From f79dbb2cfc7fc41955922990ccd3363c8058ed24 Mon Sep 17 00:00:00 2001 From: Chani Jindal Date: Wed, 29 May 2024 08:05:01 +0000 Subject: [PATCH] avoid a couple unnecessary eval_upto which are slow, there doesn't seem to be any constraints so we can use the .symbolic property --- angrop/gadget_finder/gadget_analyzer.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/angrop/gadget_finder/gadget_analyzer.py b/angrop/gadget_finder/gadget_analyzer.py index fa433d7..81e3645 100644 --- a/angrop/gadget_finder/gadget_analyzer.py +++ b/angrop/gadget_finder/gadget_analyzer.py @@ -356,10 +356,7 @@ def _analyze_concrete_regs(self, init_state, final_state, gadget): val = state.registers.load(reg) if val.symbolic: continue - concrete_vals = state.solver.eval_upto(val, 2) - if len(concrete_vals) != 1: - continue - gadget.concrete_regs[reg] = concrete_vals[0] + gadget.concrete_regs[reg] = state.solver.eval(val) def _check_reg_changes(self, final_state, init_state, gadget): """ @@ -637,15 +634,12 @@ def _build_mem_access(self, a, gadget, init_state, final_state): if a.action == "write": # for writes we want what the data depends on - test_data = init_state.solver.eval_upto(a.data.ast, 2) - if len(test_data) > 1: + if a.data.ast.symbolic: mem_access.data_dependencies = rop_utils.get_ast_dependency(a.data.ast) mem_access.data_controllers = rop_utils.get_ast_controllers(init_state, a.data.ast, mem_access.data_dependencies) - elif len(test_data) == 1: - mem_access.data_constant = test_data[0] else: - raise RopException("No data values, something went wrong") + mem_access.data_constant = init_state.solver.eval(a.data.ast) elif a.action == "read": # for reads we want to know if any register will have the data after succ_state = final_state