Skip to content

Instantly share code, notes, and snippets.

@XMPPwocky

XMPPwocky/gist:9b143bbdb51367b01bfe4a0381f51f7a

Last active May 15, 2016 23:22
Show Gist options
  • Save XMPPwocky/9b143bbdb51367b01bfe4a0381f51f7a to your computer and use it in GitHub Desktop.
Save XMPPwocky/9b143bbdb51367b01bfe4a0381f51f7a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
import angr, claripy, simuvex
b = angr.project.Project("binari", load_options={"auto_load_libs": False})
s = b.factory.blank_state(addr=0x401300)
positions = [] # item positions
for i in range(10):
posl = [claripy.BVS("POSY"+str(i), 32), claripy.BVS("POSX"+str(i),32)]
s.mem[0x6042c0+(0x18*i)].dword = posl[0].reversed
s.mem[0x6042c4+(0x18*i)].dword = posl[1].reversed
s.add_constraints(claripy.ULT(posl[0], 80))
s.add_constraints(claripy.ULT(posl[1], 80))
positions += [posl]
# player position
mex = claripy.BVS("MEX", 32)
mey = claripy.BVS("MEY", 32)
s.regs.rsi = mey
s.regs.rdi = mex
s.add_constraints(claripy.ULT(mex, 80))
s.add_constraints(claripy.ULT(mey, 80))
p = b.factory.path(s); pg = b.factory.path_group(p)
pg2 = pg.explore(find=0x401575,avoid=0x40153d)
st = pg2.found[0].state.se
print "----- ITEM COORDINATES -----"
for posi in positions:
y = st.any_int(posi[0])
x = st.any_int(posi[1])
print (y, x)
print "----- PLAYER COORDINATES -----"
print (st.any_int(mey), st.any_int(mex))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment