{"id":4418,"library":"angr","title":"angr","description":"angr is a multi-architecture binary analysis toolkit, providing capabilities for dynamic symbolic execution, various static analyses, and program instrumentation on binaries. It is actively developed and maintained, with frequent minor and patch releases, and less frequent major version changes.","status":"active","version":"9.2.209","language":"en","source_language":"en","source_url":"https://github.com/angr/angr","tags":["binary analysis","symbolic execution","reverse engineering","security","malware analysis","ctf"],"install":[{"cmd":"pip install angr","lang":"bash","label":"Recommended installation in a virtual environment"},{"cmd":"sudo apt-get install python3-dev libffi-dev build-essential","lang":"bash","label":"Required system dependencies for building C components on Ubuntu/Debian if binary wheels are unavailable"}],"dependencies":[{"reason":"Used for Python bindings to native code; often requires system-level `libffi-dev`.","package":"cffi","optional":false},{"reason":"Information about CPU architectures.","package":"archinfo","optional":false},{"reason":"Python bindings to the VEX IR.","package":"pyvex","optional":false},{"reason":"Many-platform binary loader.","package":"cle","optional":false},{"reason":"Solver abstraction layer.","package":"claripy","optional":false}],"imports":[{"symbol":"angr","correct":"import angr"}],"quickstart":{"code":"import angr\nimport os\n\nbinary_path = os.environ.get('ANGR_BINARY_PATH', '/bin/ls')\n\ntry:\n    project = angr.Project(binary_path, auto_load_libs=False)\n    print(f\"Successfully loaded binary: {project.filename}\")\n    print(f\"Architecture: {project.arch}\")\n    print(f\"Entry point: {hex(project.entry)}\")\n\n    # Example of creating an initial state\n    initial_state = project.factory.entry_state()\n    print(f\"Initial state created at: {hex(initial_state.addr)}\")\n\n    # Optional: Basic symbolic execution (requires a suitable binary and goal)\n    # simgr = project.factory.simulation_manager(initial_state)\n    # simgr.explore(find=0x400844, avoid=0x400850) # Replace with addresses relevant to your binary\n    # if simgr.found:\n    #     solution = simgr.found[0]\n    #     print(f\"Found solution input: {solution.posix.dumps(0)}\")\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n    print(\"Please ensure 'ANGR_BINARY_PATH' is set to a valid executable, or that /bin/ls exists.\")","lang":"python","description":"This quickstart loads a specified binary (defaults to '/bin/ls') into an angr Project, prints basic information, and creates an initial execution state. It demonstrates the fundamental steps for starting an analysis. The commented-out section shows a typical pattern for symbolic execution, which would require a specific challenge binary with known target addresses."},"warnings":[{"fix":"Migrate your code to access program information and analysis results via `project.kb`. Consult the official documentation for specific migration paths.","message":"With angr 9.0+, there was a significant refactoring around the 'KnowledgeBase'. Analysis results and program facts are now primarily stored in `project.kb`, instead of being directly attributes of analysis objects. Code interacting with older analysis result storage patterns will break.","severity":"breaking","affected_versions":"9.0 and later"},{"fix":"Always install angr within a dedicated Python virtual environment (e.g., `venv`, `conda`).","message":"angr relies on several dependencies (like `pyvex` and `z3`) which include forked native code libraries. Installing directly into a global Python environment can lead to conflicts with existing system libraries or other Python projects. This is a common source of unexpected behavior or installation failures.","severity":"gotcha","affected_versions":"All versions"},{"fix":"On Windows, consider using the official `angr/angr` Docker image or follow detailed source installation instructions for individual components if a native installation is required.","message":"Direct `pip install angr` is generally not supported on Windows due to complexities with its native code dependencies. Users on Windows typically need to install individual components manually or use the official Docker image.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Start with small, focused binaries. Utilize angr's various analysis techniques (e.g., CFG, VSA) to reduce the search space before symbolic execution. Be mindful of state options and exploration techniques to prune irrelevant paths. Consult the 'Optimization considerations' section in the documentation.","message":"Binary analysis, especially symbolic execution, is computationally intensive and can be slow, leading to 'path explosion' for complex programs. Initial attempts may seem non-performant or get stuck.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}