I tried to load an arm elf binary into Angr framework, but it failed to decode function sub_000005D8.

.text:000005D8 F0 B5                 PUSH            {R4-R7,LR}
.text:000005DA 03 AF                 ADD              R7, SP, #0xC
.text:000005DC 2D E9 00 0F           PUSH.W          {R8-R11}
.text:000005E0 B1 B0                 SUB             SP, SP, #0xC4
.text:000005E2 4F F4 D6 71           MOV.W           R1, #0x1AC
.text:000005E6 46 F6 CB 33           MOVW            R3, #0x6BCB

I spent a few time investigating the issue and found out that it was caused by a really common thumb mode prolog b"\xf0\xb5\x03\xaf" missing in arch_arm.py.

I added it to thumb_prologs defiend in arch_arm.py, and then Angr works well.

thumb_prologs = {
        br"[\x00-\xff]\xb5[\x80-\xff]\xb0",            # push {??, ??, ..., ??, lr}; sub sp, sp, #??
        br"\x80\xb4[\x80-\xff]\xb0",                   # push {r7}; sub sp, sp, #??
        br"[\x00-\xff]\xb4\x00\xb5[\x80-\xff]\xb0",    # push {r?, r?}; push {lr}; sub sp, sp, #??
        br"[\x80-\xff]\xb0[\x00-\xff]\x90",            # sub sp, sp, #??; str r0, [sp, ?]
        br"[\x00-\xff]\xb5[\x00-\xff]\x4c\xa5\x44",    # push {??, ..., ??, lr}; ldr r4, [pc, #??]; add sp, r4
+     	br"\xf0\xb5\x03\xaf"                           # push {r4-r7, lr}; add r7, sp, #0xc
    }

a comment in gymrat states:

if self.arch.instruction_endness == 'Iend_LE':                           
   # This arch stores its instructions in memory endian-flipped compared to the ISA.
   # To enable natural lifter-writing, we let the user write them like in the manual, and correct for
   # endness here

This is useful to implement the instruction regardless of the endianness (and cover both at once):

Archinfos for arm and arm64 dont set the instruction_endness.

something like this would do

class ArchARM(Arch):                                                             
   def __init__(self, endness=Endness.LE):                                      
      super(ArchARM, self).__init__(endness)                                   
      self.instruction_endness = endness

class ArchAArch64(Arch):                                                         
   def __init__(self, endness=Endness.LE):                                      
      super(ArchAArch64, self).__init__(endness)                               
      self.instruction_endness = endness

Hi, in arch_x86.py in the register_names dict the register st2 is listed twice while st3 is missing. The mistake is on line 93.

Description

segment registers have different name for i386, amd64 in archinfo, which is quite annoying
specifically, in archinfo, i386 calls them normally like "cs", "ds", "es", "fs", "gs", "ss", but amd64 calls them "cs_seg", "ds_seg", which is annoying when developing something relevant to those registers.

i386: https://github.com/angr/archinfo/blob/master/archinfo/arch_x86.py#L56
amd64: https://github.com/angr/archinfo/blob/master/archinfo/arch_amd64.py#L442

Alternatives

No response

Additional context

No response

Hello,

the new Register-Class introduces weird ARM32-Register names, e.g. 'a1' instead of 'r0'. For AARCH64 and X64/X86 everything seems fine from my side.

Is there a particular reason for this naming scheme, or is it open for a pull-request to change this for arm32?

Description

Arches now are kind of like singletons. They probably should be. I'm told there are some cursed copies and mutations floating around in angr's x86 real mode stuff that expects the current behavior, but this behavior should be eliminated if possible.

Since arches come in variants, most commonly BE/LE, we might want to have a get_all_variants function per-arch that does the instantiation. Alternatively, we could just make the classes the singleton themselves, so an arch that varies only in endness like mips32 might have 3 classes: BaseMips32, Mips32LE, and MIPS32BE. Or the base and one of the endnesses could be merged.

Alternatives

No response

Additional context

No response

I see that in MIPS32:
branch_delay_slot = True

However, this definition doesn't appear in MIPS64.
Is that in purpose?

i compiled my binary file on x86 architecture.But if i give proj.arch i am getting as amd64

I think AMD64 RIP should not be classified as general purpose.

We've been advised by the valgrind people that those offsets are not meant to be stable across platforms, or even across compilers. The correct solution is to have a method in pyvex that extracts the current platform's offsets from libvex (this can be via a function in pyvex_native that simply does a bunch of offsetof calculations) and if pyvex is available at import time, use that to populate the register fields.

This will drastically simplify the maintenance of archinfo.

Hi I try to compile pyvex on windows platform myself. Then after I run "import angr", there are errors in the arch.py:

import angr
Traceback (most recent call last):
File "", line 1, in
File "C:\Python27\lib\site-packages\angr__init__.py", line 7, in
from .project import *
File "C:\Python27\lib\site-packages\angr\project.py", line 10, in
import cle
File "C:\Python27\lib\site-packages\cle__init__.py", line 6, in
from .loader import *
File "C:\Python27\lib\site-packages\cle\loader.py", line 688, in
from .tls import TLSObj
File "C:\Python27\lib\site-packages\cle\tls.py", line 4, in
from .backends import Backend
File "C:\Python27\lib\site-packages\cle\backends__init__.py", line 4, in
import archinfo
File "C:\Python27\lib\site-packages\archinfo__init__.py", line 2, in

from .arch import *

File "C:\Python27\lib\site-packages\archinfo\arch.py", line 320, in
ArchAMD64(), ArchX86(),
File "C:\Python27\lib\site-packages\archinfo\arch_amd64.py", line 10, in ini
t
super(ArchAMD64, self).init(endness)
File "C:\Python27\lib\site-packages\archinfo\arch.py", line 19, in init
self.vex_archinfo = self.vex_archinfo.copy()
AttributeError: 'NoneType' object has no attribute 'copy'

My operation system is Windows 7 32bit. How to solve this problem?

Thanks very much

Description

The function archinfo.arch_arm.is_arm_arch returns False for archinfo.ArchAArch64:

>>> import archinfo
>>> archinfo.arch_arm.is_arm_arch(archinfo.ArchAArch64)
False

The implementation of is_arm_arch (also) checks if the name string starts with "AArch". However, archinfo.ArchAArch64.name is "AARCH64". In fact, there is no arch that has a name that starts with "AArch". As such, I assume this is a bug - either in is_arm_arch or in the definition of archinfo.ArchAArch64.name.

Possible fix

A possible fix could be to change the implementation of is_arm_arch slightly to:

def is_arm_arch(a):
    return a.name.startswith('ARM') or a.name.startswith('AARCH')

I feel confused about reg(mm0-mm7) with index:

'mm0': (72, 8),
'mm1': (73, 8),
…………
'mm7': (79, 8)

Such as disasm:

movq mm0, qword ptr [ebp - 8]

Got Vex IR:

…………
09 | PutI(136:I8x8)[0x00000000,7] = 0x01
10 | t2 = GET:I32(ebp)
11 | t1 = Add32(t2,0xfffffff8)
12 | t3 = LDle:I64(t1)
13 | PUT(mm0) = t3

Will this overwrite mm1's first 7 bytes？
So why not be 'mm0': (72, 8), 'mm1': (80, 8) like xmm0-xmm7?

Thanks a lot!

1. missing unicorn

A minimal working example; Using the following:

$ mkvirtualenv test_issue
$ source ~/.virtualenvs/test_issue/bin/activate
(test_issue)$ pip install archinfo
(test_issue)$ python
>>> import archinfo

... triggers:

Traceback (most recent call last):                                                                                                                                       
  File "<stdin>", line 1, in <module>                                               
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/__init__.py", line 28, in <module>             
    from .arch_arm      import ArchARM, ArchARMEL, ArchARMHF, ArchARMCortexM                                                                                             
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch_arm.py", line 42, in <module>       
    class ArchARM(Arch):                                                                                                                                                 
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch_arm.py", line 187, in ArchARM     
    uc_mode_thumb = _unicorn.UC_MODE_LITTLE_ENDIAN + _unicorn.UC_MODE_THUMB                                                                                              
AttributeError: 'NoneType' object has no attribute 'UC_MODE_LITTLE_ENDIAN'

This could probably be fixed by adding the right dependency into setup.py.

2. missing pyvex 😕

From the previous example:

(test_issue)$ pip install unicorn==1.0.2rc4
(test_issue)$ python
>>> import archinfo

... triggers the following:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/__init__.py", line 26, in <module>
    from .arch_amd64    import ArchAMD64
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch_amd64.py", line 359, in <module>
    register_arch([r'.*amd64|.*x64|.*x86_64|.*metapc'], 64, Endness.LE, ArchAMD64)
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch.py", line 819, in register_arch
    all_arches.append(my_arch(endness))
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch_amd64.py", line 44, in __init__
    super(ArchAMD64, self).__init__(endness)
  File "/home/pamplemousse/Workspace/angr/archinfo/archinfo/arch.py", line 281, in __init__
    for reg_name in self.artificial_registers:
AttributeError: 'ArchAMD64' object has no attribute 'artificial_registers'

In the archinfo/arch.py, the code declaring self.artificial_registers is inside an branch where _pyvex is not None. But its use line 281 is not.

Sadly, this seems a bit trickier to fix than the previous one: archinfo is a dependency of pyvex; So, adding pyvex as a dependency of archinfo would create a cyclic dependency...

Question

total rookie with angr. First angr script give me this error:

ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x70000001 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x70000003 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64
ERROR    | 2024-05-14 14:24:21,093 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:21,094 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:21,094 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64

OS

Linux archlinux 6.8.9-arch1-2 #1 SMP PREEMPT_DYNAMIC Tue, 07 May 2024 21:35:54 +0000 x86_64 GNU/Linux

angr

angr                          9.2.102

download example from :
https://github.com/N4NU/Reversing-Challenges-List/blob/master/Easy/Codegate_CTF_2018_Preliminary_RedVelvet/RedVelvet.7z
my script

import angr

p = angr.Project('./rvpatch')


sm = p.factory.simgr()
sm.explore(find=lambda s: b"HAPPINESS:)\n"*15 in s.posix.dumps(1))

if sm.found[0]:
    print (sm.found[0].posix.dumps(0).replace(b'\x00',b''))

This is not a critical problem, and the script can finish and return normal answer. i think maybe my archlinux missing package since another ubuntu server could finish without it. But I want fix this error and get to know why i got this.

Thank you

Hello,
Missing setup.py in this project. How can i install archinfo==9.2.19.dev0?

Starting with 9.1.12332 it's no longer possible to import archinfo at least on x86_64. The issue can be reproduced in a clean venv with the a new clone.

$ git clone [email protected]:angr/archinfo.git
Cloning into 'archinfo'...
remote: Enumerating objects: 2688, done.
remote: Counting objects: 100% (537/537), done.
remote: Compressing objects: 100% (239/239), done.
remote: Total 2688 (delta 383), reused 440 (delta 298), pack-reused 2151
Receiving objects: 100% (2688/2688), 573.72 KiB | 1.76 MiB/s, done.
Resolving deltas: 100% (1893/1893), done.
[fabaff@test-py repos]$ cd archinfo/
[fabaff@test-py archinfo]$ python -m venv .
[fabaff@test-py archinfo]$ source bin/activate
(archinfo) [fabaff@test-py archinfo]$ python setup.py develop
/home/fabaff/Documents/repos/archinfo/lib64/python3.10/site-packages/setuptools/dist.py:498: UserWarning: The version specified ('9.1.gitrolling') is an invalid version, this may not work as expected with newer versions of setuptools, pip, and PyPI. Please see PEP 440 for more details.
[...]
Finished processing dependencies for archinfo===9.1.gitrolling
(archinfo) [fabaff@test-py archinfo]$ python3
Python 3.10.2 (main, Jan 17 2022, 00:00:00) [GCC 11.2.1 20211203 (Red Hat 11.2.1-7)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import archinfo
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fabaff/Documents/repos/archinfo/archinfo/__init__.py", line 26, in <module>
    from .arch_amd64    import ArchAMD64
  File "/home/fabaff/Documents/repos/archinfo/archinfo/arch_amd64.py", line 378, in <module>
    register_arch([r'.*amd64|.*x64|.*x86_64|.*metapc'], 64, Endness.LE, ArchAMD64)
  File "/home/fabaff/Documents/repos/archinfo/archinfo/arch.py", line 800, in register_arch
    all_arches.append(my_arch(endness))
  File "/home/fabaff/Documents/repos/archinfo/archinfo/arch_amd64.py", line 68, in __init__
    self.reg_blacklist.append(register.name)
AttributeError: 'NoneType' object has no attribute 'append'
>>> 

Description

Over the years, archinfo has been abused to store information which is not universal to the architecture. The prime example of the problem is arch.syscall_num_offset. This is linux-specific, and even ABI specific!

Alternatives

No response

Additional context

No response

Python 3.7.1 (default, Oct 22 2018, 10:41:28) 
[GCC 8.2.1 20180831] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import archinfo
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.7/site-packages/archinfo/__init__.py", line 12, in <module>
    from .arch_amd64    import ArchAMD64
  File "/usr/lib/python3.7/site-packages/archinfo/arch_amd64.py", line 252, in <module>
    register_arch([r'.*amd64|.*x64|.*x86_64|.*metapc'], 64, Endness.LE, ArchAMD64)
  File "/usr/lib/python3.7/site-packages/archinfo/arch.py", line 655, in register_arch
    all_arches.append(my_arch(endness))
  File "/usr/lib/python3.7/site-packages/archinfo/arch_amd64.py", line 33, in __init__
    super(ArchAMD64, self).__init__(endness)
  File "/usr/lib/python3.7/site-packages/archinfo/arch.py", line 211, in __init__
    self.ip_offset = self.registers['ip'][0]
KeyError: 'ip'
>>> 

any idea why this could be occuring? i've tried importing the other arches as well, all of them give me the same error.

Our CI should run archinfo test cases as well.

If pyvex fails to import, archinfo/arch.py sets _pyvex to None (line 13). The rest of the code is very careful to check that _pyvex is not None before using it, except line 188, which references _pyvex without first checking that it is not None. As a result, a failed import of pyvex gives the error message 'AttributeError: 'NoneType' object has no attribute 'vex_ffi' on line 188, which is a very confusing way to say "pyvex failed to import". I'm not sure whether the proper fix is to simply move the two lines 188-189 inside the if-block which begins at line 191? or if something more complicated is needed. If the former, I'm happy to put up a PR.

Thanks for the keystone integration.
I have just notice one things:

the thumb parameter which I personally prefer over the function variants (capstone/capstone_thumb) cannot be changed once self._ks is initialized

    def asm(self, string, addr=0, as_bytes=False, thumb=False):
        ...
        if self._ks is None:
            if thumb:
                self.ks_mode += _keystone.KS_MODE_THUMB
            else:
                self.ks_mode += _keystone.KS_MODE_ARM
            self._ks = _keystone.Ks(self.ks_arch, self.ks_mode)
        encoding, count = self._ks.asm(string, addr, as_bytes)
        return encoding

something like this would do if thumb parameter is to be kept

    def asm(self, string, addr=0, as_bytes=False, thumb=False):
        ...
        mode = _keystone.KS_MODE_THUMB if thumb else _keystone.KS_MODE_ARM
        ks = _keystone.Ks(self.ks_arch, self.ks_mode|mode)
        encoding, _ = ks.asm(string, addr, as_bytes)
        return encoding

The tarball available through pypi is lacking the LICENSE file. Please include it with the next release.