angr tracing

!cat exit.c !gcc exit.c -o exit

int main(int argc, char* argv[]) {
   exit (0);
}exit.c: In function ‘main’:
exit.c:2:4: warning: implicit declaration of function ‘exit’ [-Wimplicit-function-declaration]
    exit (0);
    ^~~~
exit.c:2:4: warning: incompatible implicit declaration of built-in function ‘exit’
exit.c:2:4: note: include ‘<stdlib.h>’ or provide a declaration of ‘exit’
+#include <stdlib.h>
 int main(int argc, char* argv[]) {
    exit (0);
    ^~~~

import angr import functools p = angr.Project('./exit') st = p.factory.entry_state() def hook(when, state): print("SimProcedure when %s name %s" % (when, state.inspect.simprocedure_name)) if state.inspect.simprocedure_name is None: print(state.inspect.__dict__) st.inspect.b('simprocedure', when=angr.BP_BEFORE, action=functools.partial(hook, "before")) st.inspect.b('simprocedure', when=angr.BP_AFTER, action=functools.partial(hook, "after")) simgr = p.factory.simgr(st) simgr.explore()

WARNING | 2021-06-24 13:59:31,349 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
SimProcedure when before name __libc_start_main
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when before name malloc
SimProcedure when after name malloc
SimProcedure when after name malloc
SimProcedure when before name __libc_start_main
SimProcedure when after name __libc_start_main
SimProcedure when before name exit
SimProcedure when after name None
{'state': <weakproxy at 0x7f43d2717650 to SimState at 0x7f43d265af50>, '_breakpoints': {'syscall': [], 'call': [], 'mem_write': [], 'tmp_read': [], 'memory_page_map': [], 'fork': [], 'mem_read': [], 'tmp_write': [], 'engine_process': [], 'address_concretization': [], 'exit': [], 'expr': [], 'simprocedure': [<BP before-action with conditions {}, no condition func, with action func>, <BP after-action with conditions {}, no condition func, with action func>], 'statement': [], 'irsb': [], 'return': [], 'vfg_handle_successor': [], 'cfg_handle_job': [], 'instruction': [], 'vfg_widen_state': [], 'reg_write': [], 'reg_read': [], 'constraints': [], 'symbolic_variable': [], 'vex_lift': [], 'dirty': []}, 'action_attrs_set': True, 'symbolic_size': None, 'mem_write_length': None, 'dirty_result': None, 'address_concretization_add_constraints': None, 'mapped_page': None, 'backtrace': None, 'reg_write_expr': None, 'tmp_read_num': None, 'vex_lift_buff': None, 'tmp_read_expr': None, 'exit_target': None, 'mem_read_address': None, 'address': None, 'vex_lift_addr': None, 'syscall_name': None, 'reg_read_length': None, 'reg_write_length': None, 'reg_write_endness': None, 'exit_guard': None, 'mem_write_condition': None, 'tmp_write_expr': None, 'address_concretization_expr': None, 'sim_engine': None, 'dirty_name': None, 'mem_read_endness': None, 'expr_result': None, 'symbolic_name': None, 'reg_read_condition': None, 'symbolic_expr': None, 'mapped_address': None, 'reg_read_offset': None, 'expr': None, 'function_address': None, 'simprocedure': None, 'mem_read_expr': None, 'statement': None, 'vex_lift_size': None, 'added_constraints': None, 'mem_read_condition': None, 'simprocedure_name': None, 'reg_read_endness': None, 'instruction': None, 'exit_jumpkind': None, 'reg_write_offset': None, 'dirty_handler': None, 'reg_read_expr': None, 'address_concretization_action': None, 'mem_write_address': None, 'address_concretization_strategy': None, 'mem_write_endness': None, 'mem_read_length': None, 'reg_write_condition': None, 'tmp_write_num': None, 'dirty_args': None, 'address_concretization_result': None, 'mem_write_expr': None, 'simprocedure_addr': None, 'address_concretization_memory': None, 'simprocedure_result': None, 'sim_successors': None}
SimProcedure when before name PathTerminator
SimProcedure when after name PathTerminator