Kyle Zeng
Kyle Zeng
make `loop_seer` execute on basic block level instead of normalized blocks. After this change, in theory, `loop_seer` will be compatible with `tracer`.
**Describe the bug.** `_kuser_helper_version` in `arm_user_helpers` should be a memory mapping at location `0xffff0ffc`. It's not a function so the current implementation of hooking address `0xffff0ffc` is wrong I tried...
This may be I don't understand ARM. In the following snippet, the block should end at 0x3DB38 ~~~ text:0003DB14 CMN R2, #0x10 .text:0003DB18 LDMGE R1!, {R3,R4,R12,LR} .text:0003DB1C STMGE R0!, {R3,R4,R12,LR}...
(This bug is general, not only on `arm`. I use `arm` terminology because the poc is on `arm`) In `arm` architecture, when `r0` are not initialised, after the program starts,...
It looks like there is some conflict between the implementation and the comments about ngram. According to the comment: ~~~ /* "For efficiency, we propose to hash the tuple as...
It should auto scan .swp for php file and bak or zip file for directory as you described in your blog
I now want to generate a rop chain, so that for each gadget, the last word is printable. My thought is that I can provide a script and `ropgenerator` can...
When I'm doing some testing, I found the server gives me some log like this: ~~~ 03-06 05:43:32.020 17429 17579 I appium : Skipping invisible child: android.view.accessibility.AccessibilityNodeInfo@9c28; boundsInParent: Rect(400, 145...
angrop encountered a weird error when trying to symbolic execute some random instructions ~~~ Traceback (most recent call last): File "/home/kylebot/src/angr-dev/angrop/angrop/gadget_analyzer.py", line 59, in analyze_gadget final_state = rop_utils.step_to_unconstrained_successor(self.project, state=init_state) File...