-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathangr_vex.py
90 lines (70 loc) · 2.06 KB
/
angr_vex.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import angr
from capstone import *
import pyvex
md = Cs(CS_ARCH_X86, CS_MODE_32)
md.detail = True
main = 0x401120
test2 = 0x080491E7
#proj = angr.Project('D:\\Project\\PEVuln\\test\\x86\\Example.exe', auto_load_libs=False)
proj = angr.Project('D:\\Project\\PEVuln\\test\\simple1', auto_load_libs=False)
irsb = proj.factory.block(test2).vex
sm = proj.factory.simgr()
#print(irsb.pp())
print('dd')
#tmp = irsb.next()
##print(tmp)
#print(irsb.next.pp())
#print(irsb.jumpkind)
#print(irsb.tyenv.types)
#print(irsb.next.pp())
# for stmt in irsb.statements:
# stmt.pp()
# if isinstance(stmt, pyvex.IRStmt.Store):
# print('Data : ')
# stmt.data.pp()
# print('Type : ')
# print(stmt.data.result_type)
# print('')
# if isinstance(stmt, pyvex.IRStmt.Exit):
# print('Condition : ')
# stmt.guard.pp()
# print('Target : ')
# stmt.dst.pp()
cfgs = proj.analyses.CFGFast()
test2 = 0x080491E7
func = cfgs.kb.functions[test2]
basic_blocks = func.block_addrs
# 경로가 나눠질 경우 path로 구해야 함
#print(basic_blocks)
state = proj.factory.call_state(addr=test2)
ebp = state.regs.esp - 0x4 # 고정
simgr = proj.factory.simgr(state)
size = 0x10
data = []
print('############################')
for block in basic_blocks:
tmp = proj.factory.block(addr=block)
#print(tmp.disassembly)
#print(tmp.pp())
#print(tmp.vex.pp())
#print(tmp.instruction_addrs)
#print(tmp.instructions)
#print(tmp.vex_nostmt)
#print(tmp.serialize())
for stat in tmp.vex.statements:
if isinstance(stat, pyvex.stmt.WrTmp):
print(stat.data)
print(dir(stat.data))
print(stat.data.constants)
print(stat.data.op)
if isinstance(stat, pyvex.stmt.Put):
print('PUT')
print(stat.data)
print(stat.data.constants)
print(dir(stat.data))
print(type(stat))
print(dir(stat))
print('ZZ')
# print(tmp.vex.statements)
# print('CCC')
# print(dir(proj.factory.block(addr=block)))