Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

State errored with "Hit a symbolic conditional operation. Something has gone wildly wrong."

See original GitHub issue

Got an errored state while using angr for my research. Reproducing this without my code will be difficult, but I can post any additional info if required.

Environment Information:

angr environment report
=============================
Date: 2020-06-13 09:04:34.896061
Running in virtual environment at /home/r00tus3r/.virtualenvs/angr
Platform: linux-x86_64
Python version: 3.6.8 (default, Oct  7 2019, 12:59:55)
[GCC 8.3.0]
######## angr #########
Python found it in /home/r00tus3r/angr-dev/angr/angr
Pip version angr 8.20.6.8
Git info:
        Current commit dd6dc3eeae5f1f7fc19076fbe0a26b1af2a20062 from branch master
        Checked out from remote origin: https://github.com/angr/angr
######## ailment #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/ailment
Pip version ailment 8.20.6.8
Couldn't find git info
######## cle #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/cle
Pip version cle 8.20.6.8
Couldn't find git info
######## pyvex #########
Python found it in /home/r00tus3r/angr-dev/pyvex/pyvex
Pip version pyvex 8.20.6.8
Git info:
        Current commit 5d220bd283da59fd040632fc4bad77959d249323 from branch master
        Checked out from remote origin: https://github.com/angr/pyvex
######## claripy #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/claripy
Pip version claripy 8.20.6.8
Couldn't find git info
######## archinfo #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/archinfo
Pip version archinfo 8.20.6.8
Couldn't find git info
######## z3 #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/z3
Pip version z3-solver 4.8.7.0
Couldn't find git info
######## unicorn #########
Python found it in /home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/unicorn
Pip version unicorn 1.0.2rc4
Couldn't find git info
######### Native Module Info ##########
angr: <CDLL '/home/r00tus3r/angr-dev/angr/angr/lib/angr_native.so', handle 3735420 at 0x7fbb260466d8>
unicorn: <CDLL '/home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/unicorn/lib/libunicorn.so', handle 2e7a260 at 0x7fbb2c7a7860>
pyvex: <cffi.api._make_ffi_library.<locals>.FFILibrary object at 0x7fbb2d732550>
z3: <CDLL '/home/r00tus3r/.virtualenvs/angr/lib/python3.6/site-packages/z3/lib/libz3.so', handle 30bf110 at 0x7fbb296db6a0>

Backtrace:

File "/home/r00tus3r/angr-dev/angr/angr/sim_manager.py", line 261, in run
    self.step(stash=stash, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/misc/hookset.py", line 75, in __call__
    result = current_hook(self.func.__self__, *args, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/exploration_techniques/explorer.py", line 96, in step
    return simgr.step(stash=stash, extra_stop_points=base_extra_stop_points | self._extra_stop_points, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/misc/hookset.py", line 80, in __call__
    return self.func(*args, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/sim_manager.py", line 346, in step
    successors = self.step_state(state, successor_func=successor_func, **run_args)
  File "/home/r00tus3r/angr-dev/angr/angr/sim_manager.py", line 383, in step_state
    successors = self.successors(state, successor_func=successor_func, **run_args)
  File "/home/r00tus3r/angr-dev/angr/angr/sim_manager.py", line 422, in successors
    return self._project.factory.successors(state, **run_args)
  File "/home/r00tus3r/angr-dev/angr/angr/factory.py", line 60, in successors
    return self.default_engine.process(*args, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/light/slicing.py", line 19, in process
    return super().process(*args, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/engine.py", line 149, in process
    self.process_successors(self.successors, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/failure.py", line 21, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/syscall.py", line 18, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/hook.py", line 54, in process_successors
    return super().process_successors(successors, procedure=procedure, **kwargs)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/unicorn.py", line 122, in process_successors
    state.unicorn.setup()
  File "/home/r00tus3r/angr-dev/angr/angr/state_plugins/unicorn_engine.py", line 902, in setup
    self.set_regs()
  File "/home/r00tus3r/angr-dev/angr/angr/state_plugins/unicorn_engine.py", line 1120, in set_regs
    flags = self._process_value(self.state.regs.eflags, 'reg')
  File "/home/r00tus3r/angr-dev/angr/angr/state_plugins/view.py", line 35, in __getattr__
    return state.registers.load(k, inspect=inspect, disable_actions=disable_actions)
  File "/home/r00tus3r/angr-dev/angr/angr/storage/memory.py", line 747, in load
    named_addr, named_size = self._resolve_location_name(addr)
  File "/home/r00tus3r/angr-dev/angr/angr/storage/memory.py", line 381, in _resolve_location_name
    self.store('cc_dep1', _get_flags(self.state))
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py", line 1826, in _get_flags
    return amd64g_calculate_rflags_all(state, state.regs.cc_op, state.regs.cc_dep1, state.regs.cc_dep2, state.regs.cc_ndep)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py", line 992, in amd64g_calculate_rflags_all
    return pc_calculate_rdata_all(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform='AMD64')
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py", line 557, in pc_calculate_rdata_all
    rdata_all = pc_calculate_rdata_all_WRK(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=platform)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py", line 472, in pc_calculate_rdata_all_WRK
    cc_op = op_concretize(cc_op)
  File "/home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py", line 44, in op_concretize
    raise CCallMultivaluedException(cases)
angr.engines.vex.claripy.ccall.CCallMultivaluedException: [(<Bool if 0x200 * (0x0 .. sim_data_27_8) == 0x0 then False else (if 0x200 * (0x0 .. sim_data_27_8)[1:1] == 1 then 1 else (if 0x200 * (0x0 .. sim_data_27_8)[2:2] == 1 then 2 else (if 0x200 * (0x0 .. sim_data_27_8)[3:3] == 1 then 3 else (if 0x200 * (0x0 .. sim_data_27_8)[4:4] == 1 then 4 else (if 0x200 * (0x0 .. sim_data_27_8)[5:5] == 1 then 5 else (if 0x200 * (0x0 .. sim_data_27_8)[6:6] == 1 then 6 else (if 0x200 * (0x0 .. sim_data_27_8)[7:7] == 1 then 7 else (if 0x200 * (0x0 .. sim_data_27_8)[8:8] == 1 then 8 else (if 0x200 * (0x0 .. sim_data_27_8)[9:9] == 1 then 9 else (if 0x200 * (0x0 .. sim_data_27_8)[10:10] == 1 then 10 else (if 0x200 * (0x0 .. sim_data_27_8)[11:11] == 1 then 11 else (if 0x200 * (0x0 .. sim_data_27_8)[12:12] == 1 then 12 else (if 0x200 * (0x0 .. sim_data_27_8)[13:13] == 1 then 13 else (if 0x200 * (0x0 .. sim_data_27_8)[14:14] == 1 then 14 else (if 0x200 * (0x0 .. sim_data_27_8)[15:15] == 1 then 15 else (if 0x200 * (0x0 .. sim_data_27_8)[16:16] == 1 then 16 else (if 0x200 * (0x0 .. sim_data_27_8)[17:17] == 1 then 17 else (if 0x200 * (0x0 .. sim_data_27_8)[18:18] == 1 then 18 else (if 0x200 * (0x0 .. sim_data_27_8)[19:19] == 1 then 19 else (if 0x200 * (0x0 .. sim_data_27_8)[20:20] == 1 then 20 else (if 0x200 * (0x0 .. sim_data_27_8)[21:21] == 1 then 21 else (if 0x200 * (0x0 .. sim_data_27_8)[22:22] == 1 then 22 else (if 0x200 * (0x0 .. sim_data_27_8)[23:23] == 1 then 23 else (if 0x200 * (0x0 .. sim_data_27_8)[24:24] == 1 then 24 else (if 0x200 * (0x0 .. sim_data_27_8)[25:25] == 1 then 25 else (if 0x200 * (0x0 .. sim_data_27_8)[26:26] == 1 then 26 else (if 0x200 * (0x0 .. sim_data_27_8)[27:27] == 1 then 27 else (if 0x200 * (0x0 .. sim_data_27_8)[28:28] == 1 then 28 else (if 0x200 * (0x0 .. sim_data_27_8)[29:29] == 1 then 29 else (if 0x200 * (0x0 .. sim_data_27_8)[30:30] == 1 then 30 else (if 0x200 * (0x0 .. sim_data_27_8)[31:31] == 1 then 31 else 0))))))))))))))))))))))))))))))) == 0>, <BV64 0x0>), (<Bool if 0x200 * (0x0 .. sim_data_27_8) == 0x0 then (if 0x200 * (0x0 .. sim_data_27_8)[1:1] == 1 then 1 else (if 0x200 * (0x0 .. sim_data_27_8)[2:2] == 1 then 2 else (if 0x200 * (0x0 .. sim_data_27_8)[3:3] == 1 then 3 else (if 0x200 * (0x0 .. sim_data_27_8)[4:4] == 1 then 4 else (if 0x200 * (0x0 .. sim_data_27_8)[5:5] == 1 then 5 else (if 0x200 * (0x0 .. sim_data_27_8)[6:6] == 1 then 6 else (if 0x200 * (0x0 .. sim_data_27_8)[7:7] == 1 then 7 else (if 0x200 * (0x0 .. sim_data_27_8)[8:8] == 1 then 8 else (if 0x200 * (0x0 .. sim_data_27_8)[9:9] == 1 then 9 else (if 0x200 * (0x0 .. sim_data_27_8)[10:10] == 1 then 10 else (if 0x200 * (0x0 .. sim_data_27_8)[11:11] == 1 then 11 else (if 0x200 * (0x0 .. sim_data_27_8)[12:12] == 1 then 12 else (if 0x200 * (0x0 .. sim_data_27_8)[13:13] == 1 then 13 else (if 0x200 * (0x0 .. sim_data_27_8)[14:14] == 1 then 14 else (if 0x200 * (0x0 .. sim_data_27_8)[15:15] == 1 then 15 else (if 0x200 * (0x0 .. sim_data_27_8)[16:16] == 1 then 16 else (if 0x200 * (0x0 .. sim_data_27_8)[17:17] == 1 then 17 else (if 0x200 * (0x0 .. sim_data_27_8)[18:18] == 1 then 18 else (if 0x200 * (0x0 .. sim_data_27_8)[19:19] == 1 then 19 else (if 0x200 * (0x0 .. sim_data_27_8)[20:20] == 1 then 20 else (if 0x200 * (0x0 .. sim_data_27_8)[21:21] == 1 then 21 else (if 0x200 * (0x0 .. sim_data_27_8)[22:22] == 1 then 22 else (if 0x200 * (0x0 .. sim_data_27_8)[23:23] == 1 then 23 else (if 0x200 * (0x0 .. sim_data_27_8)[24:24] == 1 then 24 else (if 0x200 * (0x0 .. sim_data_27_8)[25:25] == 1 then 25 else (if 0x200 * (0x0 .. sim_data_27_8)[26:26] == 1 then 26 else (if 0x200 * (0x0 .. sim_data_27_8)[27:27] == 1 then 27 else (if 0x200 * (0x0 .. sim_data_27_8)[28:28] == 1 then 28 else (if 0x200 * (0x0 .. sim_data_27_8)[29:29] == 1 then 29 else (if 0x200 * (0x0 .. sim_data_27_8)[30:30] == 1 then 30 else (if 0x200 * (0x0 .. sim_data_27_8)[31:31] == 1 then 31 else 0))))))))))))))))))))))))))))))) == 0 else False>, <BV64 0x20>)]
Uncaught exception. Entering post mortem debugging
Running 'cont' or 'step' will restart the program
> /home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py(44)op_concretize()
     43         if all(c.op == 'BVV' for _, c in cases):
---> 44             raise CCallMultivaluedException(cases)
     45     if op.op != 'BVV':

ipdb> up
> /home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py(472)pc_calculate_rdata_all_WRK()
    471     # sanity check
--> 472     cc_op = op_concretize(cc_op)
    473

ipdb> up
> /home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py(557)pc_calculate_rdata_all()
    556 def pc_calculate_rdata_all(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=None):
--> 557     rdata_all = pc_calculate_rdata_all_WRK(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=platform)
    558     if isinstance(rdata_all, tuple):

ipdb> up
> /home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py(992)amd64g_calculate_rflags_all()
    991 def amd64g_calculate_rflags_all(state, cc_op, cc_dep1, cc_dep2, cc_ndep):
--> 992     return pc_calculate_rdata_all(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform='AMD64')
    993

ipdb> up
> /home/r00tus3r/angr-dev/angr/angr/engines/vex/claripy/ccall.py(1826)_get_flags()
   1825     elif state.arch.name == 'AMD64':
-> 1826         return amd64g_calculate_rflags_all(state, state.regs.cc_op, state.regs.cc_dep1, state.regs.cc_dep2, state.regs.cc_ndep)
   1827     elif is_arm_arch(state.arch):

ipdb> up
> /home/r00tus3r/angr-dev/angr/angr/storage/memory.py(381)_resolve_location_name()
    380                     if not is_write: # this work doesn't need to be done if we're just gonna overwrite it
--> 381                         self.store('cc_dep1', _get_flags(self.state))
    382                     self.store('cc_op', 0) # OP_COPY

ipdb> self.state.scratch.irsb.pp()
IRSB {
   t0:Ity_I64 t1:Ity_I64 t2:Ity_I64 t3:Ity_I64 t4:Ity_I64 t5:Ity_I64 t6:Ity_I64 t7:Ity_I64 t8:Ity_I64 t9:Ity_I64 t10:Ity_I64 t11:Ity_I64 t12:Ity_I64 t13:Ity_I64 t14:Ity_I64 t15:Ity_I64 t16:Ity_I64 t17:Ity_I64 t18:Ity_I8 t19:Ity_I1 t20:Ity_I64 t21:Ity_I64 t22:Ity_I64 t23:Ity_I64 t24:Ity_I64 t25:Ity_I64 t26:Ity_I64 t27:Ity_I64 t28:Ity_I64 t29:Ity_I64 t30:Ity_I64 t31:Ity_I64 t32:Ity_I64 t33:Ity_I64 t34:Ity_I64 t35:Ity_I64 t36:Ity_I64 t37:Ity_I64 t38:Ity_I64 t39:Ity_I64 t40:Ity_I64 t41:Ity_I64 t42:Ity_I64 t43:Ity_I64 t44:Ity_I64 t45:Ity_I64 t46:Ity_I64 t47:Ity_I64 t48:Ity_I64 t49:Ity_I32 t50:Ity_I64 t51:Ity_I64 t52:Ity_I64 t53:Ity_I64 t54:Ity_I64 t55:Ity_I64 t56:Ity_I64 t57:Ity_I64 t58:Ity_I64 t59:Ity_I64 t60:Ity_I64 t61:Ity_I64 t62:Ity_I32 t63:Ity_I8 t64:Ity_I64 t65:Ity_I32 t66:Ity_I8 t67:Ity_I64 t68:Ity_I32 t69:Ity_I64 t70:Ity_I8 t71:Ity_I8 t72:Ity_I64 t73:Ity_I8 t74:Ity_I8 t75:Ity_I64 t76:Ity_I64 t77:Ity_I64 t78:Ity_I64 t79:Ity_I64 t80:Ity_I64 t81:Ity_I64 t82:Ity_I64 t83:Ity_I64 t84:Ity_I64 t85:Ity_I64 t86:Ity_I64 t87:Ity_I64 t88:Ity_I64 t89:Ity_I64 t90:Ity_I32 t91:Ity_I64 t92:Ity_I64 t93:Ity_I64 t94:Ity_I64 t95:Ity_I64 t96:Ity_I64 t97:Ity_I64

   00 | ------ IMark(0x7f4c358588b8, 4, 0) ------
   01 | t26 = GET:I64(rbp)
   02 | t25 = Add64(t26,0xffffffffffffff98)
   03 | t27 = LDle:I64(t25)
   04 | PUT(rip) = 0x00007f4c358588bc
   05 | ------ IMark(0x7f4c358588bc, 7, 0) ------
   06 | t28 = Add64(t27,0x0000000000000090)
   07 | t30 = LDle:I64(t28)
   08 | PUT(rip) = 0x00007f4c358588c3
   09 | ------ IMark(0x7f4c358588c3, 7, 0) ------
   10 | STle(t30) = 0x0000000000000000
   11 | PUT(rip) = 0x00007f4c358588ca
   12 | ------ IMark(0x7f4c358588ca, 4, 0) ------
   13 | t31 = Add64(t26,0xffffffffffffff98)
   14 | t33 = LDle:I64(t31)
   15 | PUT(rip) = 0x00007f4c358588ce
   16 | ------ IMark(0x7f4c358588ce, 7, 0) ------
   17 | t34 = Add64(t33,0x0000000000000090)
   18 | t36 = LDle:I64(t34)
   19 | PUT(rip) = 0x00007f4c358588d5
   20 | ------ IMark(0x7f4c358588d5, 4, 0) ------
   21 | t37 = Add64(t26,0xffffffffffffffd0)
   22 | t39 = LDle:I64(t37)
   23 | PUT(rip) = 0x00007f4c358588d9
   24 | ------ IMark(0x7f4c358588d9, 4, 0) ------
   25 | t40 = Add64(t36,0x0000000000000008)
   26 | STle(t40) = t39
   27 | PUT(rip) = 0x00007f4c358588dd
   28 | ------ IMark(0x7f4c358588dd, 4, 0) ------
   29 | t43 = Add64(t26,0xffffffffffffff98)
   30 | t45 = LDle:I64(t43)
   31 | PUT(rip) = 0x00007f4c358588e1
   32 | ------ IMark(0x7f4c358588e1, 3, 0) ------
   33 | t46 = Add64(t45,0x000000000000002c)
   34 | t49 = LDle:I32(t46)
   35 | t48 = 32Uto64(t49)
   36 | PUT(rip) = 0x00007f4c358588e4
   37 | ------ IMark(0x7f4c358588e4, 4, 0) ------
   38 | t50 = Add64(t26,0xffffffffffffff98)
   39 | t52 = LDle:I64(t50)
   40 | PUT(rip) = 0x00007f4c358588e8
   41 | ------ IMark(0x7f4c358588e8, 7, 0) ------
   42 | t53 = Add64(t52,0x0000000000000088)
   43 | t55 = LDle:I64(t53)
   44 | PUT(rip) = 0x00007f4c358588ef
   45 | ------ IMark(0x7f4c358588ef, 4, 0) ------
   46 | t56 = Add64(t26,0xffffffffffffff98)
   47 | t58 = LDle:I64(t56)
   48 | PUT(rip) = 0x00007f4c358588f3
   49 | ------ IMark(0x7f4c358588f3, 4, 0) ------
   50 | t59 = Add64(t58,0x0000000000000034)
   51 | t63 = LDle:I8(t59)
   52 | t62 = 8Uto32(t63)
   53 | t61 = 32Uto64(t62)
   54 | PUT(rax) = t61
   55 | ------ IMark(0x7f4c358588f7, 3, 0) ------
   56 | t66 = GET:I8(al)
   57 | t65 = 8Uto32(t66)
   58 | t64 = 32Uto64(t65)
   59 | ------ IMark(0x7f4c358588fa, 2, 0) ------
   60 | t68 = 64to32(t64)
   61 | t67 = 32Uto64(t68)
   62 | PUT(rcx) = t67
   63 | ------ IMark(0x7f4c358588fc, 3, 0) ------
   64 | t71 = GET:I8(cl)
   65 | t70 = And8(t71,0x3f)
   66 | t16 = Shl64(t55,t70)
   67 | t74 = Sub8(t70,0x01)
   68 | t73 = And8(t74,0x3f)
   69 | t72 = Shl64(t55,t73)
   70 | t19 = CmpNE8(t70,0x00)
   71 | t76 = GET:I64(cc_op)
   72 | t75 = ITE(t19,0x0000000000000020,t76)
   73 | PUT(cc_op) = t75
   74 | t78 = GET:I64(cc_dep1)
   75 | t77 = ITE(t19,t16,t78)
   76 | PUT(cc_dep1) = t77
   77 | t80 = GET:I64(cc_dep2)
   78 | t79 = ITE(t19,t72,t80)
   79 | PUT(cc_dep2) = t79
   80 | PUT(rsi) = t16
   81 | PUT(rip) = 0x00007f4c358588ff
   82 | ------ IMark(0x7f4c358588ff, 4, 0) ------
   83 | t81 = Add64(t26,0xffffffffffffff98)
   84 | t83 = LDle:I64(t81)
   85 | PUT(rip) = 0x00007f4c35858903
   86 | ------ IMark(0x7f4c35858903, 3, 0) ------
   87 | t84 = LDle:I64(t83)
   88 | PUT(rax) = t84
   89 | PUT(rip) = 0x00007f4c35858906
   90 | ------ IMark(0x7f4c35858906, 4, 0) ------
   91 | t85 = Add64(t26,0xffffffffffffffd0)
   92 | t87 = LDle:I64(t85)
   93 | ------ IMark(0x7f4c3585890a, 3, 0) ------
   94 | PUT(r8) = t87
   95 | ------ IMark(0x7f4c3585890d, 2, 0) ------
   96 | t90 = 64to32(t48)
   97 | t89 = 32Uto64(t90)
   98 | PUT(rcx) = t89
   99 | ------ IMark(0x7f4c3585890f, 5, 0) ------
   100 | PUT(rdx) = 0x0000000000000001
   101 | ------ IMark(0x7f4c35858914, 3, 0) ------
   102 | PUT(rdi) = t84
   103 | PUT(rip) = 0x00007f4c35858917
   104 | ------ IMark(0x7f4c35858917, 5, 0) ------
   105 | t95 = GET:I64(rsp)
   106 | t94 = Sub64(t95,0x0000000000000008)
   107 | PUT(rsp) = t94
   108 | STle(t94) = 0x00007f4c3585891c
   109 | t96 = Sub64(t94,0x0000000000000080)
   110 | ====== AbiHint(0xt96, 128, 0x00007f4c3581be70) ======
   NEXT: PUT(rip) = 0x00007f4c3581be70; Ijk_Call
}
ipdb> hex(self.state.scratch.bbl_addr)
'0x7f4c358588b8'
ipdb> hex(self.state.scratch.ins_addr)
'0x7f4c35858917'
ipdb> self.state.regs.rip
<BV64 0x7f4c3581be70>

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
rhelmotcommented, Jul 9, 2020

Okay, I found the problem. We did in fact fix the bug, but we didn’t use the fix in all the places we can call ccalls, notably _get_flags. In the case of unicorn, this doesn’t really matter because all it will see is “this is symbolic” and immediately bail, but this is a good thing to have fixed in general. I also pushed some simplifications to claripy which clean up some common patterns which pop out of the ccall mess for calculating flags.

1reaction
ltfishcommented, Jun 13, 2020

I feel it’s still the same bug, it’s just we hide it better now 😉

Read more comments on GitHub >

github_iconTop Results From Across the Web

Conditional statements and conditional operation
If an else branch has been specified for a conditional statement, the block defined by the else branch is run in the case...
Read more >
Formula Parse Errors In Google Sheets And How To Fix Them
In this post, I'll explain what a Google Sheets formula parse error is, how to identify what's causing the problem, and how to...
Read more >
[angr] Angr CMU Bomb Question
2) That error shows up when you have a dereference of a pointer which is a > symbolic value, and something goes wrong....
Read more >
Core - SymPy 1.11 documentation
If False, then arithmetic and operators will be converted into ... It is also able to coerce symbolic expressions which inherit from Basic...
Read more >
Writing YARA rules — yara 4.2.0 documentation
The condition section is where the logic of the rule resides. ... modifiers with a hexadecimal string or a regular expression will cause...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Incorrect arm (32 bits) CFG

Next page

ReachingDefinitions wrong keys inside dep_graph.