hashcr
parent
4c94fb6da4
commit
aa91c80095
|
|
@ -1 +1,2 @@
|
||||||
venv
|
venv
|
||||||
|
*.exe.*
|
||||||
|
|
@ -1,8 +1,6 @@
|
||||||
import angr
|
import angr
|
||||||
import time
|
import time
|
||||||
|
|
||||||
# ./a.exe "$(py -c "print('NY\x01X\x00')")"
|
|
||||||
|
|
||||||
GREEN = "\033[92m"
|
GREEN = "\033[92m"
|
||||||
PURPLE = "\033[35m"
|
PURPLE = "\033[35m"
|
||||||
RESET = "\033[0m"
|
RESET = "\033[0m"
|
||||||
|
|
@ -30,8 +28,12 @@ if __name__ == "__main__":
|
||||||
# Симуляция ввода пользователя
|
# Симуляция ввода пользователя
|
||||||
input_size = 5
|
input_size = 5
|
||||||
input_data = state.solver.BVS('input_data', 8 * input_size)
|
input_data = state.solver.BVS('input_data', 8 * input_size)
|
||||||
state.memory.store(0x100000, input_data)
|
|
||||||
|
|
||||||
|
for byte in input_data.chop(8):
|
||||||
|
state.add_constraints(byte >= 0x20)
|
||||||
|
state.add_constraints(byte <= 0x7e)
|
||||||
|
|
||||||
|
state.memory.store(0x100000, input_data)
|
||||||
state.regs.rax = 0x100000
|
state.regs.rax = 0x100000
|
||||||
|
|
||||||
simgr = proj.factory.simulation_manager(state)
|
simgr = proj.factory.simulation_manager(state)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue