Closed lidgik closed 5 years ago
ltfish
commented
5 years ago Follow an existing path with concrete input first, and then unconstrain the input bytes. Then figure out which branch you want to negate and simply take the previously untaken state to solve for input bytes.
lidgik
commented
5 years ago Thx. But, would you show me the example code please? so I could understand the detail for basic learn.
ltfish
commented
5 years ago Sorry, I personally do not have the capacity to put together a demo for you. Someone else might want to step in.
You can learn a lot of basic stuff from the examples provided in angr-doc. Then I think it should be straightforward for you to reimplement DART.
zardus
commented
5 years ago Also, this is almost exactly what driller does at its core. Check out the shellphish/driller repo.
On Mon, Oct 15, 2018 at 10:30 AM Fish notifications@github.com wrote:
Sorry, I personally do not have the capacity to put together a demo for you. Someone else might want to step in.
You can learn a lot of basic stuff from the examples provided in angr-doc. Then I think it should be straightforward for you to reimplement DART.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/angr/angr/issues/1253#issuecomment-429942849, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSzl4t7LQgO8YtH--6uNZDJSkNcmIY_ks5ulMYZgaJpZM4Xcqc8 .
lidgik
commented
5 years ago Tks. I'll have a look.
Hey, I am an angr beginner. How to generate one testcase and negate? just like the algorithm in DART?