Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import angr # angr-5.6.8.22
- import simuvex
- import logging
- class __printf_chk(simuvex.SimProcedure):
- def run(self):
- print 'useless'
- p = angr.Project("./packer-release", load_options={'auto_load_libs': False})
- #p.hook_symbol('__printf_chk', __printf_chk)
- arg1 = angr.claripy.BVS('arg1', 30 * 8)
- initial_state = p.factory.entry_state(args=['./packer-release', arg1], remove_options={simuvex.s_options.LAZY_SOLVES})
- logging.getLogger('angr.path_group').setLevel(logging.DEBUG)
- count = 0
- for c in arg1.chop(8):
- if count == 0:
- initial_state.add_constraints(c == ord('f'))
- if count == 1:
- initial_state.add_constraints(c == ord('l'))
- if count == 2:
- initial_state.add_constraints(c == ord('a'))
- if count == 3:
- initial_state.add_constraints(c == ord('g'))
- if count == 4:
- initial_state.add_constraints(c == ord('{'))
- if count == 29:
- initial_state.add_constraints(c == ord('}'))
- initial_state.add_constraints(c >= 32)
- initial_state.add_constraints(c <= 126)
- count += 1
- base_ida = 0x80483D0
- base_angr = 0x400000
- nope = 0x804870F
- nice = 0x804870A
- print "nice ", hex(nice)
- pathgroup = p.factory.path_group(initial_state)
- print pathgroup
- pathgroup.explore(find=nice, avoid=nope)
- print pathgroup
- #print pathgroup.deadended[0].state
- for path in pathgroup.found:
- print path.state.se.any_str(arg1)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
