class ExplorePlugin(SimStatePlugin):
def __init__(
self,
explorer: Optional[ExploreInteractive] = None,
):
super(ExplorePlugin, self).__init__()
self._explorer = explorer
def set_state(self, state: SimState) -> None:
super(ExplorePlugin, self).set_state(state)
@SimStatePlugin.memo
def copy(self, memo: Any) -> "ExplorePlugin":
return ExplorePlugin(self._explorer)
def __call__(self):
self._explorer = ExploreInteractive(self.state.project, self.state)
self._explorer.cmdloop()
return self._explorer.simgr
'base_addr': 0x555555554000 # To match gdb
}
})
argv = claripy.BVS('argv1', 8 * 0x17)
s = p.factory.entry_state(args=[p.filename, argv])
#s.register_plugin("context_view", cv())
class NotVeryRand(angr.SimProcedure):
def run(self, return_values=None):
rand_idx = self.state.globals.get('rand_idx', 0) % len(return_values)
out = return_values[rand_idx]
self.state.globals['rand_idx'] = rand_idx + 1
return out
p.hook_symbol('time', NotVeryRand(return_values=[0]))
p.hook_symbol('rand', NotVeryRand(return_values=[0]))
s.watches.add_watch(lambda state: state.solver.eval(argv, cast_to=bytes),
"argv[1]")
simgr = p.factory.simgr(s, save_unsat=True)
s.context_view.pprint()
e = ExploreInteractive(p, s)
e.cmdloop()
print("Done! e.simgr has the simgr from your session")