angr.simos.simos

class angr.simos.simos.SimOS

Bases: object

A class describing OS/arch-level configuration.

__init__(project, name=None)

Parameters:

• project (Project)

• name (str | None)

name: str | None

configure_project()

Configure the project to set up global settings (like SimProcedures).

state_blank(addr=None, initial_prefix=None, brk=None, stack_end=None, stack_size=8388608, stdin=None, thread_idx=None, permissions_backer=None, **kwargs)

Initialize a blank state.

All parameters are optional.

Parameters:

• addr – The execution start address.

• initial_prefix

• stack_end – The end of the stack (i.e., the byte after the last valid stack address).

• stack_size – The number of bytes to allocate for stack space

• brk – The address of the process’ break.

Returns:

The initialized SimState.

Any additional arguments will be passed to the SimState constructor

state_entry(**kwargs)

state_full_init(**kwargs)

state_call(addr, *args, **kwargs)

prepare_call_state(calling_state, initial_state=None, preserve_registers=(), preserve_memory=())

This function prepares a state that is executing a call instruction. If given an initial_state, it copies over all of the critical registers to it from the calling_state. Otherwise, it prepares the calling_state for action.

This is mostly used to create minimalistic for CFG generation. Some ABIs, such as MIPS PIE and x86 PIE, require certain information to be maintained in certain registers. For example, for PIE MIPS, this function transfer t9, gp, and ra to the new state.

prepare_function_symbol(symbol_name, basic_addr=None)

Prepare the address space with the data necessary to perform relocations pointing to the given symbol

Returns a 2-tuple. The first item is the address of the function code, the second is the address of the relocation target.

handle_exception(successors, engine, exception)

Perform exception handling. This method will be called when, during execution, a SimException is thrown. Currently, this can only indicate a segfault, but in the future it could indicate any unexpected exceptional behavior that can’t be handled by ordinary control flow.

The method may mutate the provided SimSuccessors object in any way it likes, or re-raise the exception.

Parameters:

• successors – The SimSuccessors object currently being executed on

• engine – The engine that was processing this step

• exception – The actual exception object

syscall(state, allow_unsupported=True)

Return type:

SimProcedure | None

Parameters:

• state (SimState)

• allow_unsupported (bool)

syscall_abi(state)

Return type:

str | None

Parameters:

state (SimState)

syscall_cc(state)

Return type:

SimCCSyscall | None

Parameters:

state (SimState)

is_syscall_addr(addr)

Return type:

bool

syscall_from_addr(addr, allow_unsupported=True)

Return type:

SimProcedure | None

syscall_from_number(number, allow_unsupported=True, abi=None)

Return type:

SimProcedure | None

setup_gdt(state, gdt)

Write the GlobalDescriptorTable object in the current state memory

Parameters:

• state – state in which to write the GDT

• gdt – GlobalDescriptorTable object

Returns:

generate_gdt(fs, gs, fs_size=4294967295, gs_size=4294967295)

Generate a GlobalDescriptorTable object and populate it using the value of the gs and fs register

Parameters:

• fs – value of the fs segment register

• gs – value of the gs segment register

• fs_size – size of the fs segment register

• gs_size – size of the gs segment register

Returns:

gdt a GlobalDescriptorTable object

class angr.simos.simos.GlobalDescriptorTable

Bases: object

GlobalDescriptorTable object to store the GDT table and the segment registers values

__init__(addr, limit, table, gdt_sel, cs_sel, ds_sel, es_sel, ss_sel, fs_sel, gs_sel)