it's spelled simulation_manger now

c0lorw0lf · Nov 15, 2017 · 0adb15f · 0adb15f
1 parent c62bee1
commit 0adb15f
Show file tree

Hide file tree

Showing 40 changed files with 45 additions and 45 deletions.
diff --git a/examples/0ctf_trace/solve.py b/examples/0ctf_trace/solve.py
@@ -59,7 +59,7 @@ def main():
     state.memory.store(FLAG_LOCATION, state.se.BVS("flag", 8*32))
     state.memory.store(FLAG_PTR_LOCATION, struct.pack("<I", FLAG_LOCATION))
 
-    sm = project.factory.simgr(state)
+    sm = project.factory.simulation_manager(state)
     choices = [state]
 
     print("Tracing...")

diff --git a/examples/CADET_00001/solve.py b/examples/CADET_00001/solve.py
@@ -25,7 +25,7 @@ def main():
     #by default angr discards unconstrained paths, so we need to specify the  
     #save_unconstrained option
     print "finding the buffer overflow..."
-    sm = project.factory.simgr(save_unconstrained=True)
+    sm = project.factory.simulation_manager(save_unconstrained=True)
     #symbolically execute the binary until an unconstrained path is reached
     while len(sm.unconstrained)==0:
         sm.step()
@@ -46,7 +46,7 @@ def main():
     #to disable "lazy solving" we generate a blank path and we change its options,
     #then we specify this path as the initial path of the path group
     print "finding the easter egg..."
-    sm = project.factory.simgr(project.factory.entry_state())
+    sm = project.factory.simulation_manager(project.factory.entry_state())
 
     #at this point we just ask angr to reach the basic block where the easter egg 
     #text is printed
@@ -63,7 +63,7 @@ def main():
     #an alternative way to avoid unfeasible paths (paths that contain an unsatisfiable set
     #of constraints) is to "manually" step the path group execution and call prune()
     print "finding the easter egg (again)..."
-    sm = project.factory.simgr()
+    sm = project.factory.simulation_manager()
     while True:
         sm.step()
         sm.prune() #we "manually" ask angr to remove unfeasible paths 

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x00a/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x00a/solve.py
@@ -12,7 +12,7 @@
 
 def main():
 	proj = angr.Project('crackme0x00a', load_options={"auto_load_libs": False})
-	sm = proj.factory.simgr()
+	sm = proj.factory.simulation_manager()
 	sm.explore(find=FIND_ADDR, avoid=AVOID_ADDR)
 	return sm.found[0].posix.dumps(0).split('\0')[0] # stdin
 

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x01/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x01/solve.py
@@ -13,7 +13,7 @@
 def main():
 	proj = angr.Project('crackme0x01', load_options={"auto_load_libs": False})
 
-	sm = proj.factory.simgr()
+	sm = proj.factory.simulation_manager()
 	sm.explore(find=FIND_ADDR, avoid=AVOID_ADDR)
 
 	return sm.found[0].posix.dumps(0).lstrip('+0').rstrip('B')

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x02/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x02/solve.py
@@ -13,7 +13,7 @@
 def main():
 	proj = angr.Project('crackme0x02', load_options={"auto_load_libs": False})
 
-	sm = proj.factory.simgr()
+	sm = proj.factory.simulation_manager()
 	sm.explore(find=FIND_ADDR, avoid=AVOID_ADDR)
 
 	return sm.found[0].posix.dumps(0).lstrip('+0').rstrip('B')

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x03/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x03/solve.py
@@ -13,7 +13,7 @@
 def main():
 	proj = angr.Project('crackme0x03', load_options={"auto_load_libs": False})
 
-	sm = proj.factory.simgr()
+	sm = proj.factory.simulation_manager()
 	sm.explore(find=FIND_ADDR, avoid=AVOID_ADDR)
 
 	return sm.found[0].posix.dumps(0).lstrip('+0').rstrip('B')

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x04/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x04/solve.py
@@ -16,7 +16,7 @@ def main():
 	FIND_ADDR = cfg.kb.functions.function(name="exit").addr
 	AVOID_ADDR = 0x080484fb # dword [esp] = str.Password_Incorrect__n ; [0x8048649:4]=0x73736150 LEA str.Password_Incorrect__n ; "Password Incorrect!." @ 0x8048649
 
-	sm = proj.factory.simgr()
+	sm = proj.factory.simulation_manager()
 	sm.explore(find=FIND_ADDR, avoid=AVOID_ADDR)
 
 	# embed()

diff --git a/examples/CSCI-4968-MBE/challenges/crackme0x05/solve.py b/examples/CSCI-4968-MBE/challenges/crackme0x05/solve.py
@@ -22,7 +22,7 @@ def wrong(state):
         except:
             return False
 
-    sm = proj.factory.simgr()
+    sm = proj.factory.simulation_manager()
     sm.explore(find=correct, avoid=wrong)
 
     print sm.found[0].posix.dumps(1)

diff --git a/examples/ais3_crackme/solve.py b/examples/ais3_crackme/solve.py
@@ -19,7 +19,7 @@ def main():
     initial_state = project.factory.entry_state(args=["./crackme1",argv1])
 
     #create a path group using the created initial state 
-    sm = project.factory.simgr(initial_state)
+    sm = project.factory.simulation_manager(initial_state)
 
     #symbolically execute the program until we reach the wanted value of the instruction pointer
     sm.explore(find=0x400602) #at this instruction the binary will print the "correct" message

diff --git a/examples/android_arm_license_validation/solve.py b/examples/android_arm_license_validation/solve.py
@@ -25,7 +25,7 @@ def main():
 
     state = b.factory.blank_state(addr=0x401760)
 
-    sm = b.factory.simgr(state)
+    sm = b.factory.simulation_manager(state)
 
     # 0x401840 = Product activation passed
     # 0x401854 = Incorrect serial

diff --git a/examples/cmu_binary_bomb/solve.py b/examples/cmu_binary_bomb/solve.py
@@ -155,7 +155,7 @@ def solve_flag_4():
         # we will just use the obj's symbol directly
         addr=proj.kb.obj.get_symbol('phase_4').addr,
         remove_options={angr.options.LAZY_SOLVES})
-    sm = proj.factory.simgr(state)
+    sm = proj.factory.simulation_manager(state)
     sm.explore(find=find, avoid=avoid)
 
     found = sm.found[0]
@@ -197,7 +197,7 @@ def is_alnum(state, c):
     # retrofit the input string on the stack
     state.regs.rdi = state.regs.rsp - 0x1000
     string_addr = state.regs.rdi
-    sm = proj.factory.simgr(state)
+    sm = proj.factory.simulation_manager(state)
     sm.explore(find=find, avoid=avoid)
     found = sm.found[0]
 
@@ -230,7 +230,7 @@ def solve_flag_6():
     p = angr.Project("./bomb", load_options={'auto_load_libs': False})
     p.hook(read_num, read_6_ints)
     state = p.factory.blank_state(addr=start, remove_options={angr.options.LAZY_SOLVES})
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
     sm.explore(find=find, avoid=avoid)
     found = sm.found[0]
 
@@ -250,7 +250,7 @@ def solve_secret():
     state = p.factory.blank_state(addr=start, remove_options={angr.options.LAZY_SOLVES})
     flag = claripy.BVS("flag", 64, explicit_name=True)
     state.add_constraints(flag -1 <= 0x3e8)
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
     sm.explore(find=find, avoid=avoid)
     ### flag found
     found = sm.found[0]

diff --git a/examples/codegate_2017-angrybird/solve.py b/examples/codegate_2017-angrybird/solve.py
@@ -17,7 +17,7 @@ def main():
 	# Because I'm not interested in fixing a weird binary, I'm going to skip all the beginning of the program.
 	state = proj.factory.entry_state(addr=START_ADDR)
 
-	sm = proj.factory.simgr(state)  # Create the SimulationManager.
+	sm = proj.factory.simulation_manager(state)  # Create the SimulationManager.
 
 	sm.explore(find=FIND_ADDR)  # This will take a couple minutes. Ignore the warning message(s), it's fine.
 	found = sm.found[-1]

diff --git a/examples/csaw_wyvern/solve.py b/examples/csaw_wyvern/solve.py
@@ -32,7 +32,7 @@ def main():
 
     # Construct a SimulationManager to perform symbolic execution.
     # Step until there is nothing left to be stepped.
-    sm = p.factory.simgr(st)
+    sm = p.factory.simulation_manager(st)
     sm.run()
 
     # Get the stdout of every path that reached an exit syscall. The flag should be in one of these!

diff --git a/examples/defcamp_r200/solve.py b/examples/defcamp_r200/solve.py
@@ -3,7 +3,7 @@
 
 def main():
     p = angr.Project("r200", load_options={'auto_load_libs': False})
-    sm = p.factory.simgr(veritesting=True)
+    sm = p.factory.simulation_manager(veritesting=True)
 #   ex = p.surveyors.Explorer(find=(0x400936, ), avoid=(0x400947,), enable_veritesting=True)
 #   angr.surveyors.explorer.l.setLevel(logging.DEBUG)
 #   ex.run()

diff --git a/examples/defcon2016quals_baby-re_0/solve.py b/examples/defcon2016quals_baby-re_0/solve.py
@@ -16,7 +16,7 @@
 def main():
 	proj = angr.Project('./baby-re',  load_options={'auto_load_libs': False})
 
-	sm = proj.factory.simgr(threads=4) # Doesn't really help to have more threads, but whatever.
+	sm = proj.factory.simulation_manager(threads=4) # Doesn't really help to have more threads, but whatever.
 
 	# If we get to 0x402941, "Wrong" is going to be printed out, so definitely avoid that.
 	sm.explore(find=0x40294b, avoid=0x402941)

diff --git a/examples/defcon2016quals_baby-re_1/solve.py b/examples/defcon2016quals_baby-re_1/solve.py
@@ -38,7 +38,7 @@ def patch_scanf(state):
         p.hook(main + offst, UserHook(user_func=patch_scanf, length=5))
 
 
-    sm = p.factory.simgr(init)
+    sm = p.factory.simulation_manager(init)
 
     # Now stuff becomes interesting
     ex = sm.explore(find=find, avoid=avoid)

diff --git a/examples/defcon2017quals_crackme2000/enlightenment/solve_chicken.py b/examples/defcon2017quals_crackme2000/enlightenment/solve_chicken.py
@@ -99,7 +99,7 @@ def solve(s):
         state.memory.store(0xd000000 + 16, state.se.BVV(0xd000040, 64), endness='Iend_LE')
         state.memory.store(0xd000040 + 8, char, endness='Iend_LE')
 
-        sm = p.factory.simgr(state)
+        sm = p.factory.simulation_manager(state)
         sm.explore(avoid=(c_mutate_slot,))
 
         the_char = None

diff --git a/examples/defcon2017quals_crackme2000/magic.py b/examples/defcon2017quals_crackme2000/magic.py
@@ -12,7 +12,7 @@ def solve(s):
     cfg = p.analyses.CFG()
 
     state = p.factory.blank_state(addr=0x400770)
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
     sm.explore()
     sol = sm.deadended[-1].posix.dumps(0).replace("\x00", "").replace("\n", "")
     return sol

diff --git a/examples/defcon2017quals_crackme2000/occult.py b/examples/defcon2017quals_crackme2000/occult.py
@@ -109,7 +109,7 @@ def solve(s):
         state.memory.store(0xd000010 + 16, state.se.BVV(0xd000040, 64), endness='Iend_LE')
         state.memory.store(0xd000040 + 8, char, endness='Iend_LE')
 
-        sm = p.factory.simgr(state)
+        sm = p.factory.simulation_manager(state)
         sm.explore(avoid=(c_mutate_slot,))
 
         the_char = None

diff --git a/examples/defcon2017quals_crackme2000/witchcraft.py b/examples/defcon2017quals_crackme2000/witchcraft.py
@@ -58,7 +58,7 @@ def solve(s):
     p.hook(swift_retain, angr.SIM_PROCEDURES['stubs']['ReturnUnconstrained'])
     p.hook(alloca, Alloca)
 
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
     sm.explore()
 
     state = sm.deadended[-1]

diff --git a/examples/ekopartyctf2015_rev100/solve.py b/examples/ekopartyctf2015_rev100/solve.py
@@ -53,7 +53,7 @@ def calc_one_byte(p, known_passwords, hook_func, start_addr, load_addr1, load_ad
     p.hook(load_addr2, UserHook(user_func=hook_func, length=14))
     state = p.factory.blank_state(addr=start_addr)
     state, password = prepare_state(state, known_passwords)
-    sm = p.factory.simgr(state, immutable=False)
+    sm = p.factory.simulation_manager(state, immutable=False)
     sm.step(4)
     sm.step(size=cmp_addr - load_addr2)
 

diff --git a/examples/ekopartyctf2016_sokohashv2/sokosolver.py b/examples/ekopartyctf2016_sokohashv2/sokosolver.py
@@ -165,7 +165,7 @@ def get_table(state):
 ##############################################
 FIND=0x40123E
 #run sym execute
-sm = p.factory.simgr(initial_state, threads=8)
+sm = p.factory.simulation_manager(initial_state, threads=8)
 sm.explore(find=FIND)
 
 #now we will get the supposed final state (the state after the symbolic execution)

diff --git a/examples/ekopartyctf2016_sokohashv2/sokosolver_facuman.py b/examples/ekopartyctf2016_sokohashv2/sokosolver_facuman.py
@@ -134,7 +134,7 @@ def main():
 
     buffer = init.memory.load(init.regs.ebp + 0x8, 0x20)
 
-    sm = proj.factory.simgr(init, threads=8, save_unconstrained=True)
+    sm = proj.factory.simulation_manager(init, threads=8, save_unconstrained=True)
     sm.explore(find=to_find)
 
     found = sm.found[0]

diff --git a/examples/fauxware/solve.py b/examples/fauxware/solve.py
@@ -32,7 +32,7 @@ def basic_symbolic_execution():
     # of states with various tags attached with a number of convenient
     # interfaces for managing them.
 
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
 
     # Uncomment the following line to spawn an IPython shell when the program
     # gets to this point so you can poke around at the four objects we just

diff --git a/examples/flareon2015_2/solve.py b/examples/flareon2015_2/solve.py
@@ -15,7 +15,7 @@ def main():
     # store a symbolic string for the input
     s.memory.store(0x402159, s.se.BVS("ans", 8*40))
     # explore for success state, avoiding failure
-    sm = b.factory.simgr(s, immutable=False)
+    sm = b.factory.simulation_manager(s, immutable=False)
     sm.explore(find=0x40106b, avoid=0x401072)
     # print the string
     found_state = sm.found[0]

diff --git a/examples/flareon2015_5/solve.py b/examples/flareon2015_5/solve.py
@@ -52,7 +52,7 @@ def main():
     p.hook(0x4011D6, hook_heapalloc, length=5)
 
     # Explore the states until after the hash is computed
-    sm = p.factory.simgr(state, immutable=False)
+    sm = p.factory.simulation_manager(state, immutable=False)
     sm.explore(find=0x4011EC)
 
     # Add constraints to make final hash equal to the one we want

diff --git a/examples/google2016_unbreakable_0/solve.py b/examples/google2016_unbreakable_0/solve.py
@@ -35,7 +35,7 @@ def main():
     initial_state.add_constraints(argv1.chop(8)[3] == '{')
     # angr will still find the solution without setting these, but it'll take a few seconds more.
 
-    sm = proj.factory.simgr(initial_state)
+    sm = proj.factory.simulation_manager(initial_state)
 
                           # 0x400830 = thank you message
     sm.explore(find=0x400830, avoid=0x400850)

diff --git a/examples/hackcon2016_angry-reverser/solve.py b/examples/hackcon2016_angry-reverser/solve.py
@@ -29,7 +29,7 @@ def main():
     avoid += [(crazy + offst) for offst in fails] # Let's save RAM
 
     print("Launching exploration")
-    sm = p.factory.simgr(init, threads=8)
+    sm = p.factory.simulation_manager(init, threads=8)
     angr.manager.l.setLevel(logging.DEBUG)
     ex = sm.explore(find=find, avoid=avoid)
 

diff --git a/examples/insomnihack_aeg/simple_aeg.py b/examples/insomnihack_aeg/simple_aeg.py
@@ -62,7 +62,7 @@ def main(binary):
 
     extras = {so.REVERSE_MEMORY_NAME_MAP, so.TRACK_ACTION_HISTORY}
     es = p.factory.entry_state(add_options=extras)
-    sm = p.factory.simgr(es, save_unconstrained=True)
+    sm = p.factory.simulation_manager(es, save_unconstrained=True)
 
     # find a bug giving us control of PC
     l.info("looking for vulnerability in '%s'", binary_name)

diff --git a/examples/mma_simplehash/solve.py b/examples/mma_simplehash/solve.py
@@ -85,7 +85,7 @@ def main():
 
     # Now, we start the symbolic execution. We create a PathGroup and set up some
     # logging (so that we can see what's happening).
-    sm = b.factory.simgr(s, immutable=False)
+    sm = b.factory.simulation_manager(s, immutable=False)
     angr.manager.l.setLevel("DEBUG")
 
     # We want to explore to the "success" state (0x8048A94) while avoiding the

diff --git a/examples/secconquals2016_ropsynth/solve.py b/examples/secconquals2016_ropsynth/solve.py
@@ -96,7 +96,7 @@ def get_gadgets():
 
         # We symbolically explore the function. We are looking for the state that returns to an address popped off our
         # symbolic stack, so we want to save unconstrained states.
-        sm = p.factory.simgr(state, save_unconstrained=True)
+        sm = p.factory.simulation_manager(state, save_unconstrained=True)
         sm.active[0].rip = f.addr # this is a workaround for a perceived (maybe not actual) but in angr
         sm.active[0].ip = f.addr # same here
         sm.explore(n=200)

diff --git a/examples/secuinside2016mbrainfuzz/solve.py b/examples/secuinside2016mbrainfuzz/solve.py
@@ -92,7 +92,7 @@ def generate_input(p, to_find, to_avoid, byte_addresses):
         e.regs.rcx = rcx
 
         #Generate a SimulationManager out of this state and explore
-        sm = p.factory.simgr(e)
+        sm = p.factory.simulation_manager(e)
         sm.explore(find=t,avoid=to_avoid)
 
         #Save the solutions

diff --git a/examples/securityfest_fairlight/solve.py b/examples/securityfest_fairlight/solve.py
@@ -18,7 +18,7 @@ def main():
     argv1 = claripy.BVS("argv1", 0xE * 8)
     initial_state = proj.factory.entry_state(args=["./fairlight", argv1]) 
 
-    sm = proj.factory.simgr(initial_state)
+    sm = proj.factory.simulation_manager(initial_state)
     sm.explore(find=0x4018f7, avoid=0x4018f9)
     found = sm.found[0]
     return found.se.eval(argv1, cast_to=str)

diff --git a/examples/sharif7/rev50/solve.py b/examples/sharif7/rev50/solve.py
@@ -98,7 +98,7 @@ def solve(_file):
     # Now, Angr will start to execute the binary from this initial state
     # and explore many state until it reaches a certain condition. In this
     # case, we want to run until we reached our stop_addr.
-    sm = project.factory.simgr(state)
+    sm = project.factory.simulation_manager(state)
     sm.explore(find=stop_addr)
 
     # At this point, the first active path reached our stop address

diff --git a/examples/simple_heap_overflow/solve.py b/examples/simple_heap_overflow/solve.py
@@ -30,7 +30,7 @@ def main():
                                                   angr.options.CONSTRAINT_TRACKING_IN_SOLVER })
 
     # We're looking for unconstrained paths, it means we may have control
-    sm = proj.factory.simgr(state,save_unconstrained=True)
+    sm = proj.factory.simulation_manager(state,save_unconstrained=True)
 
     # Step execution until we find a place we may control
     while sm.active and not sm.unconstrained:

diff --git a/examples/strcpy_find/solve.py b/examples/strcpy_find/solve.py
@@ -81,7 +81,7 @@ def get_byte(s, i):
     '''
      Create a new SimulationManager from the entry state
     '''
-    sm = project.factory.simgr(state)
+    sm = project.factory.simulation_manager(state)
 
     '''
      Since we want to find a path to strcpy ONLY where we have control of the

diff --git a/examples/sym-write/solve.py b/examples/sym-write/solve.py
@@ -21,7 +21,7 @@ def main():
 	u = claripy.BVS("u", 8)
 	state.memory.store(0x804a021, u)
 
-	sm = p.factory.simgr(state)
+	sm = p.factory.simulation_manager(state)
 
 	def correct(state):
 		try:

diff --git a/examples/tumctf2016_zwiebel/solve.py b/examples/tumctf2016_zwiebel/solve.py
@@ -15,7 +15,7 @@ def main():
 
     # unicorn support makes execution, especially code unpacking, way faster
     state = p.factory.entry_state(add_options=angr.options.unicorn)
-    sm = p.factory.simgr(state)
+    sm = p.factory.simulation_manager(state)
 
     while sm.active:
         # in order to save memory, we only keep the recent 20 deadended or

diff --git a/examples/unmapped_analysis/solve.py b/examples/unmapped_analysis/solve.py
@@ -17,7 +17,7 @@ def main():
 	project = angr.Project('./unmap', load_options={"auto_load_libs": False})
 	state = project.factory.entry_state(add_options={angr.options.STRICT_PAGE_ACCESS})
 
-	simulation_manager = project.factory.simgr(state)
+	simulation_manager = project.factory.simulation_manager(state)
 
 	# (•_•) ( •_•)>⌐■-■ (⌐■_■)
 	simulation_manager.explore()