Reputation: 926
In angr, how to Load and Analyze a binary file that only contains function instructions, not a ELF file
I have some binary files, each of them contain instructions of a function, (may be a little more in the end). The begining of the file is also the start point of the function.
This files were extracted from a ELF file.The platform is arm64.
So, how to load and analyze this file using angr?
The target:
Every function has a "switch case statement", the target is to get all intergers of the case expression.
Example(C code):
void func1(int cmd){
switch (cmd) {
case 1:
xxxx
break;
case 10:
yyyy;
break;
}
}
Result: 1,10
Upvotes: 1
Views: 700
Answers (1)
Reputation: 496
my suggestion is to not use angr in this case because you could extract all the cases in a much easier way for example using r2pipe. I've create a simple example for you and I hope it helps.
C code
int main(int argc, char* argv[]) {
switch(argc) {
case 1:
break;
case 2:
break;
default:
break;
}
}
python script
import r2pipe
r2 = r2pipe.open("switch")
r2.cmd("aa")
r2.cmdj('s main')
instructions = r2.cmdj('pdfj')
for instruction in instructions['ops']:
if ( instruction["type"] == "cmp" ):
print instruction["ptr"]
Output:
r2pipe.cmdj.Error: No JSON object could be decoded
1
2
I'm not sure what I had that error message at the beginning of the output.
HTH
Upvotes: 1
Related Questions
- How to examine `elf` file by hexdump?
- How to Read a Function From a Dissasembled Binary File?
- Extract function bytes from ELF binary file
- For ELF file, how to tell which section contains execution binary code?
- How to read binary executable by instructions?
- Dump entire ELF binary into readable headers and sections
- Removing assembly instructions from ELF
- How do I determine what functions are being called in a binary?
- How to extract a few functions out of a compiled ELF-executable (no disassembly)?
- Reverse Engineering an ELF Binary