跳转至

符号执行

1.安装教程

请参考http://blog.csdn.net/xiaosatianyu/article/details/51586498

简单列举下命令:

sudo pip install virtualenvwrapper
export WORKON_HOME=$HOME/Python-workhome
source /usr/local/bin/virtualenvwrapper.sh
mkvirtualenv angr
sudo pip install angr 

安装过程报错:
1.安装pyvex 报错

Collecting pyvex>=6.7.4.12 (from angr)
  Downloading pyvex-6.7.4.12.tar.gz (52kB)
    100% |████████████████████████████████| 61kB 386kB/s 
    Complete output from command python setup.py egg_info:
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    c/_cffi_backend.c:15:17: fatal error: ffi.h: 没有那个文件或目录
    compilation terminated.
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-j1RkZM/pyvex/setup.py", line 147, in <module>
        'pyvex': ['lib/*', 'include/*']
      File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/dist.py", line 318, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/usr/local/lib/python2.7/dist-packages/setuptools/dist.py", line 375, in fetch_build_eggs
        replace_conflicting=True,
      File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 851, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1123, in best_match
        return self.obtain(req, installer)
      File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1135, in obtain
        return installer(requirement)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/dist.py", line 443, in fetch_build_egg
        return cmd.easy_install(req)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 673, in easy_install
        return self.install_item(spec, dist.location, tmpdir, deps)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 699, in install_item
        dists = self.install_eggs(spec, download, tmpdir)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 880, in install_eggs
        return self.build_and_install(setup_script, setup_base)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1119, in build_and_install
        self.run_setup(setup_script, setup_base, args)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1107, in run_setup
        raise DistutilsError("Setup script exited with %s" % (v.args[0],))
    distutils.errors.DistutilsError: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

解决办法:
sudo pip install cffi

剩下的就一路顺风了。

2.使用教程

注意:angr似乎只能在linux 64位系统下运行
参看这里:https://github.com/angr/angr-dev/issues/14
32位会一直报段错误

例题:r100 编写脚本:solve.py

import angr

def main():
    p = angr.Project("r100", load_options={'auto_load_libs': False})
    ex = p.surveyors.Explorer(find=(0x400844, ), avoid=(0x400855,))
    ex.run()

    return ex.found[0].posix.dumps(0).strip('\0\n')

def test():
    assert main() == 'Code_Talkers'

if __name__ == '__main__':
    print main()

使用:

workon angr  //似乎会 找不到命令
直接进入angr-doc-master/examples/defcamp_r100
python solve.py

就可以看到答案了

title