angr | A powerful and user-friendly binary analysis platform | Hacking library

I want to use angr to analyze IoT firmware file. I have read the documentation of angr,however, I could not find solution to analyze firmware file. So how can angr generate CFG file of Firmware? or How I can analyze firmware file with angr as symbolic execution?

I'm new to the binary analysis field. What I want to do is to analyze the JNI native interface functions (e.g., RegisterNatives or other functions listed here by using the SimProcedures provided by Angr. The shared libraries (*.so files) suppose to be part of Android apps. However, I noticed that these JNI native interface functions do not show as symbols in the shared libraries. So my questions are:

1. Why these JNI native interface functions do not have corresponding symbols in the shared libraries? Did I do something wrong or they suppose like this?
2. In Angr, SimProcedures can only bind to symbols if I did not miss anything. So if there are no such symbols, what should I do to make it work?

begin TLDR;

I want to write a python3 script to scan through the memory of a running windows process and find strings.

end TLDR;

This is for a CTF binary. It's a typical Windows x86 PE file. The goal is simply to get a flag from the processes memory as it runs. This is easy with ProcessHacker you can search through the strings in the memory of the running application and find the flag with a regex. Now because I'm a masochistic geek I strive to script out solutions for CTFs (for everything really). Specifically I want to use python3, C# is also an option but would really like to keep all of the solution scripts in python.

Thought this would be a very simple task. You know... pip install some library written by someone that's already solved the problem and use it. Couldn't find anything that would let me do what I need for this task. Here are the libraries I tried out already.

• ctypes - This was the first one I used, specifically ReadProcessMemory. Kept getting 299 errors which was because the buffer I was passing in was larger than that section of memory so I made a recursive function that would catch that exception, divide the buffer length by 2 until it got something THEN would read one byte at a time until it hit a 299 error. May have been on the right track there but I wasn't able to get the flag. I WAS able to find the flag only if I knew the exact address of the flag (which I'd get from process hacker). I may make a separate question on SO to address that, this one is really just me asking the community if something already exists before diving into this.

• pymem - A nice wrapper for ctypes but had the same issues as above.

• winappdbg - python2.x only. I don't want to use python 2.x.

• haystack - Looks like this depends on winappdbg which depends on python 2.x.

• angr - This is a possibility, Only scratched the surface with it so far. Looks complicated and it's on the to learn list but don't want to dive into something right now that's not going to solve the issue.

• volatility - Looks like this is meant for working with full RAM dumps not for hooking into currently running processes and reading the memory.

My plan at the moment is to dive a bit more into angr to see if that will work, go back to pymem/ctypes and try more things. If all else fails ProcessHacker IS opensource. I'm not fluent in C so it'll take time to figure out how they're doing it. Really hoping there's some python3 library I'm missing or maybe I'm going about this the wrong way.