Skip to content

Instantly share code, notes, and snippets.

Created May 19, 2019
What would you like to do?
#!/usr/bin/env python
import angr
proj = angr.Project("./scramble", load_options={"auto_load_libs": False})
addr_main = 0x400680
initial_state = proj.factory.blank_state(addr=addr_main)
path_group = proj.factory.path_group(initial_state)
e = path_group.explore(find=(0x400737,), avoid=(0x4006fb,))
if len(e.found) > 0:
print 'Dump stdin at succeeded():'
s = e.found[0].state
print "%r" % s.posix.dumps(0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment