Recompile changes

lxwAsm · Aug 18, 2017 · ec814f2 · ec814f2
1 parent 71ad0b3
commit ec814f2
Show file tree

Hide file tree

Showing 21 changed files with 7 additions and 3 deletions.
diff --git a/dist/00_angr_find b/dist/00_angr_find
diff --git a/dist/01_angr_avoid b/dist/01_angr_avoid
diff --git a/dist/02_angr_find_condition b/dist/02_angr_find_condition
diff --git a/dist/03_angr_symbolic_registers b/dist/03_angr_symbolic_registers
diff --git a/dist/04_angr_symbolic_stack b/dist/04_angr_symbolic_stack
diff --git a/dist/05_angr_symbolic_memory b/dist/05_angr_symbolic_memory
diff --git a/dist/06_angr_symbolic_dynamic_memory b/dist/06_angr_symbolic_dynamic_memory
diff --git a/dist/07_angr_symbolic_file b/dist/07_angr_symbolic_file
diff --git a/dist/08_angr_constraints b/dist/08_angr_constraints
diff --git a/dist/09_angr_hooks b/dist/09_angr_hooks
diff --git a/dist/10_angr_simprocedures b/dist/10_angr_simprocedures
diff --git a/dist/11_angr_sim_scanf b/dist/11_angr_sim_scanf
diff --git a/dist/12_angr_veritesting b/dist/12_angr_veritesting
diff --git a/dist/13_angr_static_binary b/dist/13_angr_static_binary
diff --git a/dist/14_angr_shared_library b/dist/14_angr_shared_library
diff --git a/dist/15_angr_arbitrary_read b/dist/15_angr_arbitrary_read
diff --git a/dist/16_angr_arbitrary_write b/dist/16_angr_arbitrary_write
diff --git a/dist/17_angr_arbitrary_jump b/dist/17_angr_arbitrary_jump
diff --git a/dist/lib14_angr_shared_library.so b/dist/lib14_angr_shared_library.so
diff --git a/dist/scaffold09.py b/dist/scaffold09.py
@@ -66,7 +66,7 @@ def skip_check_equals_(state):
     state.regs.eax = claripy.If(
       user_input_string == check_against_string, 
       claripy.BVV(1, 32), 
-      claripy.BVV(1, 32)
+      claripy.BVV(0, 32)
     )
 
   simulation = project.factory.simgr(initial_state)

diff --git a/dist/scaffold17.py b/dist/scaffold17.py
@@ -78,6 +78,11 @@ def has_active():
       if state.satisfiable(extra_constraints=(eip == ???):
         # We can!
         solution_state = unconstrained_state
+
+        # Now, constrain eip to equal the address of the print_good function.
+        # (!)
+        ...
+
         break
 
     # Since we already checked all of the unconstrained states and did not find
@@ -91,8 +96,7 @@ def has_active():
     for byte in solution_state.posix.files[sys.stdin.fileno()].all_bytes().chop(bits=8):
       solution_state.add_constraints(byte >= ???, byte <= ???)
 
-    # Constrain the instruction pointer to target the print_good function and
-    # then solve for the user input (recall that this is
+    # Solve for the user input (recall that this is
     # 'solution_state.posix.dumps(sys.stdin.fileno())')
     # (!)
     ...