Python syntax for angrgdb about angrgdb HOT 8 CLOSED

Look at https://github.com/andreafioraldi/angrdbg
Specifically at https://github.com/andreafioraldi/angrdbg/blob/master/angrdbg/core.py#L109
Or just use StateShot instead of StateManager to get an angr state and use plain angr API.
More info (a description of a subset of the current API) at chapter 3 of https://github.com/andreafioraldi/bsc-thesis/blob/master/thesis.pdf

from angrgdb.

core.py seems to specify that the expression passed to sim() has to be a register name or memory address. Then I could not actually pass a expression of type rax-0x30. Do I see that right?
A workaround would be to read the current register state and construct the address manually, but
basePointer = gdb.execute("info registers rbp")
does not actually return the result of the gdb.execute command - it just gets printed to screen.

I tried the alternative solution - using the plain angr api - which I would actually like better
project = angr.Project()
initialState = StateShot()
sm = project.factory.simulation_manager(initial_state)
this does not work because it does not know about angr, and importing it does also not work.
A quick example would be appreciated.

from angrgdb.

sm.sim(sm["rax"]-0x30, 100)

from angrgdb.

with angr,

state = StateShot()
sym = claripy.BVS("symbol", 100*8)
state.memory.store(state.regs.rax -0x30, sym)

from angrgdb.

Thanks!

from angrgdb.

Actually, in your second example, where do I get the simulation manager from?

from angrgdb.

load_project().factory.simulation_manager

from angrgdb.

Ok, that works. But without the StateManager() object
how do I do
sm.to_dbg(m.found[0])

from angrgdb.