angr 01_angr_avoid avoid路径优化

01_angr_avoid是angr的第2个例子，下载位置：https://github.com/jakespringer/angr_ctf

1 解题过程

(angr) dist$ ipython
Python 3.8.2 (default, Apr 27 2020, 15:53:34) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.26.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import angr

In [2]: p = angr.Project("./01_angr_avoid")

In [3]: init_state = p.factory.entry_state()

In [4]: sm = p.factory.simulation_manager(init_state)

In [5]: sm.explore(find=0x080485e5, avoid=0x080485a8)
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing memory or registers with an unspecified value. This could indicate unwanted behavior.
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 1) setting a value to the initial state
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to suppress these messages.
WARNING | 2021-08-17 05:00:47,178 | angr.storage.memory_mixins.default_filler_mixin | Filling register edi with 4 unconstrained bytes referenced from 0x80d4591 (__libc_csu_init+0x1 in 01_angr_avoid (0x80d4591))
WARNING | 2021-08-17 05:00:47,180 | angr.storage.memory_mixins.default_filler_mixin | Filling register ebx with 4 unconstrained bytes referenced from 0x80d4593 (__libc_csu_init+0x3 in 01_angr_avoid (0x80d4593))
WARNING | 2021-08-17 05:00:51,423 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffeff3d with 11 unconstrained bytes referenced from 0x818b210 (strncmp+0x0 in libc.so.6 (0x8b210))
WARNING | 2021-08-17 05:00:51,423 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffeff60 with 4 unconstrained bytes referenced from 0x818b210 (strncmp+0x0 in libc.so.6 (0x8b210))
Out[5]: <SimulationManager with 1 active, 16 deadended, 1 found, 8 avoid>

In [6]: found_state = sm.found[0]

In [7]: found_state.posix.dumps(0)
Out[7]: b'HUJOZMYS'

2 IDA设置的问题

拖入IDA32，提示如下信息：

通过修改配置文件\IDA_Pro_v7.5_Portable\cfg\hexrays.cfg来解决该问题：

MAX_FUNCSIZE            = 64        // Functions over 64K are not decompiled
 
// 修改为：
MAX_FUNCSIZE            = 1024        // Functions over 64K are not decompiled