angr / angr-management Goto Github PK

View Code? Open in Web Editor NEW

818.0 31.0 106.0 13.03 MB

The official angr GUI.

License: BSD 2-Clause "Simplified" License

Python 99.38% CSS 0.57% Shell 0.05%

angr hacktoberfest program-analysis

angr-management's Introduction

angr Management

This is the GUI for angr. Launch it and analyze some binaries!

Some screenshots:

Installation

Portable, pre-built executable

The easiest way to run angr-management is by grabbing a bundled release from the releases page: https://github.com/angr/angr-management/releases

Builds can be extracted and then run from anywhere. Note that builds are currently unsigned.

From PyPI

To install angr-management, use pip:

pip install angr-management

angr-management can then be run with the command angr-management.

Development Install

See angr-dev for how to set up a development environment for the angr suite. angr-management is included by default and checked out to angr-management directory. If you encounter dependency issues, re-running setup.sh or setup.bat from angr-dev will ensure all dependencies are installed.

angr-management can then be run with angr-management or python start.py.

FLIRT signatures: For now, please manually clone FLIRT signatures by running git clone --recurse-submodules https://github.com/angr/angr-management, which will clone the flirt_signatures submodule.

Usage

Shortcuts

Load a new binary: Ctrl+O
Load a new Docker Image Ctrl+Shift+O
Load a Trace File Ctrl+Shift+T
Save angr database... : Ctrl+S
Save angr database as... : Ctrl+Shift+S
Decompile: F5
Documentation: Alt+H
Next Tab: Ctrl+Tab
Previous Tab: Ctrl+Shift+Tab

Configuration

Configuration files locations vary by platform.

Windows: ~\AppData\Local\angr-management\config.toml
macOS: ~/Library/Preferences/angr-management/config.toml
Linux: ~/.config/angr-management/config.toml

Plugins

Plugins may be installed by placing a subdirectory under plugins. The directory must contain an __init__.py like that in TestPlugin:

from .test_plugin import TestPlugin
PLUGIN_CLS_NAME = TestPlugin.__name__

This also allows you to import a plugin class from another package entirely. The plugin itself should inherit from BasePlugin. Callbacks and events are a work in progress, so the API is subject to change. See TestPlugin for an example of a multithreaded plugin sample.

Scripting

Take a look at https://docs.angr.io/extending-angr/angr_management!

Building with PyInstaller

To build a portable executable using PyInstaller, install angr management into a python envrionment with the pyinstaller extra. Do not install anything in editable mode (pip's -e), as PyInstaller currently fails to bundle modules installed with editable mode. Then, run pyinstaller angr-management.spec.

If things go wrong, the best bet is to reference the nightly build pipeline and the PyInstaller docs. The CI environment that produces nightly builds is at .github/workflows/nightly-build.yml and .github/workflows/nightly-build.sh.

angr-management's People

Contributors

Stargazers

Watchers

Forkers

chubbymaggie praseodym zhuyue1314 lowks wflk shadown windhl tiffanyb shuixi2013 lixuan2416 techlord-rce milesqli stkflt peterg75 donndonn fiberx heruix deelmind czr27 ananay sraboy kazum1kun feiyunwill 0x6b7966 pratyay-banerjee imulmul wliuxingxiangyu gstalker seabreg mephi42 f0829 dongshuaike realazizk reversetools twizmwazin pagabuc jarlob noone-hub masterscott 5l1v3r1 filipkilibarda kyle-kyle mborgerson sefcom sourcecodedeleted novafacing chenghao525 rmallof adersh97 crackercat dlocasc yuzeming virminions ckotherproject r0x0d killvxk xiaoeeyu ognz hrgongyu dawnadvent git4san andreafioraldi mfkiwl gladiopeace capuanob hwu71 inno157 jeromeyoung mrexodia gmh5225 smilehalo marciopocebon li-xingyu ssnowl l4zyf0x b1ack1e jzck-ty ru0ch3n samybtt xxr0ss clayne tu-cao cjlovefree psyirius vincenttttttttt lance1232001 tempaccountnull ale0x78 grosa1 arpitjain799 pyer-at-gh llrraa checrs novoland1988 goatmilkkk asura88 draperlaboratory bluesadi agnosticlines amesianx

angr-management's Issues

Linear disassembly view slows to a crawl rendering large data elements

To reproduce, open any CGC binary, hit space, scroll to the bottom. Wait. The embedded PDF/etc grinds the display to a halt.

BinNavi as a replacement?

I was thinking it might be possible to use Zynamics' BinNavi as a GUI for the CFG. We would have to figure out a way to use BinExport to get the graph data from angr's NetworkX.

How feasible do you guys think this is?

https://github.com/google/binnavi/wiki/Replacing-IDA-as-Disassembler-Frontend#alternatives-for-interfacing-a-disassembler-with-binnavi

Occasional Missing Job

I haven't been able to run this down but it pops up every now and then after loading a binary with just defaults set, so I assume it's the CFG job that's disappeared.

Exception in thread angr Management Worker Thread:
Traceback (most recent call last):
  File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/instance.py", line 223, in _worker
    self.jobs.remove(job)
ValueError: list.remove(x): x not in list

undefined symbol: Agundirected

install angrmanagement success, but run python -m angrmanagement got an error:

WARNING | 2017-07-04 17:03:35,321 | claripy | Claripy is setting the recursion limit to 15000. If Python segfaults, I am sorry.
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 52, in <module>
    main()
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 38, in main
    from .ui.main_window import MainWindow
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/main_window.py", line 13, in <module>
    from .workspace import Workspace
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/workspace.py", line 7, in <module>
    from angrmanagement.ui.views import FunctionsView, DisassemblyView, SymexecView, StatesView, StringsView, ConsoleView
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/views/__init__.py", line 2, in <module>
    from .disassembly_view import DisassemblyView
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/views/disassembly_view.py", line 7, in <module>
    from ..widgets import QDisasmGraph, QDisasmStatusBar
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/widgets/__init__.py", line 8, in <module>
    from .qpg_graph import QPathGroupGraph
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/widgets/qpg_graph.py", line 2, in <module>
    import pygraphviz
  File "/usr/local/lib/python2.7/dist-packages/pygraphviz/__init__.py", line 58, in <module>
    from .agraph import AGraph, Node, Edge, Attribute, ItemAttribute, DotError
  File "/usr/local/lib/python2.7/dist-packages/pygraphviz/agraph.py", line 26, in <module>
    from . import graphviz as gv
  File "/usr/local/lib/python2.7/dist-packages/pygraphviz/graphviz.py", line 28, in <module>
    _graphviz = swig_import_helper()
  File "/usr/local/lib/python2.7/dist-packages/pygraphviz/graphviz.py", line 24, in swig_import_helper
    _mod = imp.load_module('_graphviz', fp, pathname, description)
ImportError: /usr/local/lib/python2.7/dist-packages/pygraphviz/_graphviz.so: undefined symbol: Agundirected

about angr management

documents about angr management is not strong . i run my own c program in angr management and i see this cfg on it, my question is what does this CFG show ?! what does it mean?!
ok, if i want to run in without angr management what should i do step by step? what is linux terminal cmd to run it?!!

Thank you for your help.

AttributeError: 'PathHierarchy' object has no attribute '_successors'

I get this error below, when i run it . How do i fix it ? any ideas!!

python -m angrmanagement ./fauxware
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 162, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/main.py", line 22, in
view.show()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/window.py", line 414, in show
self.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/window.py", line 192, in initialize
super(Window, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
super(ToolkitObject, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 120, in initialize
self.initialized()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative_meta.py", line 68, in declarative_change_handler
engine.write(owner, change['name'], change)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/expression_engine.py", line 210, in write
pair.writer(owner, name, change)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/standard_handlers.py", line 82, in call
call_func(func, (), {}, scope)
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/main.enaml", line 103, in
inst.add_workspace(gen_symbolic_wk(inst))
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/data/instance.py", line 49, in add_workspace
self.workspaces = self.workspaces + [wk]
File "/usr/local/lib/python2.7/dist-packages/enaml/core/standard_tracer.py", line 55, in call
engine.update(owner, self.name)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/expression_engine.py", line 241, in update
setattr(owner, name, pair.reader(owner, name))
File "/usr/local/lib/python2.7/dist-packages/enaml/core/looper.py", line 74, in _observe_iterable
self.refresh_items()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/looper.py", line 129, in refresh_items
self.parent.insert_children(self, expanded)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/object.py", line 227, in insert_children
child_added(child)
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 182, in child_added
super(ToolkitObject, self).child_added(child)
File "/usr/local/lib/python2.7/dist-packages/enaml/styling.py", line 343, in child_added
super(Stylable, self).child_added(child)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 141, in child_added
child.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
super(ToolkitObject, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 118, in initialize
child.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
super(ToolkitObject, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 118, in initialize
child.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
super(ToolkitObject, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 118, in initialize
child.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/include.py", line 42, in initialize
obj.initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
super(ToolkitObject, self).initialize()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative.py", line 120, in initialize
self.initialized()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative_meta.py", line 68, in declarative_change_handler
engine.write(owner, change['name'], change)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/expression_engine.py", line 210, in write
pair.writer(owner, name, change)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/standard_handlers.py", line 82, in call
call_func(func, (), {}, scope)
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/pathtree.enaml", line 132, in
on_pg_sel({'value': wk.selected_pg})
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative_function.py", line 179, in call
return _invoke(self.im_func, self.im_key, self.im_self, args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative_function.py", line 47, in _invoke
return call_func(func, args, kwargs, scope)
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/pathtree.enaml", line 148, in on_pg_sel
pti.paths = [path for (stash, paths) in pg.stashes.items() if stash != 'pruned' for path in paths]
File "/usr/local/lib/python2.7/dist-packages/enaml/core/standard_tracer.py", line 55, in call
engine.update(owner, self.name)
File "/usr/local/lib/python2.7/dist-packages/enaml/core/expression_engine.py", line 241, in update
setattr(owner, name, pair.reader(owner, name))
File "/usr/local/lib/python2.7/dist-packages/enaml/core/looper.py", line 74, in _observe_iterable
self.refresh_items()
File "/usr/local/lib/python2.7/dist-packages/enaml/core/looper.py", line 100, in refresh_items
for loop_index, loop_item in enumerate(iterable):
File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/pathtree.enaml", line 81, in all_paths
if path.state.se not in hierarchy._successors or len(hierarchy._successors[path.state.se]) == 0:
AttributeError: 'PathHierarchy' object has no attribute '_successors'

AttributeError: 'module' object has no attribute 'MIPS_GRP_CALL'

Hi all,
I have loaded an example project and double clicked on one symbol but I had the following error:

AttributeError: 'module' object has no attribute 'MIPS_GRP_CALL'

How can I fix it? Any problem with capstone?

Invalid Argument in instance.py

Hi!

Due to an update of the Angr library, the strong_path_mapping argument in the function add_path_group from the file data/instance.py seems not to be supported anymore. By removing it, it seems to work.

AttributeError: module 'angr.analyses.cfg' has no attribute 'CFGBase'

I searched multiple issues, but couldn't find the matching one.

(angr) [r668v698@themata angr-management]$ python start.py
/Ruturaj/angr/angr/lib/python3.7/site-packages/pysmt/walkers/generic.py:43: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
if len(nodetypes) == 1 and isinstance(nodetypes[0], collections.Iterable):
Traceback (most recent call last):
File "start.py", line 30, in
main(args.binary)
File "/Ruturaj/angr/angr-management/angrmanagement/main.py", line 79, in main
main_window = MainWindow()
File "/Ruturaj/angr/angr-management/angrmanagement/ui/main_window.py", line 81, in init
self._init_workspace()
File "/Ruturaj/angr/angr-management/angrmanagement/ui/main_window.py", line 235, in _init_workspace
wk = Workspace(self, Instance())
File "/Ruturaj/angr/angr-management/angrmanagement/data/instance.py", line 31, in init
self.register_container('cfg_container', lambda: None, Optional[angr.analyses.cfg.CFGBase], "The current CFG")
AttributeError: module 'angr.analyses.cfg' has no attribute 'CFGBase'

I tried to uninstall and reinstall the supported modules. Thanks in advance for your help.

Unable to start angr-management in docker image?

Hello,
I have been trying to open angr-management using the provided docker image but have been unable to start it. After starting with "sudo docker run -it angr/angr", I have run 'python -m angrmanagement' and 'python -m angr-management' in several directories (~, angr-dev, angr-management, angrmanagement) but am met with the same error[s]: "/home/angr/.virtualenvs/angr/bin/python: No module named [angrmanagement/angr-management]"

In case angr-management wasn't installed correctly, I attempted "pip install angr-managment" in the angr docker, but there was an error during the 'Running setup.py' step (ImportError: No module named _markerlib) and "Failed building wheel for distribute" but every other step succeeded. "python -m angrmanagement" then produced "qt_application.pyc: cannot connect to X server" so I suppose that wasn't the right fix either.

How would you recommend proceeding from here?

Missing Graph Folder

Hi!

I used pip in order to install angr-management on Debian 8 and when I started it, it told me that the graph module was missing. After doing a hard copy from the Git repository to my computer I coped with this problem. It seems that the problem comes from the pip package where the folder ui/graph is missing.

Instruction Selection Highlighting

Selecting an instruction mnemonic highlights the entire line, operands and all. Selecting an operand highlights the specific operand as well as matches elsewhere on the display.

I think the former should behave like the latter, which is also how IDA does it. However, in IDA, I often lose my place when every mov is highlighted so I think there's value in highlighting the entire line as well, but with a much lighter color.

migration to pyside2

qt5 is stable and used by most modern linux distributions as the default. pyside is for qt4, and isn't compatible with qt5. pyside2 is for usage with qt5.

https://wiki.qt.io/PySide2

Unable to run angr-management on my Mint linux machine

Hi , I am trying to to run angr-management for the first time , I have installed PySide and all qt dependencies successfully (I hope so ) , I ran
python2.7 -m angrmanagement

and got an import error , saying no module named cfb , So I pip installed it

pip2.7 install cfb

And I still get the import error , am I missing something ?

syncush@syncush ~/Desktop/angr-management $ sudo pip2.7 install cfb
The directory '/home/syncush/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting cfb
Downloading cfb-0.8.3-py2.py3-none-any.whl
Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from cfb)
Installing collected packages: cfb
Successfully installed cfb-0.8.3

syncush@syncush ~/Desktop/angr-management $ python2.7 -m angrmanagement
WARNING | 2018-04-03 18:15:14,230 | angr.analyses.disassembly_utils | Your verison of capstone does not support MIPS instruction groups.
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/home/syncush/Desktop/angr-management/angrmanagement/main.py", line 72, in
main()
File "/home/syncush/Desktop/angr-management/angrmanagement/main.py", line 58, in main
from .ui.main_window import MainWindow
File "angrmanagement/ui/main_window.py", line 14, in
from .workspace import Workspace
File "angrmanagement/ui/workspace.py", line 7, in
from .views import FunctionsView, DisassemblyView, SymexecView, StatesView, StringsView, ConsoleView
File "angrmanagement/ui/views/init.py", line 2, in
from .disassembly_view import DisassemblyView
File "angrmanagement/ui/views/disassembly_view.py", line 8, in
from ..widgets import QDisasmGraph, QDisasmStatusBar, QLinearViewer
File "angrmanagement/ui/widgets/init.py", line 10, in
from .qlinear_viewer import QLinearViewer
File "angrmanagement/ui/widgets/qlinear_viewer.py", line 9, in
from angr.analyses.cfg.cfb import Unknown
ImportError: No module named cfb

No module named 'pyside2uic'

When I installed angr-management and started with python -m angrmanagement, I got an error.

.virtualenvs/angr-dev/lib/python3.6/site-packages/cffi/cparser.py:164: UserWarning: Global variable 'r' in cdef(): for consistency with C it should have a storage class specifier (usually 'extern')
  "(usually 'extern')" % (decl.name,))
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File ".virtualenvs/angr-dev/lib/python3.6/site-packages/angr_management-8.19.4.5-py3.6.egg/angrmanagement/__main__.py", line 66, in <module>
    main()
  File ".virtualenvs/angr-dev/lib/python3.6/site-packages/angr_management-8.19.4.5-py3.6.egg/angrmanagement/__main__.py", line 48, in main
    from .ui.main_window import MainWindow
  File ".virtualenvs/angr-dev/lib/python3.6/site-packages/angr_management-8.19.4.5-py3.6.egg/angrmanagement/ui/main_window.py", line 23, in <module>
    from .menus.help_menu import HelpMenu
  File ".virtualenvs/angr-dev/lib/python3.6/site-packages/angr_management-8.19.4.5-py3.6.egg/angrmanagement/ui/menus/help_menu.py", line 4, in <module>
    from pyside2uic.properties import QtCore
ModuleNotFoundError: No module named 'pyside2uic'

Supergraph

How can I access the supergraph‘s nodes of a function object， such as the VEX_IR, precursor nodes?

Remember Window Geometry

angr-management should use QSettings to save the main window's geometry, dock panel placement, etc.

Error message when exiting: "QThread: Destroyed while thread is still running"

After merging in #67, I get this error message when quitting angr management all the time. Maybe there is a thread left running? @sraboy

Python crashes during CFG generation

I've got a current git checkout on my Ubuntu box. First, is there a recommended pypy3 version that has PySide2? Mine (python 3.5.2, PyPy 5.8.0-beta0) can't find a version.

Anyway, even with CPython, angr-management crashes when I load a binary. I get a segfault after setting CFG options (no changes, left at default) for any binary:

(angrdev) steve@xubuntudev:~/code/angr-dev/angr-management$ ./start.py ~/code/a.out 
WARNING | 2019-02-07 08:29:33,256 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 08:30:56,596 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 08:30:56,842 | angr.analyses.calling_convention | Please run variable recovery on <Function _init (0x4006a0)> before analyzing its calling conventions.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Cannot determine calling convention.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Please run variable recovery on <Function sub_4006c0 (0x4006c0)> before analyzing its calling conventions.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Cannot determine calling convention.
Segmentation fault (core dumped)

While tinkering, I commented out app.exec() in __main__.py and I get this:

(angrdev) steve@xubuntudev:~/code/angr-dev/angr-management$ ./start.py ~/code/a.out 
WARNING | 2019-02-07 07:37:42,871 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 07:37:44,258 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
Exception in thread angr Management Worker Thread:
Traceback (most recent call last):
  File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/instance.py", line 178, in _worker
    result = job.run(self)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/jobs/cfg_generation.py", line 41, in run
    **self.cfg_args
  File "/home/steve/code/angr-dev/angr/angr/analyses/analysis.py", line 109, in __call__
    oself.__init__(*args, **kwargs)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg.py", line 55, in __init__
    CFGFast.__init__(self, **kwargs)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1040, in __init__
    self._analyze()
  File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 552, in _analyze
    self._analysis_core_baremetal()
  File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 677, in _analysis_core_baremetal
    self._process_job_and_get_successors(job_info)
  File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 695, in _process_job_and_get_successors
    successors = self._get_successors(job)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1430, in _get_successors
    jobs = self._scan_block(job)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1684, in _scan_block
    entries = self._scan_irsb(cfg_job, current_func_addr)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1871, in _scan_irsb
    stmt_idx
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1968, in _create_jobs
    resolved_as_plt = self._resolve_plt(addr, irsb, ij)
  File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 2636, in _resolve_plt
    simsucc = self.project.engines.default_engine.process(self._initial_state, irsb, force_addr=addr)
  File "/home/steve/code/angr-dev/angr/angr/engines/vex/engine.py", line 142, in process
    opt_level=opt_level)
  File "/home/steve/code/angr-dev/angr/angr/engines/engine.py", line 35, in process
    new_state = state.copy()
  File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 449, in copy
    mode=self.mode, os_name=self.os_name)
  File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 89, in __init__
    p.init_state()
  File "/home/steve/code/angr-dev/angr/angr/state_plugins/history.py", line 63, in init_state
    self.successor_ip = self.state._ip
  File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 216, in _ip
    return self.regs._ip
  File "/home/steve/code/angr-dev/angr/angr/state_plugins/view.py", line 30, in __getattr__
    return state.registers.load(k, inspect=inspect, disable_actions=disable_actions)
  File "/home/steve/code/angr-dev/angr/angr/storage/memory.py", line 796, in load
    r = r.reversed
  File "/home/steve/code/angr-dev/claripy/claripy/operations.py", line 67, in _op
    return return_type(name, fixed_args, **kwargs)
  File "/home/steve/code/angr-dev/claripy/claripy/ast/base.py", line 152, in __new__
    r = operations._handle_annotations(eb._abstract(eb.call(op, args)), args)
  File "/home/steve/code/angr-dev/claripy/claripy/backends/backend_concrete.py", line 94, in _abstract
    return BVV(e.value, e.size())
  File "/home/steve/code/angr-dev/claripy/claripy/ast/bv.py", line 251, in BVV
    try: return _bvv_cache[(value, size)]
NameError: name '_bvv_cache' is not defined

I can't figure this out... the way the imports are written in claripy just confuses me so I'm not sure how this global var is undefined (or getting deleted?).

EDIT: I should point out that this happens for any and every binary.

Feature: User-Specific Config/Settings

We should have a ~/.config/angr/angr-management (exact path TBD). This would allow user installation of plugins without permissions issues and (eventually) saving user configuration information.

I could use this with the PluginManager but I also think it should be standardized across angr's packages... there are a lot of common/regularly-used settings or shortcuts I enable that I could stuff into something like a .gdbinit.

I can open a separate angr issue if it's something you think we could explore.

Issue at the startup

(angr) user@user-VirtualBox:~/angr-doc-master/examples/fauxware$ python -m angrmanagement ./fauxware
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/home/user/.virtualenvs/angr/lib/python2.7/site-packages/angrmanagement/main.py", line 4, in
from enaml.qt.qt_application import QtApplication
File "/home/user/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/qt/init.py", line 35, in
raise ImportError('Cannot import PyQt4 or PySide')
ImportError: Cannot import PyQt4 or PySide

Using archr

Is there any plan (and if so, timeline) to migrate angr-management to use archr internally?

Given a local binary that has related data files, env vars, etc that might be relevant to analysis, it would be helpful to have a project/target that innately includes the (pre-execution/static) state. It would also more easily expose this stuff to manipulation via the GUI.

I'm aware of the plugin for the DockerImageTarget but I'd be using a LocalTarget.

Build standalone releases on Windows, MacOS, and Linux

Ideally, casual users should be able to download one file from GitHub and run it to try angr Management, without having to install/configure an entire Python virtual environment. fbs seems to be a good start.

filtering the strings list by function empties the list

On current master, selecting anything other than "All functions" causes the strings list to blank out, even if you later go back to re-select "all functions".

It actually looks like there might be elements on the list still they're just not visible, but I haven't looked any closer than that.

Global KnowledgeBase access

I think the current KB (or angr.Project) should be globally accessible, either as a global var or through a globally-accessible workspace property. The DisassemblyView only has it through the cfg, which doesn't exist right off the bat. In other places, like the functions table, I've had to hack in a new property.

For example, I'm writing a KB plugin that stores information per instruction or per function and I lookup function/instruction information in the plugin to change the background highlight color in the disassembly and/or function table widget.

EDIT: Ditto for making the current project accessible through the Python console.

Exception on start

When I try to launch angr-management, I get the following exception:

% python -m angrmanagement
No handlers could be found for logger "claripy"
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/home/mark/angr/angr-management/angrmanagement/__main__.py", line 22, in <module>
    view.show()
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/widgets/window.py", line 414, in show
    self.initialize()
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/widgets/window.py", line 192, in initialize
    super(Window, self).initialize()
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/widgets/toolkit_object.py", line 160, in initialize
    super(ToolkitObject, self).initialize()
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/core/declarative.py", line 120, in initialize
    self.initialized()
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/core/declarative_meta.py", line 68, in declarative_change_handler
    engine.write(owner, change['name'], change)
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/core/expression_engine.py", line 210, in write
    pair.writer(owner, name, change)
  File "/home/mark/.virtualenvs/angr/local/lib/python2.7/site-packages/enaml/core/standard_handlers.py", line 82, in __call__
    call_func(func, (), {}, scope)
  File "angrmanagement/ui/main.enaml", line 101, in <module>
    if len(inst.workspaces) == 0:
AttributeError: 'NoneType' object has no attribute 'workspaces'
Exception TypeError: "'NoneType' object is not callable" in  ignored
Exception TypeError: "'NoneType' object is not callable" in  ignored

I'm using a development installation. I suppose I'm missing a step before trying to launch angr-management.

"Instruction X has two memory operands. Please report it on GitHub" when opening defcamp r100 (from the examples)

ERROR   | 2018-02-08 20:12:18,636 | ui.widgets.qoperand | Instruction 0x40072d has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:18,638 | ui.widgets.qoperand | Instruction 0x400752 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:18,640 | ui.widgets.qoperand | Instruction 0x400774 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:18,642 | ui.widgets.qoperand | Instruction 0x400797 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:50,236 | ui.widgets.qoperand | Instruction 0x40079b has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:50,237 | ui.widgets.qoperand | Instruction 0x40072d has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:50,242 | ui.widgets.qoperand | Instruction 0x400752 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:50,244 | ui.widgets.qoperand | Instruction 0x400774 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:50,244 | ui.widgets.qoperand | Instruction 0x400797 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:51,382 | ui.widgets.qoperand | Instruction 0x40079b has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:51,383 | ui.widgets.qoperand | Instruction 0x40072d has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:51,384 | ui.widgets.qoperand | Instruction 0x400752 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:51,386 | ui.widgets.qoperand | Instruction 0x400774 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:51,387 | ui.widgets.qoperand | Instruction 0x400797 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:52,598 | ui.widgets.qoperand | Instruction 0x40079b has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:52,599 | ui.widgets.qoperand | Instruction 0x40072d has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:52,603 | ui.widgets.qoperand | Instruction 0x400752 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:52,604 | ui.widgets.qoperand | Instruction 0x400774 has two memory operands. Please report it on GitHub.
ERROR   | 2018-02-08 20:12:52,605 | ui.widgets.qoperand | Instruction 0x400797 has two memory operands. Please report it on GitHub.

Strangely:

0x400797:	add	dword ptr [rbp - 0x24], 1
0x40079b:	cmp	dword ptr [rbp - 0x24], 0xb
0x40079f:	jle	0x40072d
In [4]: p.factory.block(0x40079b).pp()
0x40079b:	cmp	dword ptr [rbp - 0x24], 0xb
0x40079f:	jle	0x40072d
In [5]: p.factory.block(0x400774).pp()
0x400774:	mov	eax, dword ptr [rbp - 0x24]
0x400777:	movsxd	rcx, eax
0x40077a:	mov	rax, qword ptr [rbp - 0x38]
0x40077e:	add	rax, rcx
0x400781:	movzx	eax, byte ptr [rax]
0x400784:	movsx	eax, al
0x400787:	sub	edx, eax
0x400789:	mov	eax, edx
0x40078b:	cmp	eax, 1
0x40078e:	je	0x400797

Log Output View

Another tabbed view down by the interactive console for log output would be a great addition. A simple QPlainTextEdit log handler would work (sample link) but a couple stretch goals:

Color output
UI-exposed filters on logger (e.g., show only cle.backend or WARNING level)
A little exclamation point or something appended to the tab's title if errors are in the log
Dump/Export ability
(Optionally) saving log output to the ADB

Add an option menu for functions table to toggle the display of different types of functions

Per angr/angr#1596, one more type of functions, alignment functions, are added. Normally users will not want to see those functions in the function table because they are mostly useless. Hence, allowing users to toggle which types of functions to display and which types of functions to hide is a must.

Odd Dock Behavior

Ping @ananay

Ref code:

angr-management/angrmanagement/ui/view_manager.py

Lines 43 to 48 in 3d6d502

 if view.default_docking_position == 'right': 

 self.main_window.central_widget.addDockWidget(dock_area, dock) 

 retab = True 

 else: 

 self.main_window.addDockWidget(dock_area, dock) 

 retab = False

I want to display my plugin on the far-right, i.e., right of DisassemblyView. If I set its view's default_docking_position to left/top/bottom, behavior is as expected. If I set it to 'right', then the above code adds it to the central widget as a tab, like DisassemblyView, etc.

The only way to have it tabbed on the right is to set default_docking_position to an invalid value, which means its dock_area gets set to Qt.RightDockWidgetArea and the above code will follow the second branch instead.

Here's what I want, which I can only get by calling BaseView with default_docking_position='middle':

This works but has a downside/bug. That barrier you see between DisassemblyView and my ChessPlugin is actually two barriers, between which the "Split View" feature puts tabs and which can be resized to display a large empty area.

Here's that awkward empty space:

Here's a split view tab:

I think the simplest solution is for ViewManager to expose a function to add a tab to the central area that's automatically split out to a specified size (e.g., formalize what I'm doing to get Qt.RightDockWidgetArea and adding the widget to the MainWindow rather than central_widget). However, the better solution might be improving support in ViewManager for nested & grouped docking (see Woboq's second example here).

`TypeError: unsupported operand type(s) for +: 'NoneType' and 'float'` when displaying function

Function 401aa0 causes the following exception when displayed, leading to a-m freezing up:

  File "angrmanagement/ui/widgets/qfunction_table.py", line 120, in _on_function_selected
    self._selected(selected_item._function)
  File "angrmanagement/ui/views/functions_view.py", line 42, in _on_function_selected
    self.workspace.on_function_selected(function)
  File "angrmanagement/ui/workspace.py", line 52, in on_function_selected
    self.views_by_category['disassembly'][0].display_function(function)
  File "angrmanagement/ui/views/disassembly_view.py", line 160, in display_function
    self._display_function(function)
  File "angrmanagement/ui/views/disassembly_view.py", line 310, in _display_function
    self._flow_graph.function_graph = FunctionGraph(function=the_func)
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 104, in function_graph
    self.reload()
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 158, in reload
    self.request_relayout()
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 416, in request_relayout
    node_coords, edges = self._layout_graph()
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 406, in _layout_graph
    gl = GraphLayouter(self.function_graph.supergraph, node_sizes)
  File "angrmanagement/utils/graph_layouter.py", line 295, in __init__
    self._layout()
  File "angrmanagement/utils/graph_layouter.py", line 317, in _layout
    self._make_grids()
  File "angrmanagement/utils/graph_layouter.py", line 492, in _make_grids
    col, row = self._locations[node]
KeyError: <SuperCFGNode 0x4023d6, 1 blocks, 0 out branches>
Traceback (most recent call last):
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 311, in mousePressEvent
    block = self._get_block_by_pos(event.pos())
  File "angrmanagement/ui/widgets/qgraph.py", line 209, in _get_block_by_pos
    if b.x <= x < b.x + b.width and b.y <= y < b.y + b.height:
TypeError: unsupported operand type(s) for +: 'NoneType' and 'float'
Traceback (most recent call last):
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 311, in mousePressEvent
    block = self._get_block_by_pos(event.pos())
  File "angrmanagement/ui/widgets/qgraph.py", line 209, in _get_block_by_pos
    if b.x <= x < b.x + b.width and b.y <= y < b.y + b.height:
TypeError: unsupported operand type(s) for +: 'NoneType' and 'float'
Traceback (most recent call last):
  File "angrmanagement/ui/widgets/qdisasm_graph.py", line 311, in mousePressEvent
    block = self._get_block_by_pos(event.pos())
  File "angrmanagement/ui/widgets/qgraph.py", line 209, in _get_block_by_pos
    if b.x <= x < b.x + b.width and b.y <= y < b.y + b.height:
TypeError: unsupported operand type(s) for +: 'NoneType' and 'float'

Binary attached (it's /bin/false from the angr docker image).

Custom Toolbar Buttons

While you're redoing the plugin system anyway... there's no way for a plugin to add a toolbar button. Right now, the QToolBar is created on the fly, added, and then returned but there's no way to access that returned object. I simply cached that object in the Toolbar class in my fork (diff here).

Unfortunately, I can't push that upstream... because rules and such.

Missing packages in setup.py?

Hello,

Shouldn't setup.py include widgets and utils? Running python -m angrmanagement fails:

Traceback (most recent call last):
    File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
        "__main__", fname, loader, pkg_name)
    File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
        exec code in run_globals
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 27, in <module>
        main()
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 11, in main
        from ui.main import Main
    File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
        exec code in mod.__dict__
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/main.enaml", line 22, in
        from .state import RegistersItem, MemoryItem
    File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
        exec code in mod.__dict__
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/state.enaml", line 8, in
        from ..widgets.api import Table
    ImportError: No module named widgets.api

After copying widgets it fails again with missing utils. Even after having both widgets and utils, I stil get this error:

Traceback (most recent call last):
    File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
        "__main__", fname, loader, pkg_name)
    File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
        exec code in run_globals
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 27, in <module>
        main()
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 22, in main
        view.show()
    File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/window.py", line 416, in show
        self.activate_proxy()
    File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 213, in activate_proxy
        child.activate_proxy()
    File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 213, in activate_proxy
        child.activate_proxy()
    File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 214, in activate_proxy
        self.activate_bottom_up()
    File "/usr/local/lib/python2.7/dist-packages/enaml/widgets/toolkit_object.py", line 236, in activate_bottom_up
        self.proxy.activate_bottom_up()
    File "/usr/local/lib/python2.7/dist-packages/enaml/qt/qt_toolkit_object.py", line 82, in activate_bottom_up
        self.init_layout()
    File "/usr/local/lib/python2.7/dist-packages/enaml/qt/qt_notebook.py", line 412, in init_layout
        self.init_selected_tab()
    File "/usr/local/lib/python2.7/dist-packages/enaml/qt/qt_notebook.py", line 453, in init_selected_tab
        if d.selected_tab:
    File "/usr/local/lib/python2.7/dist-packages/enaml/core/declarative_meta.py", line 43, in __call__
        value = engine.read(owner, name)
    File "/usr/local/lib/python2.7/dist-packages/enaml/core/expression_engine.py", line 179, in read
        return pair.reader(owner, name)
    File "/usr/local/lib/python2.7/dist-packages/enaml/core/standard_handlers.py", line 101, in __call__
        return call_func(func, (tr,), {}, scope)
    File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/main.enaml", line 186, in <module>
        selected_tab << inst.current_workspace.name if inst.current_workspace is not None else u''
AttributeError: 'NoneType' object has no attribute 'current_workspace'

I'm running the latest Kali version, installed angrmanagement with pip.

broken setup.py

due to recent refactoring: 3f3b7cb

Renaming Labels Exception

Set a label at an instruction somewhere in the middle of a block (hotkey=n). When the label is set, the relevant QBlock.addr_to_labels is never set so if you rename that label, you'll get this:

Traceback (most recent call last):
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/dialogs/rename_label.py", line 114, in _on_ok_clicked
    self._disasm_view.rename_label(self._label_addr, label)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/views/disassembly_view.py", line 356, in rename_label
    self._flow_graph.update_label(addr, is_renaming=is_renaming)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qgraph.py", line 129, in update_label
    block.update_label(label_addr)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qblock.py", line 85, in update_label
    raise Exception('Label at address %#x is not found.' % label_addr)
Exception: Label at address 0x4007a9 is not found.

I'm guessing this was originally intended for setting a label for a block at the block's start address but the hotkey works for any instruction address (as it should, like IDA). Either way, the label is never actually shown and you can't rename it like above.

Some documentation on how to run would be nice

Some documentation on how to run would be nice :)

Remote angr

This is a feature request based on a recent discussion regarding CHESS. We're not far enough into the conversation to know whether it would actually be used but it seems like a great idea anyway.

It would be nice if angr could run as a "backend server," a la gdbserver, and angr-management dealt with it through a socket. This would allow, for example, using angr with unicorn and pypy3 to analyze my ARM binary on a Pi while using the UI on my x86-64 box.

Refactor Views/Workspace to Use Instance

Tracking todo's from the conversation in #65. Some things that should be moved to Instance:

QBaseGraph.selected_insns (unless @ltfish did it this way for a reason?)
DisassemblyView._selected_func

Adding on:

DisassemblyView.current_graph
QBaseGraph.selected_operands
Qt callback setters (e.g., text colors, additional menu items, etc)

Angr management ImportError/AttributeError

I installed angr management using
pip install angr-management
like described in the readme. Then when trying to start it, I get the following output:

root@kali:~# python -m angrmanagement
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 27, in <module>
    main()
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/__main__.py", line 11, in main
    from ui.main import Main
  File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
    exec code in mod.__dict__
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/main.enaml", line 22, in 
    from .state import RegistersItem, MemoryItem
  File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
    exec code in mod.__dict__
  File "/usr/local/lib/python2.7/dist-packages/angrmanagement/ui/state.enaml", line 8, in 
    from ..widgets.api import Table
ImportError: No module named widgets.api

After cloning and running the same command in the angr-mangement folder I'm getting a different error:

root@kali:~/Desktop/angr-management# python -m angrmanagement
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/root/Desktop/angr-management/angrmanagement/__main__.py", line 26, in <module>
    main()
  File "/root/Desktop/angr-management/angrmanagement/__main__.py", line 11, in main
    from ui.main import Main
  File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
    exec code in mod.__dict__
  File "angrmanagement/ui/main.enaml", line 21, in 
    from .state import RegistersItem, MemoryItem
  File "/usr/local/lib/python2.7/dist-packages/enaml/core/import_hooks.py", line 143, in load_module
    exec code in mod.__dict__
  File "angrmanagement/ui/state.enaml", line 8, in 
    from ..widgets.api import Table
  File "angrmanagement/widgets/api.py", line 3, in <module>
    from .flowgraph import FlowGraph
  File "angrmanagement/widgets/flowgraph.py", line 17, in <module>
    class FlowGraph(Frame):
  File "angrmanagement/widgets/flowgraph.py", line 23, in FlowGraph
    disasm = d_(Typed(angr.analyses.Disassembly))
AttributeError: 'module' object has no attribute 'Disassembly'

Blob Loadng

Hello Angr-Team,

I have a short question regarding the loading of blobs in angr-management. Is this possible or supported?

Best regards,
Andy

FUNC_COLUMNS IndexError

I'm in the middle of migrating to this new plugin architecture and keep hitting this error:

  File "<snip>/angrmanagement/plugins/plugin_manager.py", line 187, in get_func_column
    return plugin.FUNC_COLUMNS[idx]
IndexError: list index out of range

At the moment, I'm not doing anything with the functions view.

EDIT: I'm guessing the conditional there should be >= not just >:
if idx >= len(plugin.FUNC_COLUMNS):.

QInstruction Click Handler Bugs

Typo: handle_insn_click vs PluginManager.handle_click_insn
Also, the conditionals here consume the click event if it's just a normal left-click, so the plugins are never called. I use every selection of an address to track user activity, telemetry-style, so I can't rely on InfoDock.selected_insns (which doesn't tell me which was just clicked, just all of which are currently selected; it also doesn't give me right clicks).

angr-management/angrmanagement/ui/widgets/qinstruction.py

Line 68 in be2ae29

elif self.workspace.plugins.handle_insn_click(self, event):

StringsView Broken

Haven't had a chance to look into it yet but if you go to the strings view and change the function you're looking at and go back to "All Functions", you'll get this exception:

Traceback (most recent call last):
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qfunction_combobox.py", line 60, in _on_current_index_changed
    self._selection_callback(function)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/views/strings_view.py", line 45, in _on_function_selected
    self.reload()
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/views/strings_view.py", line 27, in reload
    self._string_table.function = self._selected_function
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qstring_table.py", line 86, in function
    self.reload()
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qstring_table.py", line 108, in reload
    for irsb_addr, _, _ in f.refs:
AttributeError: 'MemoryData' object has no attribute 'refs'

Disable Functions Text Filter on Start

The functions view's text filter is enabled on start, even when there is no binary. If you accidentally type into it, you'll see this:

Traceback (most recent call last):
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qfunction_table.py", line 353, in _on_filter_box_text_changed
    self._table_view.filter(text)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qfunction_table.py", line 237, in filter
    self._model.filter(keyword)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/ui/widgets/qfunction_table.py", line 57, in filter
    self._func_list = [ func for func in self._raw_func_list if self._func_match_keyword(func, keyword) ]
TypeError: 'NoneType' object is not iterable

So either input should be disabled or _raw_func_list needs a None check.

Interaction Unreferenced

angr-management/angrmanagement/ui/workspace.py

Line 279 in 8eb2372

view = Interaction(self, 'right')

Think that should be InteractionView, right?

CFG Serialization Fails

I just pulled in all the latest. With angr-management, my plugin subscribes to changes on Instance.cfg_container and immediately serializes it. I now get this exception:

  ERROR   | 2019-07-19 11:25:43,965 | angrmanagement.data.jobs.cfg_generation | Exception occurred in CFGGenerationJob.finish().
Traceback (most recent call last):
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/jobs/cfg_generation.py", line 54, in finish
    inst.cfg = cfg
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/instance.py", line 70, in cfg
    self.cfg_container.am_event()
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/object_container.py", line 19, in am_event
    listener(**kwargs)
  File "/home/steve/code/angr-dev/angr-management/angrmanagement/plugins/chess_plugin/chess_plugin.py", line 153, in on_cfg_change
    angrcfg = self._workspace.instance.cfg.model.serialize_to_cmessage()
  File "/home/steve/code/angr-dev/angr/angr/knowledge_plugins/cfg/cfg_model.py", line 105, in serialize_to_cmessage
    memory_data.append(data.serialize_to_cmessage())
  File "/home/steve/code/angr-dev/angr/angr/knowledge_plugins/cfg/memory_data.py", line 83, in serialize_to_cmessage
    cmsg.type = _SORT_TO_IDX[self.sort]
KeyError: 'elf-header'

potential bug in to_supergraph function

I'm analyzing a function transition graph and try to transform it into a super transition graph using the function to_supergraph provided by https://github.com/angr/angr-management/blob/master/angrmanagement/utils/graph.py/

However, the statement super_graph.remove_node(dst_supernode) sometimes runs into error.
The error info is as below:

Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/dsk/PycharmProjects/angr-examples/cgiAnalysis/static.py", line 90, in <module>
    main()
  File "/home/dsk/PycharmProjects/angr-examples/cgiAnalysis/static.py", line 84, in main
    supergraph = to_supergraph(transition_graph)
  File "/home/dsk/PycharmProjects/angr-examples/utils/function_utils.py", line 128, in to_supergraph
    super_graph.remove_node(dst_supernode)
  File "/home/dsk/.virtualenvs/angr-dev/lib/python3.6/site-packages/networkx/classes/digraph.py", line 535, in remove_node
    del self._pred[u][n]
KeyError: <SuperCFGNode 0x40a574, 2 blocks, 1 out branches>

Process finished with exit code 1

I traced back the error and found it may be caused by an omitted check inremove_node of networkx.DiGraph class, I changed del self._pred[u][n] to if n in self._pred[u]: del self._pred[u][n] to fix the bug.

However, I'm not sure whether this is caused by the errornous implementation of networkx.DiGraph or to_supergraph, so I decide to publish the issue here.

The tested binary and code are as below:

proj = angr.Project('./my_cgi.cgi')
cfg = proj.analyses.CFG()
functions = {}
for addr, func in cfg.kb.functions.items():
      functions[addr] = func
main_func = functions[0x409f68]
transition_graph = main_func.transition_graph
sg = to_supergraph(transition_graph)

my_cgi.zip

angrmanagement start error at "from ui.main import Main"

python -m angrmanagement
Traceback (most recent call last):
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "build/bdist.macosx-10.11-x86_64/egg/angrmanagement/main.py", line 26, in
File "build/bdist.macosx-10.11-x86_64/egg/angrmanagement/main.py", line 11, in main
ImportError: No module named main

on osx 10.11 ,missing some install?,how to slove?thx!

Branches that leave the function are not always clickable

Consider the following small program:

global _start

_start:
  call main

main:
  mov rdi, 42
  mov rax, 60
  syscall
  ret

When loading that program into angr-management, the _start function is displayed like this:

Note that the main reference is not clickable (it would have a different color if it was clickable).

The reason for this is that when building the supergraph, edges to blocks outside of the current function are removed. When we later register the out branches of each node, the _start node no longer has any outgoing edges (since they got removed in the first step).

It only works correclty if main is identified as a FunctionNode, but not all branch targets that leave the current function lead to a FunctionNode.

Running the docker image shows ModuleNotFoundError: archr

When I run the latest docker build I get following error:

Traceback (most recent call last):                                                                                                                                                            
  File "/home/angr/angr-dev/angr-management/start.py", line 30, in <module>                                                                                                                   
    main(args.binary)                                                                                                                                                                         
  File "/home/angr/angr-dev/angr-management/angrmanagement/__main__.py", line 48, in main                                                                                                     
    from .ui.main_window import MainWindow                                                                                                                                                    
  File "/home/angr/angr-dev/angr-management/angrmanagement/ui/main_window.py", line 20, in <module>                                                                                           
    from ..data.jobs.loading import LoadTargetJob, LoadBinaryJob                                                                                                                              
  File "/home/angr/angr-dev/angr-management/angrmanagement/data/jobs/loading.py", line 1, in <module>                                                                                         
    import archr                                                                                                                                                                              
ModuleNotFoundError: No module named 'archr'

Adding archr to the first RUN command in the Dockerfile (pip install -e angr-management/ archr), it works again.

	if view.default_docking_position == 'right':
	self.main_window.central_widget.addDockWidget(dock_area, dock)
	retab = True
	else:
	self.main_window.addDockWidget(dock_area, dock)
	retab = False