how to get the unsigned int value of a claripy.ast.bv.BV object in angr?

Question

import angr
import claripy
# 创建 angr 项目对象
proj = angr.Project('./angr_study/main', load_options={'auto_load_libs': False})

# 设置函数参数
add_addr = proj.loader.find_symbol('add').rebased_addr

state = proj.factory.call_state(addr=add_addr)
state.regs.rdi = claripy.BVV(1234,64)
state.regs.rsi = claripy.BVV(1234,64)

simgr = proj.factory.simgr(state)
simgr.run()

#deadended 保存了每一种分支结束时的状态
if len(simgr.deadended) > 0:
    for state in simgr.deadended:
        print(state.regs.rax)
else:
    print('Error')

the return value of add function is saved in rax. but the type of state.regs.rax is claripy.ast.bv.BV. I want to use the value of rax as a unsigned int.

I do it with this code:

ret_val = int(('%s'%state.regs.rax)[6:-1],16)

This method works fine.But I don't think it's elegant. I want to know some other methods to convert state.regs.rax to a python int value.

score 0 · Answer 1 · answered Apr 06 '23 at 10:55

0

You can use state.regs.rax._model_concrete.value

answered Apr 06 '23 at 10:55

AminoACID

31
4

how to get the unsigned int value of a claripy.ast.bv.BV object in angr?

1 Answers1