def test_call_function_brancher():
class NonLocal(object):
the_state = None
the_goal = None
def goal_reached_callback(goal, p, pg): # pylint:disable=unused-argument
NonLocal.the_state = p
NonLocal.the_goal = goal
p = angr.Project(os.path.join(test_location, 'x86_64', 'brancher'),
load_options={'auto_load_libs': False})
pg = p.factory.simulation_manager()
# initialize the exploration technique
dm = angr.exploration_techniques.Director(
cfg_keep_states=True,
goal_satisfied_callback=goal_reached_callback,
num_fallback_states=1)
_ = p.analyses.CFG()
puts_func = p.kb.functions.function(name='puts')
goal = angr.exploration_techniques.CallFunctionGoal(
puts_func, [(SimTypePointer(SimTypeChar()), ">=20")])
dm.add_goal(goal)
pg.use_technique(dm)
pg.explore(find=(0x40059e, ))
assert len(pg.deprioritized) > 0
assert len(pg.found) > 0
assert NonLocal.the_state is not None
assert NonLocal.the_goal is goal
def test_stub_procedure_args():
# stub procedures should have the right number of arguments
lib.set_prototype(
"____a_random_stdcall_function__",
SimTypeFunction(
[
SimTypeInt(signed=True),
SimTypeInt(signed=True),
SimTypeInt(signed=False)
],
SimTypePointer(SimTypeChar(), offset=0),
arg_names=["_random_arg_0", "_random_arg_1", "_random_arg_2"]))
stub = lib.get_stub('____a_random_stdcall_function__', archinfo.ArchX86())
stub.cc = SimCCStdcall(archinfo.ArchX86())
lib._apply_metadata(stub, archinfo.ArchX86())
assert len(stub.cc.args) == 3
assert all(isinstance(arg, SimStackArg) for arg in stub.cc.args)
proj = angr.Project(os.path.join(binaries_base, "i386", "all"),
auto_load_libs=False)
state = proj.factory.blank_state()
initial_sp = state.regs.sp
stub.state = state
stub.successors = SimSuccessors(0, state)
stub.ret(0)
succ = stub.successors.all_successors[0]
assert state.solver.eval_one(succ.regs.sp - initial_sp) == 0x10
def run_fauxware(arch):
addr = addresses_fauxware[arch]
p = angr.Project(location + '/' + arch + '/fauxware')
charstar = SimTypePointer(SimTypeChar())
prototype = SimTypeFunction((charstar, charstar), SimTypeInt(False))
cc = p.factory.cc(func_ty=prototype)
authenticate = p.factory.callable(addr, toc=0x10018E80 if arch == 'ppc64' else None, concrete_only=True, cc=cc)
nose.tools.assert_equal(authenticate("asdf", "SOSNEAKY")._model_concrete.value, 1)
nose.tools.assert_raises(AngrCallableMultistateError, authenticate, "asdf", "NOSNEAKY")
def run_fauxware(self, arch):
addr = addresses_fauxware[arch]
p = angr.Project(os.path.join(location, 'tests', arch, 'fauxware'))
charstar = SimTypePointer(SimTypeChar())
prototype = SimTypeFunction((charstar, charstar), SimTypeInt(False))
authenticate = p.factory.callable(
addr,
toc=0x10018E80 if arch == 'ppc64' else None,
concrete_only=True,
prototype=prototype)
assert authenticate("asdf", "SOSNEAKY")._model_concrete.value == 1
self.assertRaises(AngrCallableMultistateError, authenticate, "asdf",
"NOSNEAKY")
def ty_ptr(self, ty):
return SimTypePointer(self.arch, ty)
