The angr plugin is being written to help expose features of angr to dynamic reversing.


The current requirements to use the angr plugin are:

  • Having the base angr installed

  • Having angr-targets installed


As of writing, the version of angr in pypi is very out of date and will not work correctly for revenge. You will need to perform a dev install until angr pushes a new build.

git clone --depth=1
cd angr-dev
./ -e angr -i

Note the -e. Choose whichever python virtual environment you have revenge installed in.

angr also has pre-built docker containers available which alleviate build issues.


Thread Plugin

As a thread plugin, angr gets exposed as a property of Thread. The primary use case of this is to allow seamless Symbion integration. When requesting objects, the plugin will automatically configure those objects to use revenge as a concrete backer as well as provide additional relocation support that isn’t available directly by Symbion.

In English, this means you can execute to interesting points in your code using revenge, then easily get an angr state object that will pick up right at that point.

Basic Example

# Set process breakpoint somewhere interesting
process.memoery[interesting].breakpoint = True

# Once you hit that interesting point, grab your thread
thread = list(process.threads)[0]

# Now easily grab an angr state as if angr was already at this point in
# execution
state = thread.angr.state

assert state.pc == thread.pc

# Other helpful things

For more info, see the Angr API.