search

TeamSibyl / heimdallr

A tool for semantic binary profiling and adaptive fuzzing
BSD 3-Clause "New" or "Revised" License
1 stars 0 forks source link

Angr alternatives #4

Open spadaval opened 6 years ago

spadaval commented 6 years ago

Angr is fantastic, but it has some limitations:

  1. A variety of syscalls aren't implemented yet, meaning that it cannot handle a few core libraries.
  2. There is no parallel processing support.
  3. Constraint solver backend isn't the greatest, only Z3 is really supported.
  4. Angr cannot detect static libraries very well(though this probably isn't very important, since no one really uses them much) Now we can work around most of these, and we most certainly want to use all the underlying projects that angr uses. The question is, is using angr worth it, knowing that we will likely have to modify significant chunks of it to suit our purposes, or would it be simpler to directly use the API's of the underlying projects?
spadaval commented 6 years ago

Note that this is meant to be answered after mid-term evaluation. We will continue work on angr till then, for certain.

spadaval commented 6 years ago

Perhaps statistical profiling might be helpful for identifying control paths?