bu neng da pin yin , hao qi
ida cfg :
type python :
irsb = proj.factory.block(addr=addr_main).vex
main_state = proj.factory.blank_state(addr = addr_main)
path = proj.factory.path(main_state)
print hex(path.addr)
path.step()
print "path has " ,len(path.successors), 'successors'
s = path.successors[0]
print hex(path.addr)
print hex(s.addr)
s.step()
print "another path has " ,len(s.successors), 'successors'
s1 = s.successors[0]
s2 = s.successors[1]
print hex(s1.addr),hex(s2.addr)
s1.step()
s2.step()
print "s1 path has ",len(s1.successors),'successors'
print "s2 path has ",len(s2.successors),'successors'
# s1_dead = s1.deadended[0]
s2_1 = s2.successors[0]
s2_2 = s2.successors[1]
print 's2_1 addr:',hex(s2_1.addr)
print 's2_2 addr:',hex(s2_2.addr)
path.step()print "path has " ,len(path.successors), 'successors'
s = path.successors[0]
print hex(path.addr)
print hex(s.addr)addr : 0x400576 is the start address of another block,so wo continue stepping
s.step()
print "another path has " ,len(s.successors), 'successors'
s1 = s.successors[0]
s2 = s.successors[1]
print hex(s1.addr),hex(s2.addr)another path has 2 successors
0x400581L 0x40054cLaddr : 0x400581L is the start address of last block
addr: 0x40054cL is the start address of another block
go on:
s1.step()
s2.step()
print "s1 path has ",len(s1.successors),'successors'
print "s2 path has ",len(s2.successors),'successors'
# s1_dead = s1.deadended[0]
s2_1 = s2.successors[0]
s2_2 = s2.successors[1]
print 's2_1 addr:',hex(s2_1.addr)
print 's2_2 addr:',hex(s2_2.addr)s1 path has 0 successors
s2 path has 2 successors
s2_1 addr: 0x400581L
s2_2 addr: 0x40054cLpath2 will continue in a loop