angr.analyses.smc¶

class angr.analyses.smc.TraceActions¶

Bases: IntFlag

Describe memory access actions.

WRITE = 1¶

EXECUTE = 2¶

__new__(value)

class angr.analyses.smc.TraceClassifier¶

Bases: object

Classify traces.

__init__(state=None)¶

Parameters:: state (SimState | None)

act_mem_write(state)¶

SimInspect callback for memory writes.

Return type:: None

act_instruction(state)¶

SimInspect callback for instruction execution.

Return type:: None

instrument(state)¶

Instrument state for tracing.

Return type:: None

get_smc_address_and_lengths()¶

Evaluate the trace to find which areas of memory were both written to and executed.

Return type:: Generator[tuple[int, int]]

determine_smc()¶

Evaluate the trace to find areas of memory that were both written to and executed.

Return type:: bool

pp()¶

class angr.analyses.smc.SelfModifyingCodeAnalysis¶

Bases: Analysis

Determine if some piece of code is self-modifying.

This determination is made by simply executing. If an address is executed that is also written to, the code is determined to be self-modifying. The determination is stored in the result property. The regions property contains a list of (addr, length) regions that were both written to and executed.

__init__(subject, max_bytes=0, state=None)¶

Parameters:

subject (None | int | str | Function) – Subject of analysis
max_bytes (int) – Maximum number of bytes from subject address. 0 for no limit (default).
state (SimState | None) – State to begin executing from.

regions: list[tuple[int, int]]

result: bool