I need to simulate this decompiled line of code in a Python script using claripy as solver engine,
*(ulong *)(global_variable + (ulong)((uint)local_variable[local_inedx + 1] & 1) * 8)
global_variable is basically an array cointaining a 0 and an integer and the local_variable is an array populated with 4 bytes symbolic variables that will be evaluated.
pwndbg> x/gx <global_variable address>
0x...70 <global_variable>: 0x0000000000000000
0x...78 <global_variable+8>: 0x000000009908b0df
As I've understood, depending on the & between the local variable value and 1 the code is resolved with 0 or the integer stored in global_variable+8.
I thought I'd use the claripy.If operations as below, but there's no way to satisfy the solver constraint.
claripy.If(local_variable[local_inedx + 1] & 1 == 1, claripy.BVV(0x9908b0df,32), claripy.BVV(0, 32))
As far as there could be other reason that implies the unsatisfied constraint I would like to know if this is the correct way to simulate read access to the global variables using claripy or there are other ways.
