Hi, I'm currently working on a project that is attempting to use KLEE to help automatically inject exploits into vulnerable code for testing and POC. I was wondering if it was possible to extend KLEE to give a program concrete inputs when certain parameters are met (for example, if an array of over 100 length is found, inject a certain string of shellcode rather than symbolically fuzzing the array), and if so, where in the source code this type of functionality should be implemented.
_______________________________________________ klee-dev mailing list [email protected] http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
