Dairo de Ruck, Jef Jacobs, Jorn Lapon, Vincent Naessens (DistriNet, KU Leuven, 3001 Leuven, Belgium)
Debugging is a fundamental testing technique that directly interacts with the functionality and current state of a running program. It enables the debugger to step through a program and meanwhile inspect registers and memory as part of the program state. When debugging, variables and parameters are assigned concrete values resulting in a specific program path to be explored. This makes software testing time-consuming and at the same time requiring substantial expertise. On the other hand, symbolic debugging can explore multiple paths by replacing concrete input values by symbolic ones and choose the paths to be explored.
angr is a dynamic symbolic execution (DSE) platform that can be programmed to symbolically execute a binary program with selected, possibly symbolic inputs. The binary is lifted to an intermediate, architecture independent representation, preparatory to the symbolic execution. This paper presents dAngr a tool that builds upon angr, a symbolic execution platform, enabling the user to debug binaries by means of GDB-like commands, and enhances this experience by means of symbolic execution and binary analysis capabilities. We also abstract the angr framework and symbolic execution by utilizing these commands. The power of dAngr is demonstrated on multiple examples including capture-the-flag challenges with different levels of complexity.