search

angr / angrop

BSD 2-Clause "Simplified" License
606 stars 71 forks source link

Does angrop support PE files? #24

Closed mbhatt1 closed 6 years ago

mbhatt1 commented 6 years ago

Question: Does this framework work on PE binaries as well?

ltfish commented 6 years ago

It does!

mbhatt1 commented 6 years ago

When trying to execute the func_call function on a PE executable I get the following error: @ltfish 

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/the-sage/.local/lib/python2.7/site-packages/angrop/chain_builder.py", line 444, in func_call
    if address in self.project.loader.main_object.plt:
AttributeError: 'PE' object has no attribute 'plt'

Help?

rhelmot commented 6 years ago

Fish lied to you, it does not support PE. This is only a hiccup though since almost all of angr is totally platform and architecture agnostic so you just need to tweak the parts that access Linux-specific features (such as the PLT) to not do that on windows, and it should be fine.

There’s also the problem that there’s a lot of built in logic to do things like perform Linux syscalls, but as long as you don’t use those features you’ll be fine.

On Wed, Jun 27, 2018 at 10:36 PM mbhatt1 notifications@github.com wrote:

When trying to execute the func_call function on a PE executable I get the following error: @ltfish https://github.com/ltfish

Traceback (most recent call last): File "", line 1, in File "/home/the-sage/.local/lib/python2.7/site-packages/angrop/chain_builder.py", line 444, in func_call if address in self.project.loader.main_object.plt: AttributeError: 'PE' object has no attribute 'plt'

Help?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/salls/angrop/issues/24#issuecomment-400916310, or mute the thread https://github.com/notifications/unsubscribe-auth/ACYg9bMyAo1_5RDQ8pXnhc8aAeuj0M55ks5uBGt2gaJpZM4U5UOz .

ltfish commented 6 years ago

Right - it does not support PE, but it's not because there is anything fundamentally different between PE and ELF. We just never developed or tested angrop on PE files. You can tweak things and change code so that it will work on PEs.

mbhatt1 commented 6 years ago

pants on fire then? :'(

mbhatt1 commented 6 years ago

Do yall know of a ROP generator that works for PE? I need to do sth quickly

rhelmot commented 6 years ago

I will push the fix that make angrop work on windows if you acknowledge how tasteless that comment was

(I have not tested these changes extensively but the write_to_mem command seems to be producing sane results)

mbhatt1 commented 6 years ago

I acknowledge that I have a weird sense of humor yes. Also that angr and angrop both are awesome sauce! Lol

rhelmot commented 6 years ago

:roll_eyes:

open source isn't a candy shop. we have lives and obligations and can't fix all your problems and CERTAINLY can't be your technical advisors. If you had spent about 10 seconds looking into this problem yourself you would have figured out you could work around it by passing in an address instead of a symbol name. Enjoy your fix, and perhaps be a little more less flippant toward the people you're apparently depending on in the future.

mbhatt1 commented 6 years ago

I didn't mean to. Sorry. I am new to ROP and this seemed the easiest way of doing something quickly. Heartfelt apologies. :)

mbhatt1 commented 6 years ago

Thank you so much