concrete target "bytes can only be stored big-endian" with state.mem
See original GitHub issueDescribe the bug.
When using a concrete target and asking angr state.mem
to lookup a value in what is known to be the target binary (in my test cases, the binary is PIE), it errors with SimMemoryError: bytes can only be stored big-endian
. However, after I load the same address with state.memory.load(address, size)
, i can now run state.mem[address].long
and get the answer back. So it seems that state.mem
is missing some step in resolution that state.memory
does.
Environment Information.
angr environment report
=============================
Date: 2021-03-29 14:39:30.536643
Running in virtual environment at /home/angr/.virtualenvs/angr
Platform: linux-x86_64
Python version: 3.8.5 (default, Jan 27 2021, 15:41:15)
[GCC 9.3.0]
######## angr #########
Python found it in /home/angr/angr-dev/angr/angr
Pip version angr 9.0.gitrolling
Git info:
Current commit dc7c816f3848d6e39492cb721661a3d191304129 from branch master
Checked out from remote origin: https://github.com/angr/angr
######## ailment #########
Python found it in /home/angr/angr-dev/ailment/ailment
Pip version ailment 9.0.gitrolling
Git info:
Current commit 4572efdfdcfbab0f88db9c3fdf8d1b9cbcb2a9c2 from branch master
Checked out from remote origin: https://github.com/angr/ailment
######## cle #########
Python found it in /home/angr/angr-dev/cle/cle
Pip version cle 9.0.gitrolling
Git info:
Current commit 7f3263c74a2c038234f5ec6adf8ebb4bf119e868 from branch master
Checked out from remote origin: https://github.com/angr/cle
######## pyvex #########
Python found it in /home/angr/angr-dev/pyvex/pyvex
Pip version pyvex 9.0.gitrolling
Git info:
Current commit 38af62047b8a7785feeee6b5f243ad1dbd7db1f6 from branch master
Checked out from remote origin: https://github.com/angr/pyvex
######## claripy #########
Python found it in /home/angr/angr-dev/claripy/claripy
Pip version claripy 9.0.gitrolling
Git info:
Current commit db253a680751a9e124a4a091066759348f958183 from branch master
Checked out from remote origin: https://github.com/angr/claripy
######## archinfo #########
Python found it in /home/angr/angr-dev/archinfo/archinfo
Pip version archinfo 9.0.gitrolling
Git info:
Current commit f5712a1fe0fbc315c4e9bbcf96582e139f745b33 from branch master
Checked out from remote origin: https://github.com/angr/archinfo
######## z3 #########
Python found it in /home/angr/.virtualenvs/angr/lib/python3.8/site-packages/z3
Pip version z3-solver 4.8.10.0
Couldn't find git info
######## unicorn #########
Python found it in /home/angr/.virtualenvs/angr/lib/python3.8/site-packages/unicorn
Pip version unicorn 1.0.2rc4
Couldn't find git info
######### Native Module Info ##########
angr: <CDLL '/home/angr/angr-dev/angr/angr/lib/angr_native.so', handle 2e76280 at 0x7f20b667b1f0>
unicorn: <CDLL '/home/angr/.virtualenvs/angr/lib/python3.8/site-packages/unicorn/lib/libunicorn.so', handle 22d2c30 at 0x7f20d28cba30>
pyvex: <cffi.api._make_ffi_library.<locals>.FFILibrary object at 0x7f20d3580af0>
z3: <CDLL '/home/angr/.virtualenvs/angr/lib/python3.8/site-packages/z3/lib/libz3.so', handle 254e700 at 0x7f20d00932e0>
To Reproduce.
Just using basic ls for this example.
import angr
import r2pipe
from angr_targets import R2ConcreteTarget
from time import sleep
r2 = r2pipe.open("/bin/ls")
r2.cmd("ood")
r2.cmd("db main") # Or however you want to get it going
r2.cmd("dc")
sleep(1)
r2target = R2ConcreteTarget(r2)
proj = angr.Project("/bin/ls", concrete_target=r2target)
state = proj.factory.entry_state()
main_addr = int(r2.cmd("?v main"), 16)
print("This will error")
try:
print(state.mem[main_addr].int)
except Exception as e:
print(e)
print("This will not")
print(state.memory.load(main_addr, 16))
# DEBUG | 2021-03-29 17:54:55,734 | angr_targets.r2 | R2ConcreteTarget read_memory at 557d95ffadf0
# Out[17]: <BV128 0xf30f1efa41574156415541544189fc55>
print("Now this will not error")
print(state.mem[main_addr].int)
Additional context.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:7 (7 by maintainers)
Top Results From Across the Web
What are big-endian and little-endian? Definition ... - TechTarget
What are big-endian and little-endian? Endianness is a term that describes the order in which a sequence of bytes is stored in computer...
Read more >Big Endian and Little Endian
Big Endian and Little Endian. A load word or store word instruction uses only one memory address. The lowest address of the four...
Read more >What does data 'endianness' describe? - Quora
Endianness defines how multiple bytes are stored in memory or how bits are transferred serially. Today almost everything is little endian. This means...
Read more >The LLVM Target-Independent Code Generator
This class is designed to be specialized by a concrete target implementation (e.g., X86TargetMachine ) which implements the various virtual methods. The only...
Read more >Endianness - Wikipedia
In computing, endianness is the order or sequence of bytes of a word of digital data in computer memory. Endianness is primarily expressed...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Second solution seems fine to me.
Ok, I’ve confirmed the issue. We have 2 ways of solving this problem:
ConcreteTarget
implementation always returns memory values that respect the endianness of the loaded binary (this would be a duty of a ConcreteTarget developer).angr
side. As another user suggested on our Slack, this should be as simple as adding these 4 lines in the default filler code:I’m actually down for the second solution to relieve users from this issue once for all. Any thoughts @rhelmot @ltfish ?