文章26
标签0
分类4

angr-02_angr_find_condition

angr不仅可以通过地址,还可以通过打印的信息

import angr
import sys

def main(argv):
    bin_path = argv[1]
    p= angr.Project(bin_path)

    init_state = p.factory.entry_state()

    sm = p.factory.simulation_manager(init_state)

    def is_good(state):
        return b"Good Job" in state.posix.dumps(1)
    def is_bad(state):
        return b"Try again" in state.posix.dumps(1)

    sm.explore(find =is_good ,avoid=is_bad)

    if sm.found:
        found_state = sm.found[0]

        print("Solution: {}".format(found_state.posix.dumps(0)))

if __name__ == "__main__":
    main(sys.argv)

    0 评论

    ">