You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
using tritondse to solve the famous copy_it example failed: copy_it on usenix
AFL++ was able to find it in a few seconds, KLEE was able to solve it on ~ 1 hour.
when I tried to solve it with tritondse exploration:
I compiled copyit with clang -m32 copy_it.c -o copy_it.elf
from triton import Instruction
from tritondse import SymbolicExplorator, Config, Seed, Program, ProcessState, SeedFormat, CompositeData
from tritondse import Config
from tritondse import CoverageStrategy
from tritondse import Seed, CompositeData
import time
p = Program("./copy_it.elf")
config = Config(coverage_strategy=CoverageStrategy.PATH, pipe_stdout=True, seed_format=SeedFormat.COMPOSITE)
explorer = SymbolicExplorator(config, p)
composite_seed = Seed(CompositeData(argv=[b"./copy_it.elf", b"filename.txt"],files={"filename.txt": b"A"*51}))
explorer.add_input_seed(composite_seed)
file2=open("symbolicExploration_inputs.log","w")
def pre_exec_hook(se: SymbolicExplorator, state: ProcessState):
file2.write(f"input: {se.seed.hash} {se.seed.content.argv} {se.seed.content.files} \n")
file2.flush()
file=open("symbolicExploration_results.log","w")
def post_exec_hook(se: SymbolicExplorator, state: ProcessState):
if se.exitcode!=0:
file.write(f"crashed!!! with [exitcode:{se.exitcode}] input: {se.seed.hash} {se.seed.content.argv} {se.seed.content.files}\n")
else:
file.write(f"input: {se.seed.hash} {se.seed.content.argv} {se.seed.content.files} \n")
file.flush()
time.sleep(2)
explorer.callback_manager.register_pre_execution_callback(pre_exec_hook)
explorer.callback_manager.register_post_execution_callback(post_exec_hook)
explorer.explore()
if I do not add time.sleep(2) after ~ 10 minutes all my recourses are taken and I can't even use my mouse/key
even if I add time.sleep(2) tritondse did not found the crashing input for copy_it program, while KLEE was able to find it in ~1 hour
after ~1 day tritondse get segfault (I do not know what cause tritondse to crash):
I wanted to ask:
do you know why it's take tritondse to solve it more time?
what causing the segfault?
The text was updated successfully, but these errors were encountered:
using tritondse to solve the famous copy_it example failed: copy_it on usenix
AFL++ was able to find it in a few seconds, KLEE was able to solve it on ~ 1 hour.
when I tried to solve it with tritondse exploration:
I compiled copyit with
clang -m32 copy_it.c -o copy_it.elftime.sleep(2)after ~ 10 minutes all my recourses are taken and I can't even use my mouse/keytime.sleep(2)tritondse did not found the crashing input for copy_it program, while KLEE was able to find it in ~1 hourI wanted to ask:
The text was updated successfully, but these errors were encountered: