dqi/gist:b61327fa7a0e6b3a04d48d920a5ef9e6

## gistfile1.txt
  #!/usr/bin/env python2
  # -*- coding: utf-8 -*-

  import angr
  import simuvex
  import logging

  logging.basicConfig(level=logging.INFO)
  logging.getLogger('angr.surveyors.explorer').setLevel(logging.INFO)

  p = angr.Project('step',ignore_functions='mprotect',support_selfmodifying_code=True)
  st = p.factory.entry_state()

  p.hook(0x400480, simuvex.SimProcedures['libc.so.6']['fgets'])

  stdin = simuvex.storage.file.SimFile("/dev/stdin", "r", size=5)
  files = {'/dev/stdin': stdin}

  st = p.factory.entry_state(fs=files)
  state = st
  for j in xrange(5):
      byte = stdin.read_from(1)
      state.add_constraints(byte >= ord(' '))
      state.add_constraints(byte <= ord('~'))
  stdin.seek(0)

  path = p.factory.path(state=st)
  ex = p.surveyors.Explorer(start=path, find=(0x400E0E, ), avoid=(0x400df2,))
  result = ex.run()

  state = result.found[0].state
  print state.posix.dumps(0)
	#!/usr/bin/env python2
	# -- coding: utf-8 --

	import angr
	import simuvex
	import logging

	logging.basicConfig(level=logging.INFO)
	logging.getLogger('angr.surveyors.explorer').setLevel(logging.INFO)

	p = angr.Project('step',ignore_functions='mprotect',support_selfmodifying_code=True)
	st = p.factory.entry_state()

	p.hook(0x400480, simuvex.SimProcedures['libc.so.6']['fgets'])

	stdin = simuvex.storage.file.SimFile("/dev/stdin", "r", size=5)
	files = {'/dev/stdin': stdin}

	st = p.factory.entry_state(fs=files)
	state = st
	for j in xrange(5):
	byte = stdin.read_from(1)
	state.add_constraints(byte >= ord(' '))
	state.add_constraints(byte <= ord('~'))
	stdin.seek(0)

	path = p.factory.path(state=st)
	ex = p.surveyors.Explorer(start=path, find=(0x400E0E, ), avoid=(0x400df2,))
	result = ex.run()

	state = result.found[0].state
	print state.posix.dumps(0)