Use BVV from claripy (#116)

angrop/chain_builder/mem_changer.py

@@ -1,6 +1,7 @@
 import logging
 from functools import cmp_to_key
 
+import claripy
 import angr
 
 from .builder import Builder
@@ -140,9 +141,9 @@ def _add_mem_with_gadget(self, gadget, addr, data_size, final_val=None, differen
         test_state = self.make_sim_state(gadget.addr)
 
         if difference is not None:
-            test_state.memory.store(addr.concreted, test_state.solver.BVV(~(difference.concreted), data_size)) # pylint:disable=invalid-unary-operand-type
+            test_state.memory.store(addr.concreted, claripy.BVV(~(difference.concreted), data_size)) # pylint:disable=invalid-unary-operand-type
         if final_val is not None:
-            test_state.memory.store(addr.concreted, test_state.solver.BVV(~final_val, data_size)) # pylint:disable=invalid-unary-operand-type
+            test_state.memory.store(addr.concreted, claripy.BVV(~final_val, data_size)) # pylint:disable=invalid-unary-operand-type
 
         # step the gadget
         pre_gadget_state = test_state
@@ -171,11 +172,11 @@ def _add_mem_with_gadget(self, gadget, addr, data_size, final_val=None, differen
         # constrain the data
         if final_val is not None:
             test_state.add_constraints(state.memory.load(addr.concreted, data_size//8, endness=arch_endness) ==
-                                       test_state.solver.BVV(final_val, data_size))
+                                       claripy.BVV(final_val, data_size))
         if difference is not None:
             test_state.add_constraints(state.memory.load(addr.concreted, data_size//8, endness=arch_endness) -
                                        test_state.memory.load(addr.concreted, data_size//8, endness=arch_endness) ==
-                                       test_state.solver.BVV(difference.concreted, data_size))
+                                       claripy.BVV(difference.concreted, data_size))
 
         # get the actual register values
         all_deps = list(mem_change.addr_dependencies) + list(mem_change.data_dependencies)

angrop/chain_builder/mem_writer.py

@@ -225,7 +225,7 @@ def _write_to_mem_with_gadget(self, gadget, addr_val, data, use_partial_controll
         state = rop_utils.step_to_unconstrained_successor(self.project, pre_gadget_state)
 
         # constrain the data
-        test_state.add_constraints(state.memory.load(addr_val.data, len(data)) == test_state.solver.BVV(data))
+        test_state.add_constraints(state.memory.load(addr_val.data, len(data)) == claripy.BVV(data))
 
         # get the actual register values
         all_deps = list(mem_write.addr_dependencies) + list(mem_write.data_dependencies)

angrop/chain_builder/reg_setter.py

@@ -2,6 +2,7 @@
 import logging
 from collections import defaultdict
 
+import claripy
 from angr.errors import SimUnsatError
 
 from .builder import Builder
@@ -494,7 +495,7 @@ def _check_if_sufficient_partial_control(self, gadget, reg, value):
         state.registers.store(reg, 0)
         state.regs.ip = gadget.addr
         # store A's past the end of the stack
-        state.memory.store(state.regs.sp + gadget.stack_change, state.solver.BVV(b"A"*0x100))
+        state.memory.store(state.regs.sp + gadget.stack_change, claripy.BVV(b"A"*0x100))
 
         succ = rop_utils.step_to_unconstrained_successor(project=self.project, state=state)
         # successor

angrop/gadget_finder/gadget_analyzer.py

@@ -534,7 +534,7 @@ def _check_if_stack_controls_ast(self, ast, initial_state, gadget_stack_change=N
         stack_bytes_length = self._stack_bsize # number of controllable bytes
         if gadget_stack_change is not None:
             stack_bytes_length = min(max(gadget_stack_change, 0), stack_bytes_length)
-        concrete_stack = initial_state.solver.BVV(b"B" * stack_bytes_length)
+        concrete_stack = claripy.BVV(b"B" * stack_bytes_length)
         concrete_stack_s = initial_state.copy()
         concrete_stack_s.add_constraints(
             initial_state.memory.load(initial_state.regs.sp, stack_bytes_length) == concrete_stack)