0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] 4 pages modified

Browse source
This commit is contained in:
CPol 2021-09-20 19:46:35 +00:00 committed by gitbook-bot
parent 06bddbf70e
commit 5849813f27
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
SUMMARY.md
View file

@ -500,7 +500,8 @@
## Reversing
* [Reversing Tools & Basic Methods](reversing/reversing-tools-basic-methods/README.md)
* [Angr](reversing/reversing-tools-basic-methods/angr.md)
* [Angr](reversing/reversing-tools-basic-methods/angr/README.md)
* [Angr - Examples](reversing/reversing-tools-basic-methods/angr/angr-examples.md)
* [Z3 - Satisfiability Modulo Theories \(SMT\)](reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md)
* [Cheat Engine](reversing/reversing-tools-basic-methods/cheat-engine.md)
* [Blobrunner](reversing/reversing-tools-basic-methods/blobrunner.md)

4
reversing/reversing-tools-basic-methods/angr.md → reversing/reversing-tools-basic-methods/angr/README.md
View file

@ -204,3 +204,7 @@ True
Furthermore, you can use `proj.hook_symbol(name, hook)`, providing the name of a symbol as the first argument, to hook the address where the symbol lives
## Examples

46
reversing/reversing-tools-basic-methods/angr/angr-examples.md Normal file
View file

@ -0,0 +1,46 @@
# Angr - Examples
### Find input to reach address
```python
import angr
import sys
def main(argv):
path_to_binary = argv[1] # :string
project = angr.Project(path_to_binary)
# Tell Angr where to start executing (should it start from the main()
# function or somewhere else?) For now, use the entry_state function
# to instruct Angr to start from the main() function.
initial_state = project.factory.entry_state()
# Create a simulation manager initialized with the starting state. It provides
# a number of useful tools to search and execute the binary.
simulation = project.factory.simgr(initial_state)
# Explore the binary to attempt to find the address that prints "Good Job."
# You will have to find the address you want to find and insert it here.
# This function will keep executing until it either finds a solution or it
# has explored every possible path through the executable.
# (!)
print_good_address = 0x804867d
simulation.explore(find=print_good_address)
# Check that we have found a solution. The simulation.explore() method will
# set simulation.found to a list of the states that it could find that reach
# the instruction we asked it to search for. Remember, in Python, if a list
# is empty, it will be evaluated as false, otherwise true.
if simulation.found:
solution_state = simulation.found[0]
# Print the string that Angr wrote to stdin to follow solution_state. This
# is our solution.
print(solution_state.posix.dumps(sys.stdin.fileno()))
else:
raise Exception('Could not find the solution')
if __name__ == '__main__':
main(sys.argv)
```