angr.state_plugins.inspect¶
- class angr.state_plugins.inspect.EventType¶
Bases:
StrEnumEvent types for breakpoints.
- VEX_LIFT = 'vex_lift'¶
- MEM_READ = 'mem_read'¶
- MEM_WRITE = 'mem_write'¶
- ADDRESS_CONCRETIZATION = 'address_concretization'¶
- REG_READ = 'reg_read'¶
- REG_WRITE = 'reg_write'¶
- TMP_READ = 'tmp_read'¶
- TMP_WRITE = 'tmp_write'¶
- EXPR = 'expr'¶
- STATEMENT = 'statement'¶
- INSTRUCTION = 'instruction'¶
- IRSB = 'irsb'¶
- CONSTRAINTS = 'constraints'¶
- EXIT = 'exit'¶
- FORK = 'fork'¶
- SYMBOLIC_VARIABLE = 'symbolic_variable'¶
- CALL = 'call'¶
- RETURN = 'return'¶
- SIMPROCEDURE = 'simprocedure'¶
- DIRTY = 'dirty'¶
- SYSCALL = 'syscall'¶
- CFG_HANDLE_JOB = 'cfg_handle_job'¶
- VFG_HANDLE_SUCCESSOR = 'vfg_handle_successor'¶
- VFG_WIDEN_STATE = 'vfg_widen_state'¶
- ENGINE_PROCESS = 'engine_process'¶
- MEMORY_PAGE_MAP = 'memory_page_map'¶
- __new__(value)
- class angr.state_plugins.inspect.InspectAttrs¶
Bases:
objectPer-event attributes published by the inspect machinery while a breakpoint is firing.
Each field is set on the active state before any matching breakpoint is checked, then cleared (back to
None) after the event completes. Breakpoint actions read and write these fields throughstate.inspect.attrsto observe or override the in-flight event.- __init__(vex_lift_addr=None, vex_lift_size=None, vex_lift_buff=None, mem_read_address=None, mem_read_expr=None, mem_read_length=None, mem_read_condition=None, mem_read_endness=None, mem_write_address=None, mem_write_expr=None, mem_write_length=None, mem_write_condition=None, mem_write_endness=None, reg_read_offset=None, reg_read_expr=None, reg_read_length=None, reg_read_condition=None, reg_read_endness=None, reg_write_offset=None, reg_write_expr=None, reg_write_length=None, reg_write_condition=None, reg_write_endness=None, tmp_read_num=None, tmp_read_expr=None, tmp_write_num=None, tmp_write_expr=None, expr=None, expr_result=None, statement=None, instruction=None, address=None, added_constraints=None, function_address=None, exit_target=None, exit_guard=None, exit_jumpkind=None, backtrace=None, symbolic_name=None, symbolic_size=None, symbolic_expr=None, address_concretization_strategy=None, address_concretization_action=None, address_concretization_memory=None, address_concretization_expr=None, address_concretization_result=None, address_concretization_add_constraints=None, syscall_name=None, simprocedure_name=None, simprocedure_addr=None, simprocedure_result=None, simprocedure=None, dirty_name=None, dirty_handler=None, dirty_args=None, dirty_result=None, sim_engine=None, sim_successors=None, mapped_page=None, mapped_address=None)¶
- Parameters:
vex_lift_addr (Any)
vex_lift_size (Any)
vex_lift_buff (Any)
mem_read_address (Any)
mem_read_expr (Any)
mem_read_length (Any)
mem_read_condition (Any)
mem_read_endness (Any)
mem_write_address (Any)
mem_write_expr (Any)
mem_write_length (Any)
mem_write_condition (Any)
mem_write_endness (Any)
reg_read_offset (Any)
reg_read_expr (Any)
reg_read_length (Any)
reg_read_condition (Any)
reg_read_endness (Any)
reg_write_offset (Any)
reg_write_expr (Any)
reg_write_length (Any)
reg_write_condition (Any)
reg_write_endness (Any)
tmp_read_num (Any)
tmp_read_expr (Any)
tmp_write_num (Any)
tmp_write_expr (Any)
expr (Any)
expr_result (Any)
statement (Any)
instruction (Any)
address (Any)
added_constraints (Any)
function_address (Any)
exit_target (Any)
exit_guard (Any)
exit_jumpkind (Any)
backtrace (Any)
symbolic_name (Any)
symbolic_size (Any)
symbolic_expr (Any)
address_concretization_strategy (Any)
address_concretization_action (Any)
address_concretization_memory (Any)
address_concretization_expr (Any)
address_concretization_result (Any)
address_concretization_add_constraints (Any)
syscall_name (Any)
simprocedure_name (Any)
simprocedure_addr (Any)
simprocedure_result (Any)
simprocedure (Any)
dirty_name (Any)
dirty_handler (Any)
dirty_args (Any)
dirty_result (Any)
sim_engine (Any)
sim_successors (Any)
mapped_page (Any)
mapped_address (Any)
- Return type:
None
- class angr.state_plugins.inspect.When¶
Bases:
StrEnumWhen to trigger breakpoints.
- BEFORE = 'before'¶
- AFTER = 'after'¶
- BOTH = 'both'¶
- __new__(value)
- class angr.state_plugins.inspect.BP¶
Bases:
objectA breakpoint.
- __init__(when=When.BEFORE, enabled=True, condition=None, action=<function BP_IPDB>, **kwargs)¶
- check(state, when)¶
Checks state state to see if the breakpoint should fire.
- class angr.state_plugins.inspect.SimInspector¶
Bases:
SimStatePluginThe breakpoint interface, used to instrument execution. For usage information, look here: https://docs.angr.io/core-concepts/simulation#breakpoints
- BP_AFTER = 'after'¶
- BP_BEFORE = 'before'¶
- BP_BOTH = 'both'¶
- __init__()¶
- action(event_type, when, **kwargs)¶
Called from within the engine when events happens. This function checks all breakpoints registered for that event and fires the ones whose conditions match.
- make_breakpoint(event_type, when=When.BEFORE, enabled=True, condition=None, action=<function BP_IPDB>, **kwargs)¶
Creates and adds a breakpoint which would trigger on event_type. Additional arguments are passed to the
BPconstructor.
- b(event_type, when=When.BEFORE, enabled=True, condition=None, action=<function BP_IPDB>, **kwargs)¶
Creates and adds a breakpoint which would trigger on event_type. Additional arguments are passed to the
BPconstructor.
- add_breakpoint(event_type, bp)¶
Adds a breakpoint which would trigger on event_type.
- remove_breakpoint(event_type, bp=None, filter_func=None)¶
Removes a breakpoint.
- downsize()¶
Reset event-specific attributes on this plugin instance to save memory. This method is supposed to be called by breakpoint implementors. A typical workflow looks like the following:
>>> # Add `attr0` and `attr1` via the inspect machinery >>> self.state.inspect(xxxxxx, attr0=yyyy, attr1=zzzz) >>> # Get new attributes out of SimInspect in case they are modified by the user >>> new_attr0 = self.state.inspect.attrs.attr0 >>> new_attr1 = self.state.inspect.attrs.attr1 >>> # Reset them >>> self.state.inspect.downsize()