDetect
IDA plugin to pinpoint obfuscated code
Stars: ✭ 99 (-53.74%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Amie
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Stars: ✭ 136 (-36.45%)
Mutual labels:  ida, ida-pro, idapython
Auto re
IDA PRO auto-renaming plugin with tagging support
Stars: ✭ 388 (+81.31%)
Mutual labels:  ida, ida-pro, plugin
Stingray
IDAPython plugin for finding function strings recursively
Stars: ✭ 110 (-48.6%)
Mutual labels:  ida-pro, ida-plugin, idapython
Heap Viewer
An IDA Pro plugin to examine the glibc heap, focused on exploit development
Stars: ✭ 574 (+168.22%)
Mutual labels:  ida-pro, ida-plugin, idapython
Idawasm
IDA Pro loader and processor modules for WebAssembly
Stars: ✭ 264 (+23.36%)
Mutual labels:  ida, ida-pro, idapython
Sark
IDAPython Made Easy
Stars: ✭ 477 (+122.9%)
Mutual labels:  ida-pro, ida-plugin, idapython
Ret Sync
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
Stars: ✭ 896 (+318.69%)
Mutual labels:  ida-pro, ida-plugin, debugger
Scratchabit
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Stars: ✭ 369 (+72.43%)
Mutual labels:  ida, ida-plugin, idapython
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (-34.11%)
Mutual labels:  ida, ida-pro, ida-plugin
Dereferencing
IDA Pro plugin that implements more user-friendly register and stack views
Stars: ✭ 336 (+57.01%)
Mutual labels:  ida-pro, ida-plugin, idapython
Pytest Idapro
A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDAPython API.
Stars: ✭ 44 (-79.44%)
Mutual labels:  ida-pro, ida-plugin, idapython
Ponce
IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
Stars: ✭ 1,066 (+398.13%)
Mutual labels:  ida, ida-plugin, symbolic-execution
idapython-cheatsheet
scripting IDA like a Pro
Stars: ✭ 13 (-93.93%)
Mutual labels:  ida, ida-pro, idapython

IDAngr

Use angr in the IDA Pro debugger generating a state from the current debug session.

it works only with x86/x86_64 ELF binaries on linux at the moment

IDAngr needs angrdbg installed in the same machine of IDA or in a remote machine.

python2 -m pip install angrdbg

IDAngr can run only with angr 7 at the moment because IDAPython is only Python 2.

GUI

The idangr_gui.py script must be loaded during the debug.

IDAngr adds a panel with a self explanatory interface.

You can set find/avoid addresses and symbolic memory directly from the context menu in the IDA View.

Explore other useful context menus in the panel with the rigth-click on items.

youtube_img

Plugin

You can install indagr as a plugin (see INSTALL.md), to activate it press Ctrl+Alt+I.

Api

IDAngr implements the angrdbg api in the IDA debugger.

Use idangr.init(is_remote=False, host=None, port=None, use_pin=False) to setup the library environment and access to the angrdbg api at the beginning of everything. When is_remote is True the plugin will connect to a remote angrdbg server (start it on the remote machine using python -m angrdbg). You must set use_pin to True if you are connected to Intel Pin with a PinTool compatible with IDAngr (this problably does not work when using remote angrdbg).

idangr.is_initialized() can be used in a script to check if init must be called or not.

StateShot

Return an angr state from the current debug session state.

StateManager

A wrapper around angr to simplify the symbolic values creation and to write the results back in the debugger when angr founds a valid path.

Methods
  • instance.sim(key, size) create a symbolic value on a register or on a memory address (size is optional)
  • instance[key] get a register or a memory value
  • instance.simulation_manager() create an angr simulation manager based on the state
  • instance.to_dbg(found_state) transfer to the debugger state the evaluated value of the symbolic value created before with sim

note: memory values are the same that are returned by state.mem[addr]

A more detailed description of the Api can be found in the angrdbg repo and in my Bachelor thesis.

hook_lib_funcs

Try to hook functions that are recognized by IDA as inserted by the compiler to the corrispondent simprocedure if present.

Example

Python>sm = StateManager()
Python>sm.sim("edi")
Python>sm.sim("esi")
Python>m = sm.simulation_manager()
Python>m.explore(avoid=0x04005D5, find=0x00004005BC)
<SimulationManager with 1 found, 3 avoid>
Python>idc.GetRegValue("edi")
0
Python>idc.GetRegValue("esi")
5
Python>sm.to_dbg(m.found[0])
Python>idc.GetRegValue("edi")
2
Python>idc.GetRegValue("esi")
0

See examples folder.

Other Debuggers

If you want to use angr in other debuggers looks at angrdbg

I'va also made an almost equal plugin for GDB: angrgdb

TODO

  • add support to angr data dependence graph integration in the ida view
  • add an iphyton shell to manually change the value in the gui
  • add a taint engine based on intel pin

Cite

Thesis PDF.

Bibtex:

@misc{fioraldi2020symbolic,
    title={Symbolic Execution and Debugging Synchronization},
    author={Andrea Fioraldi},
    year={2020},
    eprint={2006.16601},
    archivePrefix={arXiv},
    primaryClass={cs.CR}
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].