YSc21
commented
8 years ago It's angr's warning which likes this issue. The message is explained by rhelmot:
This message shows up whenever the instruction pointer at the end of a block has become a symbolic value with more than 257 ways to satisfy the constraints applied to it. Usually, this means that it's unconstrained, and we have no way of continuing execution.
When I run "python my_aegg.py"; I got this: WARNING | 2016-10-31 05:38:06,210 | simuvex.plugins.symbolic_memory | Concretizing symbolic length. Much sad; think about implementing. WARNING | 2016-10-31 05:38:19,864 | simuvex.srun | Exit state has over 257 possible solutions. Likely unconstrained; skipping. <BV32 (if (((0xf7fb5fa1 + (if (<...> == <...>) then 0x804a060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 29)) then 8 else file/dev/stdin_0_0_52456[239:232]) .. (if (((0xf7fb5fa1 + (if (<...> == <...>) then 0x804a060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 28)) then 4 else file/dev/stdin_0_0_52456[231:224]) .. (if (((0xf7fb5fa1 + (if (<...> == <...>) then 0x804a060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 27)) then 133 else file/dev/stdin_0_0_52456[223:216]) .. (if (((0xf7fb5fa1 + (if (<...> == <...>) then 0x804a060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 26)) then 132 else file/dev/stdin_0_0_5_2456[215:208])> ... / some other information / ... INFO | 2016-10-31 05:38:40,134 | aegg.aegg | Can not generate any payload. INFO | 2016-10-31 05:38:40,134 | aegg.aegg | Completed.