angr.callable

class angr.callable.Callable

Bases: object

Callable is a representation of a function in the binary that can be interacted with like a native python function.

If you set perform_merge=True (the default), the result will be returned to you, and you can get the result state with callable.result_state.

Otherwise, you can get the resulting simulation manager at callable.result_path_group.

__init__(project, addr, prototype=None, concrete_only=False, perform_merge=True, base_state=None, toc=None, cc=None, add_options=None, remove_options=None, step_limit=None, techniques=None)
Parameters:

  • project (Project) – The project to operate on

  • addr (int) – The address of the function to use

  • prototype (SimTypeFunction | None) – The signature of the calls you would like to make. This really shouldn’t be optional.

  • concrete_only – Throw an exception if the execution splits into multiple paths

  • perform_merge – Merge all result states into one at the end (only relevant if concrete_only=False)

  • base_state (SimState | None) – The state from which to do these runs

  • toc – The address of the table of contents for ppc64

  • cc (SimCC | None) – The SimCC to use for a calling convention

  • add_options (set[str] | None)

  • remove_options (set[str] | None)

  • step_limit (int | None)

  • techniques (list[ExplorationTechnique] | None)

set_base_state(state)

Swap out the state you’d like to use to perform the call.

Parameters:

state – The state to use to perform the call

perform_call(*args, prototype=None)
call_c(c_args)

Call this Callable with a string of C-style arguments.

Parameters:

c_args (str) – C-style arguments.

Returns:

The return value from the call.

Return type:

claripy.Ast