Closed lidgik closed 5 years ago
Follow an existing path with concrete input first, and then unconstrain the input bytes. Then figure out which branch you want to negate and simply take the previously untaken state to solve for input bytes.
Thx. But, would you show me the example code please? so I could understand the detail for basic learn.
Sorry, I personally do not have the capacity to put together a demo for you. Someone else might want to step in.
You can learn a lot of basic stuff from the examples provided in angr-doc. Then I think it should be straightforward for you to reimplement DART.
Also, this is almost exactly what driller does at its core. Check out the shellphish/driller repo.
On Mon, Oct 15, 2018 at 10:30 AM Fish notifications@github.com wrote:
Sorry, I personally do not have the capacity to put together a demo for you. Someone else might want to step in.
You can learn a lot of basic stuff from the examples provided in angr-doc. Then I think it should be straightforward for you to reimplement DART.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/angr/angr/issues/1253#issuecomment-429942849, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSzl4t7LQgO8YtH--6uNZDJSkNcmIY_ks5ulMYZgaJpZM4Xcqc8 .
Tks. I'll have a look.
Hey, I am an angr beginner. How to generate one testcase and negate? just like the algorithm in DART?