dde79a0bab
* Remove ManticoreControl object * Some changes were brought in from dev-symbolicate-api * Add Manticore.terminate() * Add State.abandon() * Update sample scripts * Remove ctl from README * Fix tests * Bring in changes from dev-symbolicate-api * Lower-case wildcard * string -> cstring * abandon() docstring * Rename "name" to "label" * Remove obsolete comment * Make NUL a possible value for the last byte of a cstring * Fix AbandonState and add example binary&script * name -> label in tests, manticore.py * Ignore .DS_Store * Update symbolicate_buffer docstring
33 lines
898 B
Python
Executable File
33 lines
898 B
Python
Executable File
import sys
|
|
from manticore import Manticore
|
|
|
|
# This example demonstrates guiding Manticore's analysis
|
|
# by ignoring all branches to libc
|
|
|
|
def find_lib(m, name):
|
|
for vmmap in m.memory:
|
|
if vmmap.name == 'libc.so.6':
|
|
return vmmap
|
|
|
|
if __name__ == '__main__':
|
|
path = sys.argv[1]
|
|
# Create a new Manticore object
|
|
m = Manticore(path)
|
|
|
|
# Now that binary is loaded, pull out where libc is mapped
|
|
lib = find_lib(m, 'libc')
|
|
if lib is None:
|
|
sys.exit(1)
|
|
|
|
# Ensure that we ignore all possible branches to libc
|
|
# This hook returns False if we should abandon exploration
|
|
# or True to continue
|
|
def fork_hook(ctx, state):
|
|
_from, _to = lib.start, lib.start + lib.size
|
|
return not (_from <= state.cpu.PC < _to)
|
|
m.add_fork_hook(fork_hook)
|
|
|
|
# Start path exploration. start() returns when Manticore
|
|
# finishes
|
|
m.start()
|