Post

angr学习笔记

Posted
By
2 min read

官方文档:https://docs.angr.io/

1. 安装与配置

1.1 基本安装

参见:https://www.secpulse.com/archives/83197.html

1

sudo apt-get install python-dev libffi-dev build-essential virtualenvwrapper

apt-get之后却并不能执行mkvirtualenv命令,于是又用pip安装了一遍

1
2

sudo pip install virtualenv
sudo pip install virtualenvwrapper

配置环境变量

1
2
3
4

vi ~/.bashrc
  #在文件末尾加上两行代码:
export WORKON_HOME=~/.virtualenvs
source /usr/local/bin/virtualenvwrapper.sh

重新加载bashrc

1

source ~/.bashrc

安装pypy,如果用Python见#3

1
2
3
4
5

\# 建议使用pypy加速:
pip install pypy
mkvirtualenv -p pypy angr && pip install angr
\# 否则:
mkvirtualenv angr && pip install angr

1
2
3
4
5
6

如果得到下列报错:
```shell
ERROR: pyvex 7.8.9.26 has requirement future==0.16.0, but you'll have future 0.18.1 which is incompatible.
ERROR: archinfo 7.8.9.26 has requirement future==0.16.0, but you'll have future 0.18.1 which is incompatible.
ERROR: claripy 7.8.9.26 has requirement future==0.16.0, but you'll have future 0.18.1 which is incompatible.
```

那么需要安装future 0.16.0

1

pip install future==0.16.0

注意这个版本的future是装在angr虚拟环境下的

1.2 安装pypy独立的pip

1
2
3

wget https://bootstrap.pypa.io/get-pip.py
pypy get-pip.py
pypy -m pip install angr

1.3 python3版本

下载并解压pypy3.6-v7.2.0-linux64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

mv pypy3.6-v7.2.0-linux64/ /usr/local/
ln -s /usr/local/pypy3.6-v7.2.0-linux64/bin/pypy3 /usr/local/bin/pypy3
pypy3 -m ensurepip
ln -s /usr/local/pypy3.6-v7.2.0-linux64/bin/pip3 /usr/local/bin/pip31 \#注意这里叫pip31,相当于\#1.5,与pip3区分

wget http://ftp.br.debian.org/debian/pool/main/g/glibc/multiarch-support_2.28-10_amd64.deb
sudo dpkg -i multiarch-support_2.28-10_amd64.deb

wget http://ftp.nl.debian.org/debian/pool/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u8_amd64.deb
sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u8_amd64.deb

mkvirtualenv -p pypy3 angr3

workon angr3
pip31 install angr \# 出错,装到外面去了,是有原因的,在于virtualenv的原理
pip install angr

1.4 安装开发版本angr-dev

官方教程:https://github.com/angr/angr-dev

1
2
3

git clone https://github.com/angr/angr-dev.git
cd angr-dev
./setup.sh -i -e angr-dev # 搭建angr-dev虚拟环境

1.5 安装angr-management

1
2
3
4
5

git clone https://github.com/angr/angr-management.git
cd angr-management
workon angr-dev # 必须经过1.4,在angr-dev环境下
python start.py (有包缺失的话另装)
可能需要装pyxdg、toml

2. angr初学

1

git clone https://github.com/angr/angr-doc

把官方示例clone下来

随便载入一个二进制文件(这里我用的angr-doc/examples/csaw_wyvern/wyvern)

官方文档(基础概念):https://docs.angr.io/core-concepts/toplevel

proj

1
2

proj = angr.Project('xxx')
proj.arch/entry/filename...

proj.loader

1
2
3
4
5
6
7

proj.loader
proj.loader.shared_objects
proj.loader.min_addr
proj.loader.max_addr
proj.loader.main_object
proj.loader.main_object.execstack
proj.loader.main_object.pic

proj.factory

1
2

proj.factory.block()
block.pp()
Security, pwn
This post is licensed under CC BY 4.0 by the author.