angr 01_angr_avoid avoid路径优化
Posted 漫小牛
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了angr 01_angr_avoid avoid路径优化相关的知识,希望对你有一定的参考价值。
文章目录
01_angr_avoid是angr的第2个例子,下载位置:https://github.com/jakespringer/angr_ctf
1 解题过程
(angr) dist$ ipython
Python 3.8.2 (default, Apr 27 2020, 15:53:34)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.26.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: import angr
In [2]: p = angr.Project("./01_angr_avoid")
In [3]: init_state = p.factory.entry_state()
In [4]: sm = p.factory.simulation_manager(init_state)
In [5]: sm.explore(find=0x080485e5, avoid=0x080485a8)
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing memory or registers with an unspecified value. This could indicate unwanted behavior.
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 1) setting a value to the initial state
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 2) adding the state option ZERO_FILL_UNCONSTRAINED_MEMORY,REGISTERS, to make unknown regions hold null
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_MEMORY,REGISTERS, to suppress these messages.
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | Filling register edi with 4 unconstrained bytes referenced from 0x80d4591 (__libc_csu_init+0x1 in 01_angr_avoid (0x80d4591))
WARNING | 2021-08-17 05:00:47,180 | angr.storage.memory_mixins.default_filler_mixin | Filling register ebx with 4 unconstrained bytes referenced from 0x80d4593 (__libc_csu_init+0x3 in 01_angr_avoid (0x80d4593))
WARNING | 2021-08-17 05:00:51,423 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffeff3d with 11 unconstrained bytes referenced from 0x818b210 (strncmp+0x0 in libc.so.6 (0x8b210))
WARNING | 2021-08-17 05:00:51,423 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffeff60 with 4 unconstrained bytes referenced from 0x818b210 (strncmp+0x0 in libc.so.6 (0x8b210))
Out[5]: <SimulationManager with 1 active, 16 deadended, 1 found, 8 avoid>
In [6]: found_state = sm.found[0]
In [7]: found_state.posix.dumps(0)
Out[7]: b'HUJOZMYS'
2 IDA设置的问题
拖入IDA32,提示如下信息:
通过修改配置文件\\IDA_Pro_v7.5_Portable\\cfg\\hexrays.cfg来解决该问题:
MAX_FUNCSIZE = 64 // Functions over 64K are not decompiled
// 修改为:
MAX_FUNCSIZE = 1024 // Functions over 64K are not decompiled
以上是关于angr 01_angr_avoid avoid路径优化的主要内容,如果未能解决你的问题,请参考以下文章