PyPI - angr - Versions diffs - 9.2.103__py3-none-manylinux2014_aarch64.whl - Mend

angr 9.2.103__py3-none-manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (1300) hide show

angr/__init__.py +153 -0
angr/__main__.py +59 -0
angr/analyses/__init__.py +46 -0
angr/analyses/analysis.py +359 -0
angr/analyses/backward_slice.py +691 -0
angr/analyses/binary_optimizer.py +683 -0
angr/analyses/bindiff.py +1251 -0
angr/analyses/boyscout.py +77 -0
angr/analyses/callee_cleanup_finder.py +75 -0
angr/analyses/calling_convention.py +956 -0
angr/analyses/cdg.py +197 -0
angr/analyses/cfg/__init__.py +11 -0
angr/analyses/cfg/cfb.py +436 -0
angr/analyses/cfg/cfg.py +73 -0
angr/analyses/cfg/cfg_arch_options.py +82 -0
angr/analyses/cfg/cfg_base.py +2917 -0
angr/analyses/cfg/cfg_emulated.py +3570 -0
angr/analyses/cfg/cfg_fast.py +5053 -0
angr/analyses/cfg/cfg_fast_soot.py +669 -0
angr/analyses/cfg/cfg_job_base.py +204 -0
angr/analyses/cfg/indirect_jump_resolvers/__init__.py +8 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +63 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +52 -0
angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +151 -0
angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +141 -0
angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +68 -0
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2368 -0
angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +517 -0
angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +26 -0
angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +93 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +51 -0
angr/analyses/cfg_slice_to_sink/__init__.py +2 -0
angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
angr/analyses/cfg_slice_to_sink/graph.py +84 -0
angr/analyses/cfg_slice_to_sink/transitions.py +25 -0
angr/analyses/class_identifier.py +62 -0
angr/analyses/code_tagging.py +123 -0
angr/analyses/complete_calling_conventions.py +424 -0
angr/analyses/congruency_check.py +384 -0
angr/analyses/data_dep/__init__.py +2 -0
angr/analyses/data_dep/data_dependency_analysis.py +605 -0
angr/analyses/data_dep/dep_nodes.py +170 -0
angr/analyses/data_dep/sim_act_location.py +46 -0
angr/analyses/datagraph_meta.py +105 -0
angr/analyses/ddg.py +1695 -0
angr/analyses/decompiler/__init__.py +13 -0
angr/analyses/decompiler/ail_simplifier.py +1408 -0
angr/analyses/decompiler/ailgraph_walker.py +48 -0
angr/analyses/decompiler/block_io_finder.py +293 -0
angr/analyses/decompiler/block_similarity.py +188 -0
angr/analyses/decompiler/block_simplifier.py +434 -0
angr/analyses/decompiler/call_counter.py +43 -0
angr/analyses/decompiler/callsite_maker.py +403 -0
angr/analyses/decompiler/ccall_rewriters/__init__.py +6 -0
angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +489 -0
angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +19 -0
angr/analyses/decompiler/clinic.py +2166 -0
angr/analyses/decompiler/condition_processor.py +1184 -0
angr/analyses/decompiler/decompilation_cache.py +38 -0
angr/analyses/decompiler/decompilation_options.py +274 -0
angr/analyses/decompiler/decompiler.py +544 -0
angr/analyses/decompiler/empty_node_remover.py +211 -0
angr/analyses/decompiler/expression_counters.py +76 -0
angr/analyses/decompiler/expression_narrower.py +92 -0
angr/analyses/decompiler/goto_manager.py +73 -0
angr/analyses/decompiler/graph_region.py +413 -0
angr/analyses/decompiler/jump_target_collector.py +36 -0
angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +66 -0
angr/analyses/decompiler/optimization_passes/__init__.py +108 -0
angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +144 -0
angr/analyses/decompiler/optimization_passes/code_motion.py +360 -0
angr/analyses/decompiler/optimization_passes/const_derefs.py +265 -0
angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +108 -0
angr/analyses/decompiler/optimization_passes/deadblock_remover.py +73 -0
angr/analyses/decompiler/optimization_passes/div_simplifier.py +391 -0
angr/analyses/decompiler/optimization_passes/engine_base.py +303 -0
angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +136 -0
angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +91 -0
angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +386 -0
angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +226 -0
angr/analyses/decompiler/optimization_passes/ite_region_converter.py +189 -0
angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +757 -0
angr/analyses/decompiler/optimization_passes/mod_simplifier.py +86 -0
angr/analyses/decompiler/optimization_passes/multi_simplifier.py +227 -0
angr/analyses/decompiler/optimization_passes/optimization_pass.py +397 -0
angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +198 -0
angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +172 -0
angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +219 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +448 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +57 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +121 -0
angr/analyses/decompiler/optimization_passes/spilled_register_finder.py +18 -0
angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +293 -0
angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +110 -0
angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +281 -0
angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +87 -0
angr/analyses/decompiler/peephole_optimizations/__init__.py +69 -0
angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +38 -0
angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +31 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_div_const_mul_const.py +56 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +19 -0
angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +235 -0
angr/analyses/decompiler/peephole_optimizations/base.py +120 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +33 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +35 -0
angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
angr/analyses/decompiler/peephole_optimizations/bswap.py +131 -0
angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +72 -0
angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +27 -0
angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py +91 -0
angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +43 -0
angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +70 -0
angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +51 -0
angr/analyses/decompiler/peephole_optimizations/eager_eval.py +225 -0
angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +55 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +146 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +102 -0
angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +159 -0
angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +19 -0
angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +45 -0
angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +26 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +48 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +160 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +29 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +17 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +43 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +44 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +40 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +47 -0
angr/analyses/decompiler/peephole_optimizations/rol_ror.py +77 -0
angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +105 -0
angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +37 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +52 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +26 -0
angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +133 -0
angr/analyses/decompiler/redundant_label_remover.py +116 -0
angr/analyses/decompiler/region_identifier.py +1098 -0
angr/analyses/decompiler/region_simplifiers/__init__.py +1 -0
angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +93 -0
angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +81 -0
angr/analyses/decompiler/region_simplifiers/expr_folding.py +606 -0
angr/analyses/decompiler/region_simplifiers/goto.py +177 -0
angr/analyses/decompiler/region_simplifiers/if_.py +142 -0
angr/analyses/decompiler/region_simplifiers/ifelse.py +90 -0
angr/analyses/decompiler/region_simplifiers/loop.py +135 -0
angr/analyses/decompiler/region_simplifiers/node_address_finder.py +23 -0
angr/analyses/decompiler/region_simplifiers/region_simplifier.py +211 -0
angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +644 -0
angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +83 -0
angr/analyses/decompiler/region_walker.py +23 -0
angr/analyses/decompiler/return_maker.py +70 -0
angr/analyses/decompiler/seq_to_blocks.py +19 -0
angr/analyses/decompiler/sequence_walker.py +235 -0
angr/analyses/decompiler/structured_codegen/__init__.py +10 -0
angr/analyses/decompiler/structured_codegen/base.py +132 -0
angr/analyses/decompiler/structured_codegen/c.py +3811 -0
angr/analyses/decompiler/structured_codegen/dummy.py +14 -0
angr/analyses/decompiler/structured_codegen/dwarf_import.py +186 -0
angr/analyses/decompiler/structuring/__init__.py +15 -0
angr/analyses/decompiler/structuring/dream.py +1225 -0
angr/analyses/decompiler/structuring/phoenix.py +2546 -0
angr/analyses/decompiler/structuring/recursive_structurer.py +186 -0
angr/analyses/decompiler/structuring/structurer_base.py +954 -0
angr/analyses/decompiler/structuring/structurer_nodes.py +414 -0
angr/analyses/decompiler/utils.py +787 -0
angr/analyses/disassembly.py +1302 -0
angr/analyses/disassembly_utils.py +104 -0
angr/analyses/dominance_frontier.py +39 -0
angr/analyses/find_objects_static.py +203 -0
angr/analyses/flirt.py +185 -0
angr/analyses/forward_analysis/__init__.py +2 -0
angr/analyses/forward_analysis/forward_analysis.py +527 -0
angr/analyses/forward_analysis/job_info.py +64 -0
angr/analyses/forward_analysis/visitors/__init__.py +4 -0
angr/analyses/forward_analysis/visitors/call_graph.py +28 -0
angr/analyses/forward_analysis/visitors/function_graph.py +85 -0
angr/analyses/forward_analysis/visitors/graph.py +250 -0
angr/analyses/forward_analysis/visitors/loop.py +28 -0
angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
angr/analyses/identifier/__init__.py +1 -0
angr/analyses/identifier/custom_callable.py +138 -0
angr/analyses/identifier/errors.py +9 -0
angr/analyses/identifier/func.py +57 -0
angr/analyses/identifier/functions/__init__.py +36 -0
angr/analyses/identifier/functions/atoi.py +75 -0
angr/analyses/identifier/functions/based_atoi.py +128 -0
angr/analyses/identifier/functions/fdprintf.py +122 -0
angr/analyses/identifier/functions/free.py +64 -0
angr/analyses/identifier/functions/int2str.py +302 -0
angr/analyses/identifier/functions/malloc.py +113 -0
angr/analyses/identifier/functions/memcmp.py +69 -0
angr/analyses/identifier/functions/memcpy.py +89 -0
angr/analyses/identifier/functions/memset.py +43 -0
angr/analyses/identifier/functions/printf.py +122 -0
angr/analyses/identifier/functions/recv_until.py +315 -0
angr/analyses/identifier/functions/skip_calloc.py +72 -0
angr/analyses/identifier/functions/skip_realloc.py +99 -0
angr/analyses/identifier/functions/skip_recv_n.py +107 -0
angr/analyses/identifier/functions/snprintf.py +114 -0
angr/analyses/identifier/functions/sprintf.py +115 -0
angr/analyses/identifier/functions/strcasecmp.py +32 -0
angr/analyses/identifier/functions/strcmp.py +112 -0
angr/analyses/identifier/functions/strcpy.py +43 -0
angr/analyses/identifier/functions/strlen.py +26 -0
angr/analyses/identifier/functions/strncmp.py +103 -0
angr/analyses/identifier/functions/strncpy.py +65 -0
angr/analyses/identifier/functions/strtol.py +91 -0
angr/analyses/identifier/identify.py +848 -0
angr/analyses/identifier/runner.py +359 -0
angr/analyses/init_finder.py +264 -0
angr/analyses/loop_analysis.py +353 -0
angr/analyses/loopfinder.py +174 -0
angr/analyses/propagator/__init__.py +1 -0
angr/analyses/propagator/engine_ail.py +1560 -0
angr/analyses/propagator/engine_base.py +53 -0
angr/analyses/propagator/engine_vex.py +328 -0
angr/analyses/propagator/outdated_definition_walker.py +158 -0
angr/analyses/propagator/propagator.py +422 -0
angr/analyses/propagator/tmpvar_finder.py +17 -0
angr/analyses/propagator/top_checker_mixin.py +14 -0
angr/analyses/propagator/values.py +116 -0
angr/analyses/propagator/vex_vars.py +67 -0
angr/analyses/proximity_graph.py +452 -0
angr/analyses/reaching_definitions/__init__.py +65 -0
angr/analyses/reaching_definitions/call_trace.py +72 -0
angr/analyses/reaching_definitions/dep_graph.py +392 -0
angr/analyses/reaching_definitions/engine_ail.py +1172 -0
angr/analyses/reaching_definitions/engine_vex.py +1102 -0
angr/analyses/reaching_definitions/external_codeloc.py +0 -0
angr/analyses/reaching_definitions/function_handler.py +603 -0
angr/analyses/reaching_definitions/heap_allocator.py +69 -0
angr/analyses/reaching_definitions/rd_initializer.py +235 -0
angr/analyses/reaching_definitions/rd_state.py +613 -0
angr/analyses/reaching_definitions/reaching_definitions.py +594 -0
angr/analyses/reaching_definitions/subject.py +64 -0
angr/analyses/reassembler.py +2970 -0
angr/analyses/soot_class_hierarchy.py +283 -0
angr/analyses/stack_pointer_tracker.py +832 -0
angr/analyses/static_hooker.py +51 -0
angr/analyses/typehoon/__init__.py +1 -0
angr/analyses/typehoon/dfa.py +108 -0
angr/analyses/typehoon/lifter.py +91 -0
angr/analyses/typehoon/simple_solver.py +1258 -0
angr/analyses/typehoon/translator.py +242 -0
angr/analyses/typehoon/typeconsts.py +294 -0
angr/analyses/typehoon/typehoon.py +239 -0
angr/analyses/typehoon/typevars.py +565 -0
angr/analyses/typehoon/variance.py +10 -0
angr/analyses/variable_recovery/__init__.py +2 -0
angr/analyses/variable_recovery/annotations.py +57 -0
angr/analyses/variable_recovery/engine_ail.py +746 -0
angr/analyses/variable_recovery/engine_base.py +962 -0
angr/analyses/variable_recovery/engine_vex.py +580 -0
angr/analyses/variable_recovery/irsb_scanner.py +131 -0
angr/analyses/variable_recovery/variable_recovery.py +552 -0
angr/analyses/variable_recovery/variable_recovery_base.py +452 -0
angr/analyses/variable_recovery/variable_recovery_fast.py +589 -0
angr/analyses/veritesting.py +635 -0
angr/analyses/vfg.py +1945 -0
angr/analyses/vsa_ddg.py +423 -0
angr/analyses/vtable.py +92 -0
angr/analyses/xrefs.py +263 -0
angr/angrdb/__init__.py +9 -0
angr/angrdb/db.py +208 -0
angr/angrdb/models.py +183 -0
angr/angrdb/serializers/__init__.py +2 -0
angr/angrdb/serializers/cfg_model.py +41 -0
angr/angrdb/serializers/comments.py +59 -0
angr/angrdb/serializers/funcs.py +60 -0
angr/angrdb/serializers/kb.py +110 -0
angr/angrdb/serializers/labels.py +58 -0
angr/angrdb/serializers/loader.py +81 -0
angr/angrdb/serializers/structured_code.py +128 -0
angr/angrdb/serializers/variables.py +58 -0
angr/angrdb/serializers/xrefs.py +48 -0
angr/annocfg.py +320 -0
angr/blade.py +430 -0
angr/block.py +506 -0
angr/callable.py +162 -0
angr/calling_conventions.py +2383 -0
angr/code_location.py +168 -0
angr/codenode.py +140 -0
angr/concretization_strategies/__init__.py +97 -0
angr/concretization_strategies/any.py +15 -0
angr/concretization_strategies/any_named.py +32 -0
angr/concretization_strategies/controlled_data.py +54 -0
angr/concretization_strategies/eval.py +18 -0
angr/concretization_strategies/logging.py +32 -0
angr/concretization_strategies/max.py +24 -0
angr/concretization_strategies/nonzero.py +14 -0
angr/concretization_strategies/nonzero_range.py +20 -0
angr/concretization_strategies/norepeats.py +35 -0
angr/concretization_strategies/norepeats_range.py +35 -0
angr/concretization_strategies/range.py +17 -0
angr/concretization_strategies/signed_add.py +24 -0
angr/concretization_strategies/single.py +12 -0
angr/concretization_strategies/solutions.py +18 -0
angr/concretization_strategies/unlimited_range.py +15 -0
angr/distributed/__init__.py +3 -0
angr/distributed/server.py +198 -0
angr/distributed/worker.py +183 -0
angr/engines/__init__.py +41 -0
angr/engines/concrete.py +178 -0
angr/engines/engine.py +212 -0
angr/engines/failure.py +27 -0
angr/engines/hook.py +67 -0
angr/engines/light/__init__.py +2 -0
angr/engines/light/data.py +715 -0
angr/engines/light/engine.py +1441 -0
angr/engines/pcode/__init__.py +2 -0
angr/engines/pcode/behavior.py +995 -0
angr/engines/pcode/cc.py +123 -0
angr/engines/pcode/emulate.py +446 -0
angr/engines/pcode/engine.py +256 -0
angr/engines/pcode/lifter.py +1423 -0
angr/engines/procedure.py +71 -0
angr/engines/soot/__init__.py +1 -0
angr/engines/soot/engine.py +415 -0
angr/engines/soot/exceptions.py +14 -0
angr/engines/soot/expressions/__init__.py +56 -0
angr/engines/soot/expressions/arrayref.py +21 -0
angr/engines/soot/expressions/base.py +22 -0
angr/engines/soot/expressions/binop.py +27 -0
angr/engines/soot/expressions/cast.py +21 -0
angr/engines/soot/expressions/condition.py +34 -0
angr/engines/soot/expressions/constants.py +45 -0
angr/engines/soot/expressions/instanceOf.py +11 -0
angr/engines/soot/expressions/instancefieldref.py +7 -0
angr/engines/soot/expressions/invoke.py +117 -0
angr/engines/soot/expressions/length.py +7 -0
angr/engines/soot/expressions/local.py +7 -0
angr/engines/soot/expressions/new.py +15 -0
angr/engines/soot/expressions/newArray.py +51 -0
angr/engines/soot/expressions/newMultiArray.py +84 -0
angr/engines/soot/expressions/paramref.py +7 -0
angr/engines/soot/expressions/phi.py +29 -0
angr/engines/soot/expressions/staticfieldref.py +7 -0
angr/engines/soot/expressions/thisref.py +6 -0
angr/engines/soot/expressions/unsupported.py +6 -0
angr/engines/soot/field_dispatcher.py +49 -0
angr/engines/soot/method_dispatcher.py +49 -0
angr/engines/soot/statements/__init__.py +30 -0
angr/engines/soot/statements/assign.py +29 -0
angr/engines/soot/statements/base.py +80 -0
angr/engines/soot/statements/goto.py +11 -0
angr/engines/soot/statements/identity.py +14 -0
angr/engines/soot/statements/if_.py +16 -0
angr/engines/soot/statements/invoke.py +11 -0
angr/engines/soot/statements/return_.py +19 -0
angr/engines/soot/statements/switch.py +38 -0
angr/engines/soot/statements/throw.py +12 -0
angr/engines/soot/values/__init__.py +24 -0
angr/engines/soot/values/arrayref.py +124 -0
angr/engines/soot/values/base.py +4 -0
angr/engines/soot/values/constants.py +17 -0
angr/engines/soot/values/instancefieldref.py +42 -0
angr/engines/soot/values/local.py +17 -0
angr/engines/soot/values/paramref.py +17 -0
angr/engines/soot/values/staticfieldref.py +37 -0
angr/engines/soot/values/strref.py +37 -0
angr/engines/soot/values/thisref.py +148 -0
angr/engines/successors.py +540 -0
angr/engines/syscall.py +53 -0
angr/engines/unicorn.py +483 -0
angr/engines/vex/__init__.py +4 -0
angr/engines/vex/claripy/__init__.py +1 -0
angr/engines/vex/claripy/ccall.py +2097 -0
angr/engines/vex/claripy/datalayer.py +149 -0
angr/engines/vex/claripy/irop.py +1279 -0
angr/engines/vex/heavy/__init__.py +5 -0
angr/engines/vex/heavy/actions.py +237 -0
angr/engines/vex/heavy/concretizers.py +394 -0
angr/engines/vex/heavy/dirty.py +467 -0
angr/engines/vex/heavy/heavy.py +379 -0
angr/engines/vex/heavy/inspect.py +51 -0
angr/engines/vex/heavy/resilience.py +85 -0
angr/engines/vex/heavy/super_fastpath.py +34 -0
angr/engines/vex/lifter.py +424 -0
angr/engines/vex/light/__init__.py +3 -0
angr/engines/vex/light/light.py +555 -0
angr/engines/vex/light/resilience.py +73 -0
angr/engines/vex/light/slicing.py +51 -0
angr/errors.py +604 -0
angr/exploration_techniques/__init__.py +176 -0
angr/exploration_techniques/bucketizer.py +96 -0
angr/exploration_techniques/common.py +56 -0
angr/exploration_techniques/dfs.py +34 -0
angr/exploration_techniques/director.py +523 -0
angr/exploration_techniques/driller_core.py +102 -0
angr/exploration_techniques/explorer.py +146 -0
angr/exploration_techniques/lengthlimiter.py +20 -0
angr/exploration_techniques/local_loop_seer.py +64 -0
angr/exploration_techniques/loop_seer.py +239 -0
angr/exploration_techniques/manual_mergepoint.py +80 -0
angr/exploration_techniques/memory_watcher.py +40 -0
angr/exploration_techniques/oppologist.py +93 -0
angr/exploration_techniques/slicecutor.py +115 -0
angr/exploration_techniques/spiller.py +282 -0
angr/exploration_techniques/spiller_db.py +27 -0
angr/exploration_techniques/stochastic.py +57 -0
angr/exploration_techniques/suggestions.py +156 -0
angr/exploration_techniques/symbion.py +78 -0
angr/exploration_techniques/tech_builder.py +47 -0
angr/exploration_techniques/threading.py +77 -0
angr/exploration_techniques/timeout.py +31 -0
angr/exploration_techniques/tracer.py +1101 -0
angr/exploration_techniques/unique.py +104 -0
angr/exploration_techniques/veritesting.py +36 -0
angr/factory.py +385 -0
angr/flirt/__init__.py +126 -0
angr/flirt/build_sig.py +316 -0
angr/graph_utils.py +0 -0
angr/keyed_region.py +532 -0
angr/knowledge_base/__init__.py +1 -0
angr/knowledge_base/knowledge_base.py +145 -0
angr/knowledge_plugins/__init__.py +18 -0
angr/knowledge_plugins/callsite_prototypes.py +52 -0
angr/knowledge_plugins/cfg/__init__.py +16 -0
angr/knowledge_plugins/cfg/cfg_manager.py +94 -0
angr/knowledge_plugins/cfg/cfg_model.py +1057 -0
angr/knowledge_plugins/cfg/cfg_node.py +541 -0
angr/knowledge_plugins/cfg/indirect_jump.py +67 -0
angr/knowledge_plugins/cfg/memory_data.py +156 -0
angr/knowledge_plugins/comments.py +15 -0
angr/knowledge_plugins/custom_strings.py +37 -0
angr/knowledge_plugins/data.py +21 -0
angr/knowledge_plugins/debug_variables.py +221 -0
angr/knowledge_plugins/functions/__init__.py +2 -0
angr/knowledge_plugins/functions/function.py +1694 -0
angr/knowledge_plugins/functions/function_manager.py +501 -0
angr/knowledge_plugins/functions/function_parser.py +295 -0
angr/knowledge_plugins/functions/soot_function.py +131 -0
angr/knowledge_plugins/indirect_jumps.py +34 -0
angr/knowledge_plugins/key_definitions/__init__.py +16 -0
angr/knowledge_plugins/key_definitions/atoms.py +314 -0
angr/knowledge_plugins/key_definitions/constants.py +23 -0
angr/knowledge_plugins/key_definitions/definition.py +217 -0
angr/knowledge_plugins/key_definitions/environment.py +92 -0
angr/knowledge_plugins/key_definitions/heap_address.py +32 -0
angr/knowledge_plugins/key_definitions/key_definition_manager.py +81 -0
angr/knowledge_plugins/key_definitions/live_definitions.py +1074 -0
angr/knowledge_plugins/key_definitions/liveness.py +170 -0
angr/knowledge_plugins/key_definitions/rd_model.py +176 -0
angr/knowledge_plugins/key_definitions/tag.py +77 -0
angr/knowledge_plugins/key_definitions/undefined.py +67 -0
angr/knowledge_plugins/key_definitions/unknown_size.py +83 -0
angr/knowledge_plugins/key_definitions/uses.py +180 -0
angr/knowledge_plugins/labels.py +109 -0
angr/knowledge_plugins/patches.py +125 -0
angr/knowledge_plugins/plugin.py +23 -0
angr/knowledge_plugins/propagations/__init__.py +2 -0
angr/knowledge_plugins/propagations/prop_value.py +193 -0
angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
angr/knowledge_plugins/propagations/propagation_model.py +74 -0
angr/knowledge_plugins/propagations/states.py +1064 -0
angr/knowledge_plugins/structured_code/__init__.py +1 -0
angr/knowledge_plugins/structured_code/manager.py +59 -0
angr/knowledge_plugins/sync/__init__.py +1 -0
angr/knowledge_plugins/sync/sync_controller.py +329 -0
angr/knowledge_plugins/types.py +87 -0
angr/knowledge_plugins/variables/__init__.py +1 -0
angr/knowledge_plugins/variables/variable_access.py +114 -0
angr/knowledge_plugins/variables/variable_manager.py +1191 -0
angr/knowledge_plugins/xrefs/__init__.py +3 -0
angr/knowledge_plugins/xrefs/xref.py +157 -0
angr/knowledge_plugins/xrefs/xref_manager.py +122 -0
angr/knowledge_plugins/xrefs/xref_types.py +13 -0
angr/lib/angr_native.so +0 -0
angr/misc/__init__.py +8 -0
angr/misc/ansi.py +46 -0
angr/misc/autoimport.py +89 -0
angr/misc/bug_report.py +125 -0
angr/misc/hookset.py +106 -0
angr/misc/import_hooks.py +63 -0
angr/misc/loggers.py +130 -0
angr/misc/picklable_lock.py +45 -0
angr/misc/plugins.py +291 -0
angr/misc/range.py +21 -0
angr/misc/testing.py +23 -0
angr/misc/ux.py +31 -0
angr/misc/weakpatch.py +58 -0
angr/procedures/__init__.py +2 -0
angr/procedures/advapi32/__init__.py +0 -0
angr/procedures/cgc/__init__.py +3 -0
angr/procedures/cgc/_terminate.py +10 -0
angr/procedures/cgc/allocate.py +76 -0
angr/procedures/cgc/deallocate.py +59 -0
angr/procedures/cgc/fdwait.py +62 -0
angr/procedures/cgc/random.py +60 -0
angr/procedures/cgc/receive.py +91 -0
angr/procedures/cgc/transmit.py +63 -0
angr/procedures/definitions/__init__.py +784 -0
angr/procedures/definitions/cgc.py +19 -0
angr/procedures/definitions/glibc.py +8384 -0
angr/procedures/definitions/gnulib.py +35 -0
angr/procedures/definitions/libstdcpp.py +20 -0
angr/procedures/definitions/linux_kernel.py +6167 -0
angr/procedures/definitions/linux_loader.py +6 -0
angr/procedures/definitions/msvcr.py +15 -0
angr/procedures/definitions/parse_syscalls_from_local_system.py +49 -0
angr/procedures/definitions/parse_win32json.py +2556 -0
angr/procedures/definitions/types_win32.py +34481 -0
angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +44 -0
angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +40 -0
angr/procedures/definitions/wdk_clfs.py +154 -0
angr/procedures/definitions/wdk_fltmgr.py +570 -0
angr/procedures/definitions/wdk_fwpkclnt.py +44 -0
angr/procedures/definitions/wdk_fwpuclnt.py +330 -0
angr/procedures/definitions/wdk_gdi32.py +380 -0
angr/procedures/definitions/wdk_hal.py +92 -0
angr/procedures/definitions/wdk_ksecdd.py +76 -0
angr/procedures/definitions/wdk_ndis.py +252 -0
angr/procedures/definitions/wdk_ntoskrnl.py +3463 -0
angr/procedures/definitions/wdk_offreg.py +86 -0
angr/procedures/definitions/wdk_pshed.py +50 -0
angr/procedures/definitions/wdk_secur32.py +54 -0
angr/procedures/definitions/wdk_vhfum.py +48 -0
angr/procedures/definitions/win32_aclui.py +44 -0
angr/procedures/definitions/win32_activeds.py +82 -0
angr/procedures/definitions/win32_advapi32.py +1698 -0
angr/procedures/definitions/win32_advpack.py +138 -0
angr/procedures/definitions/win32_amsi.py +52 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +58 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +48 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +48 -0
angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +60 -0
angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +62 -0
angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +46 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +46 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +46 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +82 -0
angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +42 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +43 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +37 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +39 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +23 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +23 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +27 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +75 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +23 -0
angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +44 -0
angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +56 -0
angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +48 -0
angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +44 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +52 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +42 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +52 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +42 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +54 -0
angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +40 -0
angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +54 -0
angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +40 -0
angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +40 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +40 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +40 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +42 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +44 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +50 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +40 -0
angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +27 -0
angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +52 -0
angr/procedures/definitions/win32_apphelp.py +40 -0
angr/procedures/definitions/win32_authz.py +104 -0
angr/procedures/definitions/win32_avicap32.py +46 -0
angr/procedures/definitions/win32_avifil32.py +158 -0
angr/procedures/definitions/win32_avrt.py +66 -0
angr/procedures/definitions/win32_bcp47mrm.py +42 -0
angr/procedures/definitions/win32_bcrypt.py +144 -0
angr/procedures/definitions/win32_bcryptprimitives.py +42 -0
angr/procedures/definitions/win32_bluetoothapis.py +120 -0
angr/procedures/definitions/win32_bthprops.py +33 -0
angr/procedures/definitions/win32_bthprops_cpl.py +50 -0
angr/procedures/definitions/win32_cabinet.py +82 -0
angr/procedures/definitions/win32_certadm.py +74 -0
angr/procedures/definitions/win32_certpoleng.py +54 -0
angr/procedures/definitions/win32_cfgmgr32.py +516 -0
angr/procedures/definitions/win32_chakra.py +212 -0
angr/procedures/definitions/win32_cldapi.py +110 -0
angr/procedures/definitions/win32_clfsw32.py +156 -0
angr/procedures/definitions/win32_clusapi.py +598 -0
angr/procedures/definitions/win32_comctl32.py +268 -0
angr/procedures/definitions/win32_comdlg32.py +80 -0
angr/procedures/definitions/win32_compstui.py +46 -0
angr/procedures/definitions/win32_computecore.py +146 -0
angr/procedures/definitions/win32_computenetwork.py +124 -0
angr/procedures/definitions/win32_computestorage.py +62 -0
angr/procedures/definitions/win32_comsvcs.py +52 -0
angr/procedures/definitions/win32_coremessaging.py +23 -0
angr/procedures/definitions/win32_credui.py +76 -0
angr/procedures/definitions/win32_crypt32.py +496 -0
angr/procedures/definitions/win32_cryptnet.py +48 -0
angr/procedures/definitions/win32_cryptui.py +58 -0
angr/procedures/definitions/win32_cryptxml.py +76 -0
angr/procedures/definitions/win32_cscapi.py +46 -0
angr/procedures/definitions/win32_d2d1.py +64 -0
angr/procedures/definitions/win32_d3d10.py +92 -0
angr/procedures/definitions/win32_d3d10_1.py +42 -0
angr/procedures/definitions/win32_d3d11.py +44 -0
angr/procedures/definitions/win32_d3d12.py +54 -0
angr/procedures/definitions/win32_d3d9.py +60 -0
angr/procedures/definitions/win32_d3dcompiler_47.py +90 -0
angr/procedures/definitions/win32_d3dcsx.py +56 -0
angr/procedures/definitions/win32_davclnt.py +74 -0
angr/procedures/definitions/win32_dbgeng.py +46 -0
angr/procedures/definitions/win32_dbghelp.py +476 -0
angr/procedures/definitions/win32_dbgmodel.py +40 -0
angr/procedures/definitions/win32_dciman32.py +78 -0
angr/procedures/definitions/win32_dcomp.py +62 -0
angr/procedures/definitions/win32_ddraw.py +52 -0
angr/procedures/definitions/win32_deviceaccess.py +40 -0
angr/procedures/definitions/win32_dflayout.py +40 -0
angr/procedures/definitions/win32_dhcpcsvc.py +68 -0
angr/procedures/definitions/win32_dhcpcsvc6.py +50 -0
angr/procedures/definitions/win32_dhcpsapi.py +430 -0
angr/procedures/definitions/win32_diagnosticdataquery.py +108 -0
angr/procedures/definitions/win32_dinput8.py +40 -0
angr/procedures/definitions/win32_directml.py +42 -0
angr/procedures/definitions/win32_dmprocessxmlfiltered.py +40 -0
angr/procedures/definitions/win32_dnsapi.py +166 -0
angr/procedures/definitions/win32_drt.py +70 -0
angr/procedures/definitions/win32_drtprov.py +56 -0
angr/procedures/definitions/win32_drttransport.py +42 -0
angr/procedures/definitions/win32_dsound.py +58 -0
angr/procedures/definitions/win32_dsparse.py +76 -0
angr/procedures/definitions/win32_dsprop.py +52 -0
angr/procedures/definitions/win32_dssec.py +46 -0
angr/procedures/definitions/win32_dsuiext.py +46 -0
angr/procedures/definitions/win32_dwmapi.py +100 -0
angr/procedures/definitions/win32_dwrite.py +40 -0
angr/procedures/definitions/win32_dxcompiler.py +42 -0
angr/procedures/definitions/win32_dxcore.py +40 -0
angr/procedures/definitions/win32_dxgi.py +50 -0
angr/procedures/definitions/win32_dxva2.py +114 -0
angr/procedures/definitions/win32_eappcfg.py +66 -0
angr/procedures/definitions/win32_eappprxy.py +74 -0
angr/procedures/definitions/win32_efswrt.py +42 -0
angr/procedures/definitions/win32_elscore.py +48 -0
angr/procedures/definitions/win32_esent.py +496 -0
angr/procedures/definitions/win32_evr.py +52 -0
angr/procedures/definitions/win32_faultrep.py +46 -0
angr/procedures/definitions/win32_fhsvcctl.py +52 -0
angr/procedures/definitions/win32_firewallapi.py +44 -0
angr/procedures/definitions/win32_fltlib.py +94 -0
angr/procedures/definitions/win32_fontsub.py +42 -0
angr/procedures/definitions/win32_forceinline.py +44 -0
angr/procedures/definitions/win32_fwpuclnt.py +422 -0
angr/procedures/definitions/win32_fxsutility.py +42 -0
angr/procedures/definitions/win32_gdi32.py +900 -0
angr/procedures/definitions/win32_gdiplus.py +1296 -0
angr/procedures/definitions/win32_glu32.py +142 -0
angr/procedures/definitions/win32_gpedit.py +50 -0
angr/procedures/definitions/win32_hhctrl_ocx.py +42 -0
angr/procedures/definitions/win32_hid.py +128 -0
angr/procedures/definitions/win32_hlink.py +94 -0
angr/procedures/definitions/win32_hrtfapo.py +40 -0
angr/procedures/definitions/win32_httpapi.py +124 -0
angr/procedures/definitions/win32_icm32.py +80 -0
angr/procedures/definitions/win32_icmui.py +42 -0
angr/procedures/definitions/win32_icu.py +2088 -0
angr/procedures/definitions/win32_ieframe.py +96 -0
angr/procedures/definitions/win32_imagehlp.py +90 -0
angr/procedures/definitions/win32_imgutil.py +56 -0
angr/procedures/definitions/win32_imm32.py +202 -0
angr/procedures/definitions/win32_infocardapi.py +72 -0
angr/procedures/definitions/win32_inkobjcore.py +92 -0
angr/procedures/definitions/win32_iphlpapi.py +440 -0
angr/procedures/definitions/win32_iscsidsc.py +196 -0
angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +42 -0
angr/procedures/definitions/win32_kernel32.py +3199 -0
angr/procedures/definitions/win32_kernelbase.py +50 -0
angr/procedures/definitions/win32_keycredmgr.py +46 -0
angr/procedures/definitions/win32_ksproxy_ax.py +50 -0
angr/procedures/definitions/win32_ksuser.py +54 -0
angr/procedures/definitions/win32_ktmw32.py +116 -0
angr/procedures/definitions/win32_licenseprotection.py +42 -0
angr/procedures/definitions/win32_loadperf.py +62 -0
angr/procedures/definitions/win32_magnification.py +76 -0
angr/procedures/definitions/win32_mapi32.py +170 -0
angr/procedures/definitions/win32_mdmlocalmanagement.py +44 -0
angr/procedures/definitions/win32_mdmregistration.py +68 -0
angr/procedures/definitions/win32_mf.py +162 -0
angr/procedures/definitions/win32_mfcore.py +42 -0
angr/procedures/definitions/win32_mfplat.py +328 -0
angr/procedures/definitions/win32_mfplay.py +40 -0
angr/procedures/definitions/win32_mfreadwrite.py +48 -0
angr/procedures/definitions/win32_mfsensorgroup.py +58 -0
angr/procedures/definitions/win32_mfsrcsnk.py +42 -0
angr/procedures/definitions/win32_mgmtapi.py +56 -0
angr/procedures/definitions/win32_mi.py +40 -0
angr/procedures/definitions/win32_mmdevapi.py +40 -0
angr/procedures/definitions/win32_mpr.py +132 -0
angr/procedures/definitions/win32_mprapi.py +262 -0
angr/procedures/definitions/win32_mqrt.py +106 -0
angr/procedures/definitions/win32_mrmsupport.py +92 -0
angr/procedures/definitions/win32_msacm32.py +122 -0
angr/procedures/definitions/win32_msajapi.py +1132 -0
angr/procedures/definitions/win32_mscms.py +196 -0
angr/procedures/definitions/win32_mscoree.py +92 -0
angr/procedures/definitions/win32_msctfmonitor.py +44 -0
angr/procedures/definitions/win32_msdelta.py +70 -0
angr/procedures/definitions/win32_msdmo.py +60 -0
angr/procedures/definitions/win32_msdrm.py +206 -0
angr/procedures/definitions/win32_msi.py +566 -0
angr/procedures/definitions/win32_msimg32.py +44 -0
angr/procedures/definitions/win32_mspatcha.py +70 -0
angr/procedures/definitions/win32_mspatchc.py +56 -0
angr/procedures/definitions/win32_msports.py +52 -0
angr/procedures/definitions/win32_msrating.py +76 -0
angr/procedures/definitions/win32_mssign32.py +58 -0
angr/procedures/definitions/win32_mstask.py +42 -0
angr/procedures/definitions/win32_msvfw32.py +124 -0
angr/procedures/definitions/win32_mswsock.py +70 -0
angr/procedures/definitions/win32_mtxdm.py +40 -0
angr/procedures/definitions/win32_ncrypt.py +116 -0
angr/procedures/definitions/win32_ndfapi.py +70 -0
angr/procedures/definitions/win32_netapi32.py +450 -0
angr/procedures/definitions/win32_netsh.py +54 -0
angr/procedures/definitions/win32_netshell.py +42 -0
angr/procedures/definitions/win32_newdev.py +60 -0
angr/procedures/definitions/win32_ninput.py +98 -0
angr/procedures/definitions/win32_normaliz.py +42 -0
angr/procedures/definitions/win32_ntdll.py +185 -0
angr/procedures/definitions/win32_ntdllk.py +40 -0
angr/procedures/definitions/win32_ntdsapi.py +200 -0
angr/procedures/definitions/win32_ntlanman.py +58 -0
angr/procedures/definitions/win32_odbc32.py +406 -0
angr/procedures/definitions/win32_odbcbcp.py +92 -0
angr/procedures/definitions/win32_ole32.py +672 -0
angr/procedures/definitions/win32_oleacc.py +72 -0
angr/procedures/definitions/win32_oleaut32.py +848 -0
angr/procedures/definitions/win32_oledlg.py +84 -0
angr/procedures/definitions/win32_ondemandconnroutehelper.py +48 -0
angr/procedures/definitions/win32_opengl32.py +748 -0
angr/procedures/definitions/win32_opmxbox.py +44 -0
angr/procedures/definitions/win32_p2p.py +254 -0
angr/procedures/definitions/win32_p2pgraph.py +112 -0
angr/procedures/definitions/win32_pdh.py +234 -0
angr/procedures/definitions/win32_peerdist.py +94 -0
angr/procedures/definitions/win32_powrprof.py +206 -0
angr/procedures/definitions/win32_prntvpt.py +60 -0
angr/procedures/definitions/win32_projectedfslib.py +76 -0
angr/procedures/definitions/win32_propsys.py +474 -0
angr/procedures/definitions/win32_psapi.py +92 -0
angr/procedures/definitions/win32_quartz.py +42 -0
angr/procedures/definitions/win32_query.py +46 -0
angr/procedures/definitions/win32_qwave.py +60 -0
angr/procedures/definitions/win32_rasapi32.py +206 -0
angr/procedures/definitions/win32_rasdlg.py +50 -0
angr/procedures/definitions/win32_resutils.py +278 -0
angr/procedures/definitions/win32_rometadata.py +23 -0
angr/procedures/definitions/win32_rpcns4.py +160 -0
angr/procedures/definitions/win32_rpcproxy.py +46 -0
angr/procedures/definitions/win32_rpcrt4.py +932 -0
angr/procedures/definitions/win32_rstrtmgr.py +60 -0
angr/procedures/definitions/win32_rtm.py +190 -0
angr/procedures/definitions/win32_rtutils.py +120 -0
angr/procedures/definitions/win32_rtworkq.py +104 -0
angr/procedures/definitions/win32_sas.py +40 -0
angr/procedures/definitions/win32_scarddlg.py +48 -0
angr/procedures/definitions/win32_schannel.py +56 -0
angr/procedures/definitions/win32_sechost.py +42 -0
angr/procedures/definitions/win32_secur32.py +216 -0
angr/procedures/definitions/win32_sensapi.py +44 -0
angr/procedures/definitions/win32_sensorsutilsv2.py +118 -0
angr/procedures/definitions/win32_setupapi.py +706 -0
angr/procedures/definitions/win32_sfc.py +50 -0
angr/procedures/definitions/win32_shdocvw.py +44 -0
angr/procedures/definitions/win32_shell32.py +526 -0
angr/procedures/definitions/win32_shlwapi.py +758 -0
angr/procedures/definitions/win32_slc.py +102 -0
angr/procedures/definitions/win32_slcext.py +46 -0
angr/procedures/definitions/win32_slwga.py +40 -0
angr/procedures/definitions/win32_snmpapi.py +90 -0
angr/procedures/definitions/win32_spoolss.py +90 -0
angr/procedures/definitions/win32_srclient.py +40 -0
angr/procedures/definitions/win32_srpapi.py +60 -0
angr/procedures/definitions/win32_sspicli.py +52 -0
angr/procedures/definitions/win32_sti.py +40 -0
angr/procedures/definitions/win32_t2embed.py +66 -0
angr/procedures/definitions/win32_tapi32.py +536 -0
angr/procedures/definitions/win32_tbs.py +66 -0
angr/procedures/definitions/win32_tdh.py +92 -0
angr/procedures/definitions/win32_tokenbinding.py +58 -0
angr/procedures/definitions/win32_traffic.py +78 -0
angr/procedures/definitions/win32_txfw32.py +56 -0
angr/procedures/definitions/win32_ualapi.py +46 -0
angr/procedures/definitions/win32_uiautomationcore.py +234 -0
angr/procedures/definitions/win32_urlmon.py +192 -0
angr/procedures/definitions/win32_user32.py +1565 -0
angr/procedures/definitions/win32_userenv.py +126 -0
angr/procedures/definitions/win32_usp10.py +118 -0
angr/procedures/definitions/win32_uxtheme.py +192 -0
angr/procedures/definitions/win32_verifier.py +40 -0
angr/procedures/definitions/win32_version.py +66 -0
angr/procedures/definitions/win32_vertdll.py +52 -0
angr/procedures/definitions/win32_virtdisk.py +96 -0
angr/procedures/definitions/win32_vmdevicehost.py +64 -0
angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +124 -0
angr/procedures/definitions/win32_vssapi.py +40 -0
angr/procedures/definitions/win32_wcmapi.py +48 -0
angr/procedures/definitions/win32_wdsbp.py +52 -0
angr/procedures/definitions/win32_wdsclientapi.py +112 -0
angr/procedures/definitions/win32_wdsmc.py +50 -0
angr/procedures/definitions/win32_wdspxe.py +100 -0
angr/procedures/definitions/win32_wdstptc.py +64 -0
angr/procedures/definitions/win32_webauthn.py +64 -0
angr/procedures/definitions/win32_webservices.py +424 -0
angr/procedures/definitions/win32_websocket.py +64 -0
angr/procedures/definitions/win32_wecapi.py +68 -0
angr/procedures/definitions/win32_wer.py +80 -0
angr/procedures/definitions/win32_wevtapi.py +108 -0
angr/procedures/definitions/win32_winbio.py +146 -0
angr/procedures/definitions/win32_windows_ai_machinelearning.py +40 -0
angr/procedures/definitions/win32_windows_data_pdf.py +23 -0
angr/procedures/definitions/win32_windows_media_mediacontrol.py +54 -0
angr/procedures/definitions/win32_windows_networking.py +40 -0
angr/procedures/definitions/win32_windows_ui_xaml.py +42 -0
angr/procedures/definitions/win32_windowscodecs.py +56 -0
angr/procedures/definitions/win32_winfax.py +150 -0
angr/procedures/definitions/win32_winhttp.py +150 -0
angr/procedures/definitions/win32_winhvemulation.py +46 -0
angr/procedures/definitions/win32_winhvplatform.py +170 -0
angr/procedures/definitions/win32_wininet.py +630 -0
angr/procedures/definitions/win32_winml.py +40 -0
angr/procedures/definitions/win32_winmm.py +390 -0
angr/procedures/definitions/win32_winscard.py +178 -0
angr/procedures/definitions/win32_winspool.py +363 -0
angr/procedures/definitions/win32_winspool_drv.py +382 -0
angr/procedures/definitions/win32_wintrust.py +158 -0
angr/procedures/definitions/win32_winusb.py +106 -0
angr/procedures/definitions/win32_wlanapi.py +158 -0
angr/procedures/definitions/win32_wlanui.py +40 -0
angr/procedures/definitions/win32_wldap32.py +524 -0
angr/procedures/definitions/win32_wldp.py +56 -0
angr/procedures/definitions/win32_wmvcore.py +60 -0
angr/procedures/definitions/win32_wnvapi.py +42 -0
angr/procedures/definitions/win32_wofutil.py +60 -0
angr/procedures/definitions/win32_ws2_32.py +358 -0
angr/procedures/definitions/win32_wscapi.py +50 -0
angr/procedures/definitions/win32_wsclient.py +44 -0
angr/procedures/definitions/win32_wsdapi.py +102 -0
angr/procedures/definitions/win32_wsmsvc.py +104 -0
angr/procedures/definitions/win32_wsnmp32.py +136 -0
angr/procedures/definitions/win32_wtsapi32.py +164 -0
angr/procedures/definitions/win32_xaudio2_8.py +46 -0
angr/procedures/definitions/win32_xinput1_4.py +52 -0
angr/procedures/definitions/win32_xinputuap.py +35 -0
angr/procedures/definitions/win32_xmllite.py +50 -0
angr/procedures/definitions/win32_xolehlp.py +46 -0
angr/procedures/definitions/win32_xpsprint.py +42 -0
angr/procedures/glibc/__ctype_b_loc.py +22 -0
angr/procedures/glibc/__ctype_tolower_loc.py +22 -0
angr/procedures/glibc/__ctype_toupper_loc.py +22 -0
angr/procedures/glibc/__errno_location.py +6 -0
angr/procedures/glibc/__init__.py +3 -0
angr/procedures/glibc/__libc_init.py +36 -0
angr/procedures/glibc/__libc_start_main.py +294 -0
angr/procedures/glibc/dynamic_loading.py +19 -0
angr/procedures/glibc/scanf.py +10 -0
angr/procedures/glibc/sscanf.py +5 -0
angr/procedures/gnulib/__init__.py +3 -0
angr/procedures/gnulib/xalloc_die.py +13 -0
angr/procedures/gnulib/xstrtol_fatal.py +13 -0
angr/procedures/java/__init__.py +38 -0
angr/procedures/java/unconstrained.py +64 -0
angr/procedures/java_io/__init__.py +0 -0
angr/procedures/java_io/read.py +11 -0
angr/procedures/java_io/write.py +16 -0
angr/procedures/java_jni/__init__.py +475 -0
angr/procedures/java_jni/array_operations.py +309 -0
angr/procedures/java_jni/class_and_interface_operations.py +31 -0
angr/procedures/java_jni/field_access.py +176 -0
angr/procedures/java_jni/global_and_local_refs.py +56 -0
angr/procedures/java_jni/method_calls.py +364 -0
angr/procedures/java_jni/not_implemented.py +25 -0
angr/procedures/java_jni/object_operations.py +95 -0
angr/procedures/java_jni/string_operations.py +86 -0
angr/procedures/java_jni/version_information.py +11 -0
angr/procedures/java_lang/__init__.py +0 -0
angr/procedures/java_lang/character.py +31 -0
angr/procedures/java_lang/double.py +24 -0
angr/procedures/java_lang/exit.py +12 -0
angr/procedures/java_lang/getsimplename.py +15 -0
angr/procedures/java_lang/integer.py +42 -0
angr/procedures/java_lang/load_library.py +8 -0
angr/procedures/java_lang/math.py +14 -0
angr/procedures/java_lang/string.py +78 -0
angr/procedures/java_lang/stringbuilder.py +43 -0
angr/procedures/java_lang/system.py +17 -0
angr/procedures/java_util/__init__.py +0 -0
angr/procedures/java_util/collection.py +34 -0
angr/procedures/java_util/iterator.py +45 -0
angr/procedures/java_util/list.py +98 -0
angr/procedures/java_util/map.py +132 -0
angr/procedures/java_util/random.py +11 -0
angr/procedures/java_util/scanner_nextline.py +22 -0
angr/procedures/libc/__init__.py +3 -0
angr/procedures/libc/abort.py +8 -0
angr/procedures/libc/access.py +10 -0
angr/procedures/libc/atoi.py +14 -0
angr/procedures/libc/atol.py +12 -0
angr/procedures/libc/calloc.py +7 -0
angr/procedures/libc/closelog.py +9 -0
angr/procedures/libc/err.py +13 -0
angr/procedures/libc/error.py +55 -0
angr/procedures/libc/exit.py +10 -0
angr/procedures/libc/fclose.py +20 -0
angr/procedures/libc/feof.py +19 -0
angr/procedures/libc/fflush.py +15 -0
angr/procedures/libc/fgetc.py +24 -0
angr/procedures/libc/fgets.py +68 -0
angr/procedures/libc/fopen.py +64 -0
angr/procedures/libc/fprintf.py +24 -0
angr/procedures/libc/fputc.py +22 -0
angr/procedures/libc/fputs.py +23 -0
angr/procedures/libc/fread.py +22 -0
angr/procedures/libc/free.py +8 -0
angr/procedures/libc/fscanf.py +20 -0
angr/procedures/libc/fseek.py +32 -0
angr/procedures/libc/ftell.py +21 -0
angr/procedures/libc/fwrite.py +18 -0
angr/procedures/libc/getchar.py +13 -0
angr/procedures/libc/getdelim.py +96 -0
angr/procedures/libc/getegid.py +7 -0
angr/procedures/libc/geteuid.py +7 -0
angr/procedures/libc/getgid.py +7 -0
angr/procedures/libc/gets.py +66 -0
angr/procedures/libc/getuid.py +7 -0
angr/procedures/libc/malloc.py +11 -0
angr/procedures/libc/memcmp.py +69 -0
angr/procedures/libc/memcpy.py +37 -0
angr/procedures/libc/memset.py +69 -0
angr/procedures/libc/openlog.py +9 -0
angr/procedures/libc/perror.py +12 -0
angr/procedures/libc/printf.py +33 -0
angr/procedures/libc/putchar.py +12 -0
angr/procedures/libc/puts.py +16 -0
angr/procedures/libc/rand.py +7 -0
angr/procedures/libc/realloc.py +7 -0
angr/procedures/libc/rewind.py +11 -0
angr/procedures/libc/scanf.py +20 -0
angr/procedures/libc/setbuf.py +8 -0
angr/procedures/libc/setvbuf.py +6 -0
angr/procedures/libc/snprintf.py +33 -0
angr/procedures/libc/sprintf.py +22 -0
angr/procedures/libc/srand.py +6 -0
angr/procedures/libc/sscanf.py +13 -0
angr/procedures/libc/stpcpy.py +18 -0
angr/procedures/libc/strcat.py +13 -0
angr/procedures/libc/strchr.py +44 -0
angr/procedures/libc/strcmp.py +28 -0
angr/procedures/libc/strcpy.py +13 -0
angr/procedures/libc/strlen.py +99 -0
angr/procedures/libc/strncat.py +18 -0
angr/procedures/libc/strncmp.py +180 -0
angr/procedures/libc/strncpy.py +18 -0
angr/procedures/libc/strnlen.py +13 -0
angr/procedures/libc/strstr.py +94 -0
angr/procedures/libc/strtol.py +263 -0
angr/procedures/libc/strtoul.py +9 -0
angr/procedures/libc/system.py +12 -0
angr/procedures/libc/time.py +9 -0
angr/procedures/libc/tmpnam.py +19 -0
angr/procedures/libc/tolower.py +7 -0
angr/procedures/libc/toupper.py +7 -0
angr/procedures/libc/ungetc.py +19 -0
angr/procedures/libc/vsnprintf.py +16 -0
angr/procedures/libc/wchar.py +15 -0
angr/procedures/libstdcpp/__init__.py +0 -0
angr/procedures/libstdcpp/_unwind_resume.py +10 -0
angr/procedures/libstdcpp/std____throw_bad_alloc.py +12 -0
angr/procedures/libstdcpp/std____throw_bad_cast.py +12 -0
angr/procedures/libstdcpp/std____throw_length_error.py +12 -0
angr/procedures/libstdcpp/std____throw_logic_error.py +12 -0
angr/procedures/libstdcpp/std__terminate.py +12 -0
angr/procedures/linux_kernel/__init__.py +3 -0
angr/procedures/linux_kernel/access.py +17 -0
angr/procedures/linux_kernel/arch_prctl.py +33 -0
angr/procedures/linux_kernel/arm_user_helpers.py +58 -0
angr/procedures/linux_kernel/brk.py +17 -0
angr/procedures/linux_kernel/cwd.py +27 -0
angr/procedures/linux_kernel/fstat.py +137 -0
angr/procedures/linux_kernel/fstat64.py +169 -0
angr/procedures/linux_kernel/futex.py +17 -0
angr/procedures/linux_kernel/getegid.py +16 -0
angr/procedures/linux_kernel/geteuid.py +16 -0
angr/procedures/linux_kernel/getgid.py +16 -0
angr/procedures/linux_kernel/getpid.py +13 -0
angr/procedures/linux_kernel/getrlimit.py +24 -0
angr/procedures/linux_kernel/gettid.py +8 -0
angr/procedures/linux_kernel/getuid.py +16 -0
angr/procedures/linux_kernel/iovec.py +43 -0
angr/procedures/linux_kernel/lseek.py +39 -0
angr/procedures/linux_kernel/mmap.py +15 -0
angr/procedures/linux_kernel/mprotect.py +41 -0
angr/procedures/linux_kernel/munmap.py +7 -0
angr/procedures/linux_kernel/openat.py +28 -0
angr/procedures/linux_kernel/set_tid_address.py +7 -0
angr/procedures/linux_kernel/sigaction.py +16 -0
angr/procedures/linux_kernel/sigprocmask.py +20 -0
angr/procedures/linux_kernel/stat.py +22 -0
angr/procedures/linux_kernel/sysinfo.py +58 -0
angr/procedures/linux_kernel/tgkill.py +7 -0
angr/procedures/linux_kernel/time.py +30 -0
angr/procedures/linux_kernel/uid.py +29 -0
angr/procedures/linux_kernel/uname.py +28 -0
angr/procedures/linux_kernel/unlink.py +22 -0
angr/procedures/linux_kernel/vsyscall.py +15 -0
angr/procedures/linux_loader/__init__.py +3 -0
angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +6 -0
angr/procedures/linux_loader/_dl_rtld_lock.py +14 -0
angr/procedures/linux_loader/sim_loader.py +53 -0
angr/procedures/linux_loader/tls.py +40 -0
angr/procedures/msvcr/__getmainargs.py +15 -0
angr/procedures/msvcr/__init__.py +4 -0
angr/procedures/msvcr/_initterm.py +37 -0
angr/procedures/msvcr/fmode.py +28 -0
angr/procedures/ntdll/__init__.py +0 -0
angr/procedures/ntdll/exceptions.py +57 -0
angr/procedures/posix/__init__.py +3 -0
angr/procedures/posix/accept.py +29 -0
angr/procedures/posix/bind.py +12 -0
angr/procedures/posix/bzero.py +6 -0
angr/procedures/posix/chroot.py +26 -0
angr/procedures/posix/close.py +9 -0
angr/procedures/posix/closedir.py +6 -0
angr/procedures/posix/dup.py +55 -0
angr/procedures/posix/fcntl.py +9 -0
angr/procedures/posix/fdopen.py +77 -0
angr/procedures/posix/fileno.py +17 -0
angr/procedures/posix/fork.py +10 -0
angr/procedures/posix/getenv.py +34 -0
angr/procedures/posix/gethostbyname.py +42 -0
angr/procedures/posix/getpass.py +18 -0
angr/procedures/posix/getsockopt.py +10 -0
angr/procedures/posix/htonl.py +11 -0
angr/procedures/posix/htons.py +11 -0
angr/procedures/posix/inet_ntoa.py +61 -0
angr/procedures/posix/listen.py +12 -0
angr/procedures/posix/mmap.py +140 -0
angr/procedures/posix/open.py +17 -0
angr/procedures/posix/opendir.py +9 -0
angr/procedures/posix/poll.py +54 -0
angr/procedures/posix/pread64.py +45 -0
angr/procedures/posix/pthread.py +87 -0
angr/procedures/posix/pwrite64.py +45 -0
angr/procedures/posix/read.py +12 -0
angr/procedures/posix/readdir.py +59 -0
angr/procedures/posix/recv.py +12 -0
angr/procedures/posix/recvfrom.py +12 -0
angr/procedures/posix/select.py +46 -0
angr/procedures/posix/send.py +22 -0
angr/procedures/posix/setsockopt.py +8 -0
angr/procedures/posix/sigaction.py +20 -0
angr/procedures/posix/sim_time.py +45 -0
angr/procedures/posix/sleep.py +7 -0
angr/procedures/posix/socket.py +18 -0
angr/procedures/posix/strcasecmp.py +23 -0
angr/procedures/posix/strdup.py +17 -0
angr/procedures/posix/strtok_r.py +65 -0
angr/procedures/posix/syslog.py +15 -0
angr/procedures/posix/tz.py +8 -0
angr/procedures/posix/unlink.py +10 -0
angr/procedures/posix/usleep.py +7 -0
angr/procedures/posix/write.py +12 -0
angr/procedures/procedure_dict.py +48 -0
angr/procedures/stubs/CallReturn.py +12 -0
angr/procedures/stubs/NoReturnUnconstrained.py +12 -0
angr/procedures/stubs/Nop.py +6 -0
angr/procedures/stubs/PathTerminator.py +8 -0
angr/procedures/stubs/Redirect.py +15 -0
angr/procedures/stubs/ReturnChar.py +10 -0
angr/procedures/stubs/ReturnUnconstrained.py +24 -0
angr/procedures/stubs/UnresolvableCallTarget.py +8 -0
angr/procedures/stubs/UnresolvableJumpTarget.py +8 -0
angr/procedures/stubs/UserHook.py +15 -0
angr/procedures/stubs/__init__.py +3 -0
angr/procedures/stubs/b64_decode.py +12 -0
angr/procedures/stubs/caller.py +13 -0
angr/procedures/stubs/crazy_scanf.py +17 -0
angr/procedures/stubs/format_parser.py +677 -0
angr/procedures/stubs/syscall_stub.py +26 -0
angr/procedures/testing/__init__.py +3 -0
angr/procedures/testing/manyargs.py +8 -0
angr/procedures/testing/retreg.py +8 -0
angr/procedures/tracer/__init__.py +4 -0
angr/procedures/tracer/random.py +8 -0
angr/procedures/tracer/receive.py +21 -0
angr/procedures/tracer/transmit.py +24 -0
angr/procedures/uclibc/__init__.py +3 -0
angr/procedures/uclibc/__uClibc_main.py +9 -0
angr/procedures/win32/EncodePointer.py +6 -0
angr/procedures/win32/ExitProcess.py +8 -0
angr/procedures/win32/GetCommandLine.py +11 -0
angr/procedures/win32/GetCurrentProcessId.py +6 -0
angr/procedures/win32/GetCurrentThreadId.py +6 -0
angr/procedures/win32/GetLastInputInfo.py +37 -0
angr/procedures/win32/GetModuleHandle.py +30 -0
angr/procedures/win32/GetProcessAffinityMask.py +34 -0
angr/procedures/win32/InterlockedExchange.py +14 -0
angr/procedures/win32/IsProcessorFeaturePresent.py +6 -0
angr/procedures/win32/VirtualAlloc.py +113 -0
angr/procedures/win32/VirtualProtect.py +59 -0
angr/procedures/win32/__init__.py +3 -0
angr/procedures/win32/critical_section.py +11 -0
angr/procedures/win32/dynamic_loading.py +103 -0
angr/procedures/win32/file_handles.py +47 -0
angr/procedures/win32/gethostbyname.py +10 -0
angr/procedures/win32/heap.py +42 -0
angr/procedures/win32/is_bad_ptr.py +25 -0
angr/procedures/win32/local_storage.py +85 -0
angr/procedures/win32/mutex.py +10 -0
angr/procedures/win32/sim_time.py +135 -0
angr/procedures/win32/system_paths.py +34 -0
angr/procedures/win32_kernel/ExAllocatePool.py +12 -0
angr/procedures/win32_kernel/ExFreePoolWithTag.py +7 -0
angr/procedures/win32_kernel/__init__.py +3 -0
angr/procedures/win_user32/__init__.py +0 -0
angr/procedures/win_user32/chars.py +12 -0
angr/procedures/win_user32/keyboard.py +13 -0
angr/procedures/win_user32/messagebox.py +49 -0
angr/project.py +834 -0
angr/protos/__init__.py +13 -0
angr/protos/cfg_pb2.py +31 -0
angr/protos/function_pb2.py +37 -0
angr/protos/primitives_pb2.py +124 -0
angr/protos/variables_pb2.py +126 -0
angr/protos/xrefs_pb2.py +34 -0
angr/py.typed +1 -0
angr/serializable.py +63 -0
angr/service.py +35 -0
angr/sim_manager.py +971 -0
angr/sim_options.py +444 -0
angr/sim_procedure.py +606 -0
angr/sim_state.py +1003 -0
angr/sim_state_options.py +409 -0
angr/sim_type.py +3372 -0
angr/sim_variable.py +562 -0
angr/simos/__init__.py +31 -0
angr/simos/cgc.py +152 -0
angr/simos/javavm.py +471 -0
angr/simos/linux.py +519 -0
angr/simos/simos.py +450 -0
angr/simos/snimmuc_nxp.py +152 -0
angr/simos/userland.py +163 -0
angr/simos/windows.py +562 -0
angr/slicer.py +353 -0
angr/state_hierarchy.py +262 -0
angr/state_plugins/__init__.py +29 -0
angr/state_plugins/callstack.py +404 -0
angr/state_plugins/cgc.py +153 -0
angr/state_plugins/concrete.py +297 -0
angr/state_plugins/debug_variables.py +194 -0
angr/state_plugins/filesystem.py +469 -0
angr/state_plugins/gdb.py +146 -0
angr/state_plugins/globals.py +62 -0
angr/state_plugins/heap/__init__.py +5 -0
angr/state_plugins/heap/heap_base.py +126 -0
angr/state_plugins/heap/heap_brk.py +134 -0
angr/state_plugins/heap/heap_freelist.py +210 -0
angr/state_plugins/heap/heap_libc.py +45 -0
angr/state_plugins/heap/heap_ptmalloc.py +646 -0
angr/state_plugins/heap/utils.py +21 -0
angr/state_plugins/history.py +548 -0
angr/state_plugins/inspect.py +376 -0
angr/state_plugins/javavm_classloader.py +133 -0
angr/state_plugins/jni_references.py +93 -0
angr/state_plugins/libc.py +1263 -0
angr/state_plugins/light_registers.py +170 -0
angr/state_plugins/log.py +85 -0
angr/state_plugins/loop_data.py +92 -0
angr/state_plugins/plugin.py +155 -0
angr/state_plugins/posix.py +709 -0
angr/state_plugins/preconstrainer.py +195 -0
angr/state_plugins/scratch.py +175 -0
angr/state_plugins/sim_action.py +334 -0
angr/state_plugins/sim_action_object.py +148 -0
angr/state_plugins/sim_event.py +58 -0
angr/state_plugins/solver.py +1129 -0
angr/state_plugins/symbolizer.py +292 -0
angr/state_plugins/trace_additions.py +752 -0
angr/state_plugins/uc_manager.py +85 -0
angr/state_plugins/unicorn_engine.py +1899 -0
angr/state_plugins/view.py +341 -0
angr/storage/__init__.py +9 -0
angr/storage/file.py +1219 -0
angr/storage/memory_mixins/__init__.py +393 -0
angr/storage/memory_mixins/__init__.pyi +49 -0
angr/storage/memory_mixins/actions_mixin.py +69 -0
angr/storage/memory_mixins/address_concretization_mixin.py +388 -0
angr/storage/memory_mixins/bvv_conversion_mixin.py +74 -0
angr/storage/memory_mixins/clouseau_mixin.py +131 -0
angr/storage/memory_mixins/conditional_store_mixin.py +24 -0
angr/storage/memory_mixins/convenient_mappings_mixin.py +257 -0
angr/storage/memory_mixins/default_filler_mixin.py +146 -0
angr/storage/memory_mixins/dirty_addrs_mixin.py +9 -0
angr/storage/memory_mixins/hex_dumper_mixin.py +85 -0
angr/storage/memory_mixins/javavm_memory/__init__.py +1 -0
angr/storage/memory_mixins/javavm_memory/javavm_memory_mixin.py +394 -0
angr/storage/memory_mixins/keyvalue_memory/__init__.py +1 -0
angr/storage/memory_mixins/keyvalue_memory/keyvalue_memory_mixin.py +36 -0
angr/storage/memory_mixins/label_merger_mixin.py +31 -0
angr/storage/memory_mixins/multi_value_merger_mixin.py +68 -0
angr/storage/memory_mixins/name_resolution_mixin.py +70 -0
angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +750 -0
angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +63 -0
angr/storage/memory_mixins/paged_memory/pages/__init__.py +33 -0
angr/storage/memory_mixins/paged_memory/pages/cooperation.py +330 -0
angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +87 -0
angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +53 -0
angr/storage/memory_mixins/paged_memory/pages/list_page.py +346 -0
angr/storage/memory_mixins/paged_memory/pages/multi_values.py +290 -0
angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +434 -0
angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +33 -0
angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +51 -0
angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +468 -0
angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +73 -0
angr/storage/memory_mixins/regioned_memory/__init__.py +6 -0
angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +35 -0
angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +43 -0
angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +7 -0
angr/storage/memory_mixins/regioned_memory/region_data.py +245 -0
angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +125 -0
angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +118 -0
angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +462 -0
angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +70 -0
angr/storage/memory_mixins/simple_interface_mixin.py +73 -0
angr/storage/memory_mixins/simplification_mixin.py +13 -0
angr/storage/memory_mixins/size_resolution_mixin.py +140 -0
angr/storage/memory_mixins/slotted_memory.py +140 -0
angr/storage/memory_mixins/smart_find_mixin.py +159 -0
angr/storage/memory_mixins/symbolic_merger_mixin.py +12 -0
angr/storage/memory_mixins/top_merger_mixin.py +24 -0
angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
angr/storage/memory_object.py +194 -0
angr/storage/pcap.py +65 -0
angr/tablespecs.py +90 -0
angr/utils/__init__.py +33 -0
angr/utils/algo.py +33 -0
angr/utils/constants.py +7 -0
angr/utils/cowdict.py +64 -0
angr/utils/dynamic_dictlist.py +92 -0
angr/utils/enums_conv.py +80 -0
angr/utils/env.py +11 -0
angr/utils/formatting.py +124 -0
angr/utils/funcid.py +133 -0
angr/utils/graph.py +822 -0
angr/utils/lazy_import.py +12 -0
angr/utils/library.py +214 -0
angr/utils/loader.py +55 -0
angr/utils/mp.py +64 -0
angr/utils/segment_list.py +558 -0
angr/utils/timing.py +45 -0
angr/utils/typing.py +17 -0
angr/vaults.py +370 -0
angr-9.2.103.dist-info/LICENSE +24 -0
angr-9.2.103.dist-info/METADATA +119 -0
angr-9.2.103.dist-info/RECORD +1300 -0
angr-9.2.103.dist-info/WHEEL +5 -0
angr-9.2.103.dist-info/entry_points.txt +2 -0
angr-9.2.103.dist-info/top_level.txt +1 -0

angr/analyses/decompiler/condition_processor.py ADDED Viewed

@@ -0,0 +1,1184 @@
+from collections import defaultdict, OrderedDict
+from typing import Any
+from collections.abc import Generator
+import operator
+import logging
+import ailment
+import claripy
+import networkx
+from unique_log_filter import UniqueLogFilter
+from angr.utils.graph import GraphUtils
+from ...utils.lazy_import import lazy_import
+from ...utils import is_pyinstaller
+from ...utils.graph import dominates, inverted_idoms
+from ...block import Block, BlockNode
+from .peephole_optimizations import InvertNegatedLogicalConjunctionsAndDisjunctions
+from .structuring.structurer_nodes import (
+    MultiNode,
+    EmptyBlockNotice,
+    SequenceNode,
+    CodeNode,
+    SwitchCaseNode,
+    BreakNode,
+    ConditionalBreakNode,
+    LoopNode,
+    ConditionNode,
+    ContinueNode,
+    CascadingConditionNode,
+    IncompleteSwitchCaseNode,
+)
+from .graph_region import GraphRegion
+from .utils import first_nonlabel_statement, peephole_optimize_expr
+if is_pyinstaller():
+    # PyInstaller is not happy with lazy import
+    import sympy
+else:
+    sympy = lazy_import("sympy")
+l = logging.getLogger(__name__)
+l.addFilter(UniqueLogFilter())
+_UNIFIABLE_COMPARISONS = {
+    "__ne__",
+    "__gt__",
+    "__ge__",
+    "UGT",
+    "UGE",
+    "SGT",
+    "SGE",
+}
+#
+# Util methods and mapping used during AIL AST to claripy AST conversion
+#
+def _op_with_unified_size(op, conv, operand0, operand1):
+    # ensure operand1 is of the same size as operand0
+    if isinstance(operand1, ailment.Expr.Const):
+        # amazing - we do the eazy thing here
+        return op(conv(operand0, nobool=True), operand1.value)
+    if operand1.bits == operand0.bits:
+        return op(conv(operand0, nobool=True), conv(operand1))
+    # extension is required
+    assert operand1.bits < operand0.bits
+    operand1 = ailment.Expr.Convert(None, operand1.bits, operand0.bits, False, operand1)
+    return op(conv(operand0, nobool=True), conv(operand1, nobool=True))
+def _dummy_bvs(condition, condition_mapping, name_suffix=""):
+    var = claripy.BVS(f"ailexpr_{repr(condition)}{name_suffix}", condition.bits, explicit_name=True)
+    condition_mapping[var.args[0]] = condition
+    return var
+def _dummy_bools(condition, condition_mapping, name_suffix=""):
+    var = claripy.BoolS(f"ailexpr_{repr(condition)}{name_suffix}", explicit_name=True)
+    condition_mapping[var.args[0]] = condition
+    return var
+_ail2claripy_op_mapping = {
+    "LogicalAnd": lambda expr, conv, _: claripy.And(conv(expr.operands[0]), conv(expr.operands[1])),
+    "LogicalOr": lambda expr, conv, _: claripy.Or(conv(expr.operands[0]), conv(expr.operands[1])),
+    "CmpEQ": lambda expr, conv, _: conv(expr.operands[0]) == conv(expr.operands[1]),
+    "CmpNE": lambda expr, conv, _: conv(expr.operands[0]) != conv(expr.operands[1]),
+    "CmpLE": lambda expr, conv, _: conv(expr.operands[0]) <= conv(expr.operands[1]),
+    "CmpLEs": lambda expr, conv, _: claripy.SLE(conv(expr.operands[0]), conv(expr.operands[1])),
+    "CmpLT": lambda expr, conv, _: conv(expr.operands[0]) < conv(expr.operands[1]),
+    "CmpLTs": lambda expr, conv, _: claripy.SLT(conv(expr.operands[0]), conv(expr.operands[1])),
+    "CmpGE": lambda expr, conv, _: conv(expr.operands[0]) >= conv(expr.operands[1]),
+    "CmpGEs": lambda expr, conv, _: claripy.SGE(conv(expr.operands[0]), conv(expr.operands[1])),
+    "CmpGT": lambda expr, conv, _: conv(expr.operands[0]) > conv(expr.operands[1]),
+    "CmpGTs": lambda expr, conv, _: claripy.SGT(conv(expr.operands[0]), conv(expr.operands[1])),
+    "Add": lambda expr, conv, _: conv(expr.operands[0], nobool=True) + conv(expr.operands[1], nobool=True),
+    "Sub": lambda expr, conv, _: conv(expr.operands[0], nobool=True) - conv(expr.operands[1], nobool=True),
+    "Mul": lambda expr, conv, _: conv(expr.operands[0], nobool=True) * conv(expr.operands[1], nobool=True),
+    "Div": lambda expr, conv, _: conv(expr.operands[0], nobool=True) / conv(expr.operands[1], nobool=True),
+    "Mod": lambda expr, conv, _: conv(expr.operands[0], nobool=True) % conv(expr.operands[1], nobool=True),
+    "Not": lambda expr, conv, _: claripy.Not(conv(expr.operand)),
+    "Neg": lambda expr, conv, _: -conv(expr.operand),
+    "BitwiseNeg": lambda expr, conv, _: ~conv(expr.operand),
+    "Xor": lambda expr, conv, _: conv(expr.operands[0], nobool=True) ^ conv(expr.operands[1], nobool=True),
+    "And": lambda expr, conv, _: conv(expr.operands[0], nobool=True) & conv(expr.operands[1], nobool=True),
+    "Or": lambda expr, conv, _: conv(expr.operands[0], nobool=True) | conv(expr.operands[1], nobool=True),
+    "Shr": lambda expr, conv, _: _op_with_unified_size(claripy.LShR, conv, expr.operands[0], expr.operands[1]),
+    "Shl": lambda expr, conv, _: _op_with_unified_size(operator.lshift, conv, expr.operands[0], expr.operands[1]),
+    "Sar": lambda expr, conv, _: _op_with_unified_size(operator.rshift, conv, expr.operands[0], expr.operands[1]),
+    "Concat": lambda expr, conv, _: claripy.Concat(*[conv(operand) for operand in expr.operands]),
+    # There are no corresponding claripy operations for the following operations
+    "DivMod": lambda expr, _, m: _dummy_bvs(expr, m),
+    "CmpF": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Mull": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Mulls": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Reinterpret": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Rol": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Ror": lambda expr, _, m: _dummy_bvs(expr, m),
+    "LogicalXor": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Carry": lambda expr, _, m: _dummy_bvs(expr, m),
+    "SCarry": lambda expr, _, m: _dummy_bvs(expr, m),
+    "SBorrow": lambda expr, _, m: _dummy_bvs(expr, m),
+    "ExpCmpNE": lambda expr, _, m: _dummy_bools(expr, m),
+    "CmpORD": lambda expr, _, m: _dummy_bvs(expr, m),  # in case CmpORDRewriter fails
+}
+#
+# The ConditionProcessor class
+#
+class ConditionProcessor:
+    """
+    Convert between claripy AST and AIL expressions. Also calculates reaching conditions of all nodes on a graph.
+    """
+    def __init__(self, arch, condition_mapping=None):
+        self.arch = arch
+        self._condition_mapping: dict[str, Any] = {} if condition_mapping is None else condition_mapping
+        self.jump_table_conds: dict[int, set] = defaultdict(set)
+        self.edge_conditions = {}
+        self.reaching_conditions = {}
+        self.guarding_conditions = {}
+        self._ast2annotations = {}
+        self._peephole_expr_optimizations = [
+            cls(None, None, None) for cls in [InvertNegatedLogicalConjunctionsAndDisjunctions]
+        ]
+    def clear(self):
+        self._condition_mapping = {}
+        self.jump_table_conds = defaultdict(set)
+        self.reaching_conditions = {}
+        self.guarding_conditions = {}
+        self._ast2annotations = {}
+    def recover_edge_condition(self, graph: networkx.DiGraph, src, dst):
+        edge = src, dst
+        edge_data = graph.get_edge_data(*edge)
+        edge_type = edge_data.get("type", "transition") if edge_data is not None else "transition"
+        try:
+            predicate = self._extract_predicate(src, dst, edge_type)
+        except EmptyBlockNotice:
+            # catch empty block notice - although this should not really happen
+            predicate = claripy.true
+        return predicate
+    def recover_edge_conditions(self, region, graph=None) -> dict:
+        edge_conditions = {}
+        # traverse the graph to recover the condition for each edge
+        graph = graph or region.graph
+        for src in graph.nodes():
+            nodes = list(graph[src])
+            if len(nodes) >= 1:
+                for dst in nodes:
+                    predicate = self.recover_edge_condition(graph, src, dst)
+                    edge_conditions[(src, dst)] = predicate
+        self.edge_conditions = edge_conditions
+    def recover_reaching_conditions(
+        self, region, graph=None, with_successors=False, case_entry_to_switch_head: dict[int, int] | None = None
+    ):
+        """
+        Recover the reaching conditions for each block in an acyclic graph. Note that we assume the graph that's passed
+        in is acyclic.
+        """
+        def _strictly_postdominates(inv_idoms, node_a, node_b):
+            """
+            Does node A strictly post-dominate node B on the graph?
+            """
+            return dominates(inv_idoms, node_a, node_b)
+        self.recover_edge_conditions(region, graph=graph)
+        edge_conditions = self.edge_conditions
+        if graph:
+            _g = graph
+            head = [node for node in graph.nodes if graph.in_degree(node) == 0][0]
+        else:
+            if with_successors and region.graph_with_successors is not None:
+                _g = region.graph_with_successors
+            else:
+                _g = region.graph
+            head = region.head
+        # special handling for jump table entries - do not allow crossing between cases
+        if case_entry_to_switch_head:
+            _g = self._remove_crossing_edges_between_cases(_g, case_entry_to_switch_head)
+        inverted_graph, idoms = inverted_idoms(_g)
+        reaching_conditions = {}
+        # recover the reaching condition for each node
+        sorted_nodes = GraphUtils.quasi_topological_sort_nodes(_g)
+        terminating_nodes = []
+        for node in sorted_nodes:
+            # create special conditions for all nodes that are jump table entries
+            if case_entry_to_switch_head:
+                if node.addr in case_entry_to_switch_head:
+                    jump_target_var = self.create_jump_target_var(case_entry_to_switch_head[node.addr])
+                    cond = jump_target_var == claripy.BVV(node.addr, self.arch.bits)
+                    reaching_conditions[node] = cond
+                    self.jump_table_conds[case_entry_to_switch_head[node.addr]].add(cond)
+                    continue
+            preds = _g.predecessors(node)
+            reaching_condition = None
+            out_degree = _g.out_degree(node)
+            if out_degree == 0:
+                terminating_nodes.append(node)
+            if node is head:
+                # the head is always reachable
+                reaching_condition = claripy.true
+            elif idoms is not None and _strictly_postdominates(idoms, node, head):
+                # the node that post dominates the head is always reachable
+                reaching_conditions[node] = claripy.true
+            else:
+                for pred in preds:
+                    edge = (pred, node)
+                    pred_condition = reaching_conditions.get(pred, claripy.true)
+                    edge_condition = edge_conditions.get(edge, claripy.true)
+                    if reaching_condition is None:
+                        reaching_condition = claripy.And(pred_condition, edge_condition)
+                    else:
+                        reaching_condition = claripy.Or(claripy.And(pred_condition, edge_condition), reaching_condition)
+            if reaching_condition is not None:
+                reaching_conditions[node] = self.simplify_condition(reaching_condition)
+        # My hypothesis: for nodes where two paths come together *and* those that cannot be further structured into
+        # another if-else construct (we take the short-cut by testing if the operator is an "Or" after running our
+        # condition simplifiers previously), we are better off using their "guarding conditions" instead of their
+        # reaching conditions for if-else. see my super long chatlog with rhelmot on 5/14/2021.
+        guarding_conditions = {}
+        for the_node in sorted_nodes:
+            preds = list(_g.predecessors(the_node))
+            if len(preds) != 2:
+                continue
+            # generate a graph slice that goes from the region head to this node
+            slice_nodes = list(networkx.dfs_tree(inverted_graph, the_node))
+            subgraph = networkx.subgraph(_g, slice_nodes)
+            # figure out which paths cause the divergence from this node
+            nodes_do_not_reach_the_node = set()
+            for node_ in subgraph:
+                if node_ is the_node:
+                    continue
+                for succ in _g.successors(node_):
+                    if not networkx.has_path(_g, succ, the_node):
+                        nodes_do_not_reach_the_node.add(succ)
+            diverging_conditions = []
+            for node_ in nodes_do_not_reach_the_node:
+                preds_ = list(_g.predecessors(node_))
+                for pred_ in preds_:
+                    if pred_ in nodes_do_not_reach_the_node:
+                        continue
+                    # this predecessor is the diverging node!
+                    edge_ = pred_, node_
+                    edge_condition = edge_conditions.get(edge_, None)
+                    if edge_condition is not None:
+                        diverging_conditions.append(edge_condition)
+            if diverging_conditions:
+                # the negation of the union of diverging conditions is the guarding condition for this node
+                cond = claripy.Or(*map(claripy.Not, diverging_conditions))  # pylint:disable=bad-builtin
+                guarding_conditions[the_node] = cond
+        self.reaching_conditions = reaching_conditions
+        self.guarding_conditions = guarding_conditions
+    def remove_claripy_bool_asts(self, node, memo=None):
+        # Convert claripy Bool ASTs to AIL expressions
+        if memo is None:
+            memo = {}
+        if isinstance(node, SequenceNode):
+            new_nodes = []
+            for n in node.nodes:
+                new_node = self.remove_claripy_bool_asts(n, memo=memo)
+                new_nodes.append(new_node)
+            new_seq_node = SequenceNode(node.addr, new_nodes)
+            return new_seq_node
+        elif isinstance(node, MultiNode):
+            new_nodes = []
+            for n in node.nodes:
+                new_node = self.remove_claripy_bool_asts(n, memo=memo)
+                new_nodes.append(new_node)
+            new_multinode = MultiNode(nodes=new_nodes)
+            return new_multinode
+        elif isinstance(node, CodeNode):
+            node = CodeNode(
+                self.remove_claripy_bool_asts(node.node, memo=memo),
+                (
+                    None
+                    if node.reaching_condition is None
+                    else self.convert_claripy_bool_ast(node.reaching_condition, memo=memo)
+                ),
+            )
+            return node
+        elif isinstance(node, ConditionalBreakNode):
+            return ConditionalBreakNode(
+                node.addr,
+                self.convert_claripy_bool_ast(node.condition, memo=memo),
+                node.target,
+            )
+        elif isinstance(node, ConditionNode):
+            return ConditionNode(
+                node.addr,
+                (
+                    None
+                    if node.reaching_condition is None
+                    else self.convert_claripy_bool_ast(node.reaching_condition, memo=memo)
+                ),
+                self.convert_claripy_bool_ast(node.condition, memo=memo),
+                self.remove_claripy_bool_asts(node.true_node, memo=memo),
+                self.remove_claripy_bool_asts(node.false_node, memo=memo),
+            )
+        elif isinstance(node, CascadingConditionNode):
+            cond_and_nodes = []
+            for cond, child_node in node.condition_and_nodes:
+                cond_and_nodes.append(
+                    (
+                        self.convert_claripy_bool_ast(cond, memo=memo),
+                        self.remove_claripy_bool_asts(child_node, memo=memo),
+                    )
+                )
+            else_node = None if node.else_node is None else self.remove_claripy_bool_asts(node.else_node, memo=memo)
+            return CascadingConditionNode(
+                node.addr,
+                cond_and_nodes,
+                else_node=else_node,
+            )
+        elif isinstance(node, LoopNode):
+            result = node.copy()
+            result.condition = (
+                self.convert_claripy_bool_ast(node.condition, memo=memo) if node.condition is not None else None
+            )
+            result.sequence_node = self.remove_claripy_bool_asts(node.sequence_node, memo=memo)
+            return result
+        elif isinstance(node, SwitchCaseNode):
+            return SwitchCaseNode(
+                self.convert_claripy_bool_ast(node.switch_expr, memo=memo),
+                OrderedDict(
+                    (idx, self.remove_claripy_bool_asts(case_node, memo=memo)) for idx, case_node in node.cases.items()
+                ),
+                self.remove_claripy_bool_asts(node.default_node, memo=memo),
+                addr=node.addr,
+            )
+        elif isinstance(node, IncompleteSwitchCaseNode):
+            return IncompleteSwitchCaseNode(
+                node.addr,
+                self.remove_claripy_bool_asts(node.head, memo=memo),
+                [self.remove_claripy_bool_asts(case, memo=memo) for case in node.cases],
+            )
+        else:
+            return node
+    @classmethod
+    def get_last_statement(cls, block):
+        """
+        This is the buggy version of get_last_statements, because, you know, there can always be more than one last
+        statement due to the existence of branching statements (like, If-then-else). All methods using
+        get_last_statement() should switch to get_last_statements() and properly handle multiple last statements.
+        """
+        if type(block) is SequenceNode:
+            if block.nodes:
+                return cls.get_last_statement(block.nodes[-1])
+            raise EmptyBlockNotice()
+        if type(block) is CodeNode:
+            return cls.get_last_statement(block.node)
+        if type(block) is ailment.Block:
+            if not block.statements:
+                raise EmptyBlockNotice()
+            return block.statements[-1]
+        if type(block) is Block:
+            raise NotImplementedError()
+        if type(block) is BlockNode:
+            raise NotImplementedError()
+        if type(block) is MultiNode:
+            # get the last node
+            for the_block in reversed(block.nodes):
+                try:
+                    last_stmt = cls.get_last_statement(the_block)
+                    return last_stmt
+                except EmptyBlockNotice:
+                    continue
+            raise EmptyBlockNotice()
+        if type(block) is LoopNode:
+            return cls.get_last_statement(block.sequence_node)
+        if type(block) is ConditionalBreakNode:
+            return None
+        if type(block) is ConditionNode:
+            s = None
+            if block.true_node:
+                try:
+                    s = cls.get_last_statement(block.true_node)
+                except EmptyBlockNotice:
+                    s = None
+            if s is None and block.false_node:
+                s = cls.get_last_statement(block.false_node)
+            return s
+        if type(block) is CascadingConditionNode:
+            s = None
+            if block.else_node is not None:
+                s = cls.get_last_statement(block.else_node)
+            else:
+                for _, node in reversed(block.condition_and_nodes):
+                    s = cls.get_last_statement(node)
+                    if s is not None:
+                        break
+            return s
+        if type(block) is BreakNode:
+            return None
+        if type(block) is ContinueNode:
+            return None
+        if type(block) is SwitchCaseNode:
+            return None
+        if type(block) is IncompleteSwitchCaseNode:
+            return None
+        if type(block) is GraphRegion:
+            # normally this should not happen. however, we have test cases that trigger this case.
+            return None
+        raise NotImplementedError()
+    @classmethod
+    def get_last_statements(cls, block) -> list[ailment.Stmt.Statement | None]:
+        if type(block) is SequenceNode:
+            for last_node in reversed(block.nodes):
+                try:
+                    last_stmts = cls.get_last_statements(last_node)
+                    return last_stmts
+                except EmptyBlockNotice:
+                    # the node is empty. try the next one
+                    continue
+            raise EmptyBlockNotice()
+        if type(block) is CodeNode:
+            return cls.get_last_statements(block.node)
+        if type(block) is ailment.Block:
+            if not block.statements:
+                raise EmptyBlockNotice()
+            return [block.statements[-1]]
+        if type(block) is Block:
+            raise NotImplementedError()
+        if type(block) is BlockNode:
+            raise NotImplementedError()
+        if type(block) is MultiNode:
+            # get the last node
+            for the_block in reversed(block.nodes):
+                try:
+                    last_stmts = cls.get_last_statements(the_block)
+                    return last_stmts
+                except EmptyBlockNotice:
+                    continue
+            raise EmptyBlockNotice()
+        if type(block) is LoopNode:
+            if block.sequence_node is None:
+                raise EmptyBlockNotice()
+            return cls.get_last_statements(block.sequence_node)
+        if type(block) is ConditionalBreakNode:
+            return [block]
+        if type(block) is ConditionNode:
+            s = []
+            if block.true_node:
+                try:
+                    last_stmts = cls.get_last_statements(block.true_node)
+                    s.extend(last_stmts)
+                except EmptyBlockNotice:
+                    pass
+            else:
+                s.append(None)
+            if block.false_node:
+                last_stmts = cls.get_last_statements(block.false_node)
+                s.extend(last_stmts)
+            else:
+                s.append(None)
+            return s
+        if type(block) is CascadingConditionNode:
+            s = []
+            if block.else_node is not None:
+                try:
+                    last_stmts = cls.get_last_statements(block.else_node)
+                    s.extend(last_stmts)
+                except EmptyBlockNotice:
+                    pass
+            else:
+                s.append(None)
+            for _, node in block.condition_and_nodes:
+                last_stmts = cls.get_last_statements(node)
+                s.extend(last_stmts)
+            return s
+        if type(block) is BreakNode:
+            return [block]
+        if type(block) is ContinueNode:
+            return [block]
+        if type(block) is SwitchCaseNode:
+            s = []
+            for case in block.cases.values():
+                s.extend(cls.get_last_statements(case))
+            if block.default_node is not None:
+                s.extend(cls.get_last_statements(block.default_node))
+            else:
+                s.append(None)
+            return s
+        if type(block) is IncompleteSwitchCaseNode:
+            s = []
+            for case in block.cases:
+                s.extend(cls.get_last_statements(case))
+            return s
+        if type(block) is GraphRegion:
+            # normally this should not happen. however, we have test cases that trigger this case.
+            return []
+        raise NotImplementedError()
+    #
+    # Path predicate
+    #
+    EXC_COUNTER = 1000
+    def _extract_predicate(self, src_block, dst_block, edge_type) -> claripy.ast.Bool:
+        if edge_type == "exception":
+            # TODO: THIS IS ABSOLUTELY A HACK. AT THIS MOMENT YOU SHOULD NOT ATTEMPT TO MAKE SENSE OF EXCEPTION EDGES.
+            self.EXC_COUNTER += 1
+            return self.claripy_ast_from_ail_condition(
+                ailment.Expr.BinaryOp(
+                    None,
+                    "CmpEQ",
+                    (
+                        ailment.Expr.Register(0x400000 + self.EXC_COUNTER, None, self.EXC_COUNTER, 64),
+                        ailment.Expr.Const(None, None, self.EXC_COUNTER, 64),
+                    ),
+                    False,
+                ),
+            )
+        if type(src_block) is ConditionalBreakNode:
+            # at this point ConditionalBreakNode stores a claripy AST
+            bool_var = src_block.condition
+            if src_block.target == dst_block.addr:
+                return bool_var
+            else:
+                return claripy.Not(bool_var)
+        if type(src_block) is GraphRegion:
+            return claripy.true
+        # sometimes the last statement is the conditional jump. sometimes it's the first statement of the block
+        if (
+            isinstance(src_block, ailment.Block)
+            and src_block.statements
+            and isinstance(first_nonlabel_statement(src_block), ailment.Stmt.ConditionalJump)
+        ):
+            last_stmt = first_nonlabel_statement(src_block)
+        else:
+            last_stmt = self.get_last_statement(src_block)
+        if last_stmt is None:
+            return claripy.true
+        if type(last_stmt) is ailment.Stmt.Jump:
+            if isinstance(last_stmt.target, ailment.Expr.Const):
+                return claripy.true
+            # indirect jump
+            target_ast = self.claripy_ast_from_ail_condition(last_stmt.target)
+            return target_ast == dst_block.addr
+        if type(last_stmt) is ailment.Stmt.ConditionalJump:
+            bool_var = self.claripy_ast_from_ail_condition(last_stmt.condition)
+            if isinstance(last_stmt.true_target, ailment.Expr.Const) and last_stmt.true_target.value == dst_block.addr:
+                return bool_var
+            else:
+                return claripy.Not(bool_var)
+        return claripy.true
+    #
+    # Expression conversion
+    #
+    def _convert_extract(self, hi, lo, expr, tags, memo=None):
+        # ailment does not support Extract. We translate Extract to Convert and shift.
+        if lo == 0:
+            return ailment.Expr.Convert(
+                None,
+                expr.size(),
+                hi + 1,
+                False,
+                self.convert_claripy_bool_ast(expr, memo=memo),
+                **tags,
+            )
+        raise NotImplementedError("This case will be implemented once encountered.")
+    def convert_claripy_bool_ast(self, cond, memo=None):
+        """
+        Convert recovered reaching conditions from claripy ASTs to ailment Expressions
+        :return: None
+        """
+        if memo is None:
+            memo = {}
+        if cond._hash in memo:
+            return memo[cond._hash]
+        r = self.convert_claripy_bool_ast_core(cond, memo)
+        optimized_r = peephole_optimize_expr(r, self._peephole_expr_optimizations)
+        r = r if optimized_r is None else optimized_r
+        memo[cond._hash] = r
+        return r
+    def convert_claripy_bool_ast_core(self, cond, memo):
+        if isinstance(cond, ailment.Expr.Expression):
+            return cond
+        if cond.op in {"BoolS", "BoolV"} and claripy.is_true(cond):
+            return ailment.Expr.Const(None, None, True, 1)
+        if cond in self._condition_mapping:
+            return self._condition_mapping[cond]
+        if cond.op in {"BVS", "BoolS"} and cond.args[0] in self._condition_mapping:
+            return self._condition_mapping[cond.args[0]]
+        def _binary_op_reduce(op, args, tags, signed=False):
+            r = None
+            for arg in args:
+                if r is None:
+                    r = self.convert_claripy_bool_ast(arg, memo=memo)
+                else:
+                    r = ailment.Expr.BinaryOp(
+                        None, op, (r, self.convert_claripy_bool_ast(arg, memo=memo)), signed, **tags
+                    )
+            return r
+        def _unary_op_reduce(op, arg, tags):
+            r = self.convert_claripy_bool_ast(arg, memo=memo)
+            # TODO: Keep track of tags
+            return ailment.Expr.UnaryOp(None, op, r, **tags)
+        _mapping = {
+            "Not": lambda cond_, tags: _unary_op_reduce("Not", cond_.args[0], tags),
+            "__neg__": lambda cond_, tags: _unary_op_reduce("Not", cond_.args[0], tags),
+            "__invert__": lambda cond_, tags: _unary_op_reduce("BitwiseNeg", cond_.args[0], tags),
+            "And": lambda cond_, tags: _binary_op_reduce("LogicalAnd", cond_.args, tags),
+            "Or": lambda cond_, tags: _binary_op_reduce("LogicalOr", cond_.args, tags),
+            "__le__": lambda cond_, tags: _binary_op_reduce("CmpLE", cond_.args, tags, signed=True),
+            "SLE": lambda cond_, tags: _binary_op_reduce("CmpLE", cond_.args, tags, signed=True),
+            "__lt__": lambda cond_, tags: _binary_op_reduce("CmpLT", cond_.args, tags, signed=True),
+            "SLT": lambda cond_, tags: _binary_op_reduce("CmpLT", cond_.args, tags, signed=True),
+            "UGT": lambda cond_, tags: _binary_op_reduce("CmpGT", cond_.args, tags),
+            "UGE": lambda cond_, tags: _binary_op_reduce("CmpGE", cond_.args, tags),
+            "__gt__": lambda cond_, tags: _binary_op_reduce("CmpGT", cond_.args, tags, signed=True),
+            "__ge__": lambda cond_, tags: _binary_op_reduce("CmpGE", cond_.args, tags, signed=True),
+            "SGT": lambda cond_, tags: _binary_op_reduce("CmpGT", cond_.args, tags, signed=True),
+            "SGE": lambda cond_, tags: _binary_op_reduce("CmpGE", cond_.args, tags, signed=True),
+            "ULT": lambda cond_, tags: _binary_op_reduce("CmpLT", cond_.args, tags),
+            "ULE": lambda cond_, tags: _binary_op_reduce("CmpLE", cond_.args, tags),
+            "__eq__": lambda cond_, tags: _binary_op_reduce("CmpEQ", cond_.args, tags),
+            "__ne__": lambda cond_, tags: _binary_op_reduce("CmpNE", cond_.args, tags),
+            "__add__": lambda cond_, tags: _binary_op_reduce("Add", cond_.args, tags, signed=False),
+            "__sub__": lambda cond_, tags: _binary_op_reduce("Sub", cond_.args, tags),
+            "__mul__": lambda cond_, tags: _binary_op_reduce("Mul", cond_.args, tags),
+            "__xor__": lambda cond_, tags: _binary_op_reduce("Xor", cond_.args, tags),
+            "__or__": lambda cond_, tags: _binary_op_reduce("Or", cond_.args, tags, signed=False),
+            "__and__": lambda cond_, tags: _binary_op_reduce("And", cond_.args, tags),
+            "__lshift__": lambda cond_, tags: _binary_op_reduce("Shl", cond_.args, tags),
+            "__rshift__": lambda cond_, tags: _binary_op_reduce("Sar", cond_.args, tags),
+            "__floordiv__": lambda cond_, tags: _binary_op_reduce("Div", cond_.args, tags),
+            "__mod__": lambda cond_, tags: _binary_op_reduce("Mod", cond_.args, tags),
+            "LShR": lambda cond_, tags: _binary_op_reduce("Shr", cond_.args, tags),
+            "BVV": lambda cond_, tags: ailment.Expr.Const(None, None, cond_.args[0], cond_.size(), **tags),
+            "BoolV": lambda cond_, tags: (
+                ailment.Expr.Const(None, None, True, 1, **tags)
+                if cond_.args[0] is True
+                else ailment.Expr.Const(None, None, False, 1, **tags)
+            ),
+            "Extract": lambda cond_, tags: self._convert_extract(*cond_.args, tags, memo=memo),
+            "ZeroExt": lambda cond_, tags: _binary_op_reduce(
+                "Concat", [claripy.BVV(0, cond_.args[0]), cond_.args[1]], tags
+            ),
+        }
+        if cond.op in _mapping:
+            if cond in self._ast2annotations:
+                cond_tags = self._ast2annotations.get(cond)
+            elif claripy.Not(cond) in self._ast2annotations:
+                cond_tags = self._ast2annotations.get(claripy.Not(cond))
+            else:
+                cond_tags = {}
+            return _mapping[cond.op](cond, cond_tags)
+        raise NotImplementedError(
+            ("Condition variable %s has an unsupported operator %s. Consider implementing.") % (cond, cond.op)
+        )
+    def claripy_ast_from_ail_condition(self, condition, nobool: bool = False) -> claripy.ast.Bool:
+        # Unpack a condition all the way to the leaves
+        if isinstance(condition, claripy.ast.Base):  # pylint:disable=isinstance-second-argument-not-valid-type
+            return condition
+        if isinstance(
+            condition,
+            (ailment.Expr.DirtyExpression, ailment.Expr.BasePointerOffset, ailment.Expr.ITE),
+        ):
+            return _dummy_bvs(condition, self._condition_mapping)
+        elif isinstance(condition, ailment.Stmt.Call):
+            return _dummy_bvs(condition, self._condition_mapping, name_suffix=hex(condition.tags.get("ins_addr", 0)))
+        elif isinstance(condition, (ailment.Expr.Load, ailment.Expr.Register)):
+            # does it have a variable associated?
+            if condition.variable is not None:
+                var = claripy.BVS(
+                    f"ailexpr_{repr(condition)}-{condition.variable.ident}", condition.bits, explicit_name=True
+                )
+            else:
+                var = claripy.BVS(
+                    "ailexpr_%s-%d" % (repr(condition), condition.idx), condition.bits, explicit_name=True
+                )
+            self._condition_mapping[var.args[0]] = condition
+            return var
+        elif isinstance(condition, ailment.Expr.Convert):
+            # convert is special. if it generates a 1-bit variable, it should be treated as a BoolS
+            if condition.to_bits == 1:
+                var_ = self.claripy_ast_from_ail_condition(condition.operands[0])
+                name = "ailcond_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
+                var = claripy.BoolS(name, explicit_name=True)
+            else:
+                var_ = self.claripy_ast_from_ail_condition(condition.operands[0])
+                name = "ailexpr_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
+                var = claripy.BVS(name, condition.to_bits, explicit_name=True)
+            self._condition_mapping[var.args[0]] = condition
+            return var
+        elif isinstance(condition, ailment.Expr.Const):
+            if condition.value is True or condition.value is False:
+                var = claripy.BoolV(condition.value)
+            else:
+                var = claripy.BVV(condition.value, condition.bits)
+            if isinstance(var, claripy.Bits) and var.size() == 1:
+                var = claripy.true if var.concrete_value == 1 else claripy.false
+            return var
+        elif isinstance(condition, ailment.Expr.Tmp):
+            l.warning("Left-over ailment.Tmp variable %s.", condition)
+            if condition.bits == 1:
+                var = claripy.BoolS("ailtmp_%d" % condition.tmp_idx, explicit_name=True)
+            else:
+                var = claripy.BVS("ailtmp_%d" % condition.tmp_idx, condition.bits, explicit_name=True)
+            self._condition_mapping[var.args[0]] = condition
+            return var
+        elif isinstance(condition, ailment.Expr.MultiStatementExpression):
+            # just cache it
+            if condition.bits == 1:
+                var = claripy.BoolS("mstmtexpr_%d" % hash(condition), explicit_name=True)
+            else:
+                var = claripy.BVS("mstmtexpr_%d" % hash(condition), condition.bits, explicit_name=True)
+            self._condition_mapping[var.args[0]] = condition
+            return var
+        lambda_expr = _ail2claripy_op_mapping.get(condition.verbose_op, None)
+        if lambda_expr is None:
+            # fall back to op
+            lambda_expr = _ail2claripy_op_mapping.get(condition.op, None)
+        if lambda_expr is None:
+            raise NotImplementedError(
+                "Unsupported AIL expression operation %s or %s. Consider implementing."
+                % (condition.op, condition.verbose_op)
+            )
+        r = lambda_expr(condition, self.claripy_ast_from_ail_condition, self._condition_mapping)
+        if isinstance(r, claripy.ast.Bool) and nobool:
+            r = claripy.BVS("ailexpr_from_bool_%r" % r, 1, explicit_name=True)
+            self._condition_mapping[r.args[0]] = condition
+        if r is NotImplemented:
+            if condition.bits == 1:
+                r = claripy.BoolS("ailexpr_%r" % condition, explicit_name=True)
+            else:
+                r = claripy.BVS("ailexpr_%r" % condition, condition.bits, explicit_name=True)
+            self._condition_mapping[r.args[0]] = condition
+        # don't lose tags
+        self._ast2annotations[r] = condition.tags
+        return r
+    #
+    # Expression simplification
+    #
+    @staticmethod
+    def claripy_ast_to_sympy_expr(ast, memo=None):
+        if ast.op == "And":
+            return sympy.And(*(ConditionProcessor.claripy_ast_to_sympy_expr(arg, memo=memo) for arg in ast.args))
+        if ast.op == "Or":
+            return sympy.Or(*(ConditionProcessor.claripy_ast_to_sympy_expr(arg, memo=memo) for arg in ast.args))
+        if ast.op == "Not":
+            return sympy.Not(ConditionProcessor.claripy_ast_to_sympy_expr(ast.args[0], memo=memo))
+        if ast.op in _UNIFIABLE_COMPARISONS:
+            # unify comparisons to enable more simplification opportunities without going "deep" in sympy
+            inverse_op = getattr(ast.args[0], claripy.operations.inverse_operations[ast.op])
+            return sympy.Not(ConditionProcessor.claripy_ast_to_sympy_expr(inverse_op(ast.args[1]), memo=memo))
+        if memo is not None and ast in memo:
+            return memo[ast]
+        symbol = sympy.Symbol(str(hash(ast)))
+        if memo is not None:
+            memo[symbol] = ast
+        return symbol
+    @staticmethod
+    def sympy_expr_to_claripy_ast(expr, memo: dict):
+        if expr.is_Symbol:
+            return memo[expr]
+        if isinstance(expr, sympy.Or):
+            return claripy.Or(*(ConditionProcessor.sympy_expr_to_claripy_ast(arg, memo) for arg in expr.args))
+        if isinstance(expr, sympy.And):
+            return claripy.And(*(ConditionProcessor.sympy_expr_to_claripy_ast(arg, memo) for arg in expr.args))
+        if isinstance(expr, sympy.Not):
+            return claripy.Not(ConditionProcessor.sympy_expr_to_claripy_ast(expr.args[0], memo))
+        if isinstance(expr, sympy.logic.boolalg.BooleanTrue):
+            return claripy.true
+        if isinstance(expr, sympy.logic.boolalg.BooleanFalse):
+            return claripy.false
+        raise RuntimeError("Unreachable reached")
+    @staticmethod
+    def simplify_condition(cond, depth_limit=8, variables_limit=8):
+        memo = {}
+        if cond.depth > depth_limit or len(cond.variables) > variables_limit:
+            return cond
+        sympy_expr = ConditionProcessor.claripy_ast_to_sympy_expr(cond, memo=memo)
+        r = ConditionProcessor.sympy_expr_to_claripy_ast(sympy.simplify_logic(sympy_expr, deep=False), memo)
+        return r
+    @staticmethod
+    def simplify_condition_deprecated(cond):
+        # Z3's simplification may yield weird and unreadable results
+        # hence we mostly rely on our own simplification. we only use Z3's simplification results when it returns a
+        # concrete value.
+        claripy_simplified = claripy.simplify(cond)
+        if not claripy_simplified.symbolic:
+            return claripy_simplified
+        simplified = ConditionProcessor._fold_double_negations(cond)
+        cond = simplified if simplified is not None else cond
+        simplified = ConditionProcessor._revert_short_circuit_conditions(cond)
+        cond = simplified if simplified is not None else cond
+        simplified = ConditionProcessor._extract_common_subexpressions(cond)
+        cond = simplified if simplified is not None else cond
+        # simplified = ConditionProcessor._remove_redundant_terms(cond)
+        # cond = simplified if simplified is not None else cond
+        # in the end, use claripy's simplification to handle really easy cases again
+        simplified = ConditionProcessor._simplify_trivial_cases(cond)
+        cond = simplified if simplified is not None else cond
+        return cond
+    @staticmethod
+    def _simplify_trivial_cases(cond):
+        if cond.op == "And":
+            new_args = []
+            for arg in cond.args:
+                claripy_simplified = claripy.simplify(arg)
+                if claripy.is_true(claripy_simplified):
+                    continue
+                new_args.append(arg)
+            return claripy.And(*new_args)
+        return None
+    @staticmethod
+    def _revert_short_circuit_conditions(cond):
+        # revert short-circuit conditions
+        # !A||(A&&!B) ==> !(A&&B)
+        if cond.op != "Or":
+            return cond
+        if len(cond.args) == 1:
+            # redundant operator. get rid of it
+            return cond.args[0]
+        or_arg0, or_arg1 = cond.args[:2]
+        if or_arg1.op == "And":
+            pass
+        elif or_arg0.op == "And":
+            or_arg0, or_arg1 = or_arg1, or_arg0
+        else:
+            return cond
+        not_a = or_arg0
+        solver = claripy.SolverCacheless()
+        if not_a.variables == or_arg1.args[0].variables:
+            solver.add(not_a == or_arg1.args[0])
+            not_b = or_arg1.args[1]
+        elif not_a.variables == or_arg1.args[1].variables:
+            solver.add(not_a == or_arg1.args[1])
+            not_b = or_arg1.args[0]
+        else:
+            return cond
+        if not solver.satisfiable():
+            # found it!
+            b = claripy.Not(not_b)
+            a = claripy.Not(not_a)
+            if len(cond.args) <= 2:
+                return claripy.Not(claripy.And(a, b))
+            else:
+                return claripy.Or(claripy.Not(claripy.And(a, b)), *cond.args[2:])
+        else:
+            return cond
+    @staticmethod
+    def _fold_double_negations(cond):
+        # !(!A) ==> A
+        # !((!A) && (!B)) ==> A || B
+        # !((!A) && B) ==> A || !B
+        # !(A || B) ==> (!A && !B)
+        if cond.op != "Not":
+            return None
+        if cond.args[0].op == "Not":
+            return cond.args[0]
+        if cond.args[0].op == "And" and len(cond.args[0].args) == 2:
+            and_0, and_1 = cond.args[0].args
+            if and_0.op == "Not" and and_1.op == "Not":
+                expr = claripy.Or(and_0.args[0], and_1.args[0])
+                return expr
+            if and_0.op == "Not":  # and_1.op != "Not"
+                expr = claripy.Or(and_0.args[0], ConditionProcessor.simplify_condition(claripy.Not(and_1)))
+                return expr
+        if cond.args[0].op == "Or" and len(cond.args[0].args) == 2:
+            or_0, or_1 = cond.args[0].args
+            expr = claripy.And(
+                ConditionProcessor.simplify_condition(claripy.Not(or_0)),
+                ConditionProcessor.simplify_condition(claripy.Not(or_1)),
+            )
+            return expr
+        return None
+    @staticmethod
+    def _extract_common_subexpressions(cond):
+        def _expr_inside_collection(expr_, coll_) -> bool:
+            for ex_ in coll_:
+                if expr_ is ex_:
+                    return True
+            return False
+        # (A && B) || (A && C) => A && (B || C)
+        if cond.op == "And":
+            args = [ConditionProcessor._extract_common_subexpressions(arg) for arg in cond.args]
+            if all(arg is None for arg in args):
+                return None
+            return claripy.And(*((arg if arg is not None else ori_arg) for arg, ori_arg in zip(args, cond.args)))
+        if cond.op == "Or":
+            args = [ConditionProcessor._extract_common_subexpressions(arg) for arg in cond.args]
+            args = [(arg if arg is not None else ori_arg) for arg, ori_arg in zip(args, cond.args)]
+            expr_ctrs = defaultdict(int)
+            for arg in args:
+                if arg.op == "And":
+                    for subexpr in arg.args:
+                        expr_ctrs[subexpr] += 1
+                else:
+                    expr_ctrs[arg] += 1
+            common_exprs = []
+            for expr, ctr in expr_ctrs.items():
+                if ctr == len(args):
+                    # found a common one
+                    common_exprs.append(expr)
+            if not common_exprs:
+                return claripy.Or(*args)
+            new_args = []
+            for arg in args:
+                if arg.op == "And":
+                    new_subexprs = [
+                        subexpr for subexpr in arg.args if not _expr_inside_collection(subexpr, common_exprs)
+                    ]
+                    new_args.append(claripy.And(*new_subexprs))
+                elif arg in common_exprs:
+                    continue
+                else:
+                    raise RuntimeError("Unexpected behavior - you should never reach here")
+            return claripy.And(*common_exprs, claripy.Or(*new_args))
+        return None
+    @staticmethod
+    def _extract_terms(ast: claripy.ast.Bool) -> Generator[claripy.ast.Bool, None, None]:
+        if ast.op == "And":
+            for arg in ast.args:
+                yield from ConditionProcessor._extract_terms(arg)
+        elif ast.op == "Or":
+            for arg in ast.args:
+                yield from ConditionProcessor._extract_terms(arg)
+        elif ast.op == "Not":
+            yield from ConditionProcessor._extract_terms(ast.args[0])
+        else:
+            yield ast
+    @staticmethod
+    def _replace_term_in_ast(
+        ast: claripy.ast.Bool,
+        r0: claripy.ast.Bool,
+        r0_with: claripy.ast.Bool,
+        r1: claripy.ast.Bool,
+        r1_with: claripy.ast.Bool,
+    ) -> claripy.ast.Bool:
+        if ast.op == "And":
+            return ast.make_like(
+                "And", (ConditionProcessor._replace_term_in_ast(arg, r0, r0_with, r1, r1_with) for arg in ast.args)
+            )
+        elif ast.op == "Or":
+            return ast.make_like(
+                "Or", (ConditionProcessor._replace_term_in_ast(arg, r0, r0_with, r1, r1_with) for arg in ast.args)
+            )
+        elif ast.op == "Not":
+            return ast.make_like(
+                "Not", (ConditionProcessor._replace_term_in_ast(ast.args[0], r0, r0_with, r1, r1_with),)
+            )
+        else:
+            if ast is r0:
+                return r0_with
+            if ast is r1:
+                return r1_with
+            return ast
+    @staticmethod
+    def _remove_redundant_terms(cond):
+        """
+        Extract all terms and test for each term if its truism impacts the truism of the entire condition. If not, the
+        term is redundant and can be replaced with a True.
+        """
+        all_terms = set()
+        for term in ConditionProcessor._extract_terms(cond):
+            if term not in all_terms:
+                all_terms.add(term)
+        negations = {}
+        to_skip = set()
+        all_terms_without_negs = set()
+        for term in all_terms:
+            if term in to_skip:
+                continue
+            neg = claripy.Not(term)
+            if neg in all_terms:
+                negations[term] = neg
+                to_skip.add(neg)
+                all_terms_without_negs.add(term)
+            else:
+                all_terms_without_negs.add(term)
+        solver = claripy.SolverCacheless()
+        for term in all_terms_without_negs:
+            neg = negations.get(term, None)
+            replaced_with_true = ConditionProcessor._replace_term_in_ast(cond, term, claripy.true, neg, claripy.false)
+            sat0 = solver.satisfiable(
+                extra_constraints=(
+                    cond,
+                    claripy.Not(replaced_with_true),
+                )
+            )
+            sat1 = solver.satisfiable(
+                extra_constraints=(
+                    claripy.Not(cond),
+                    replaced_with_true,
+                )
+            )
+            if sat0 or sat1:
+                continue
+            replaced_with_false = ConditionProcessor._replace_term_in_ast(cond, term, claripy.false, neg, claripy.true)
+            sat0 = solver.satisfiable(
+                extra_constraints=(
+                    cond,
+                    claripy.Not(replaced_with_false),
+                )
+            )
+            sat1 = solver.satisfiable(
+                extra_constraints=(
+                    claripy.Not(cond),
+                    replaced_with_false,
+                )
+            )
+            if sat0 or sat1:
+                continue
+            # TODO: Finish the implementation
+            print(term, "is redundant")
+    #
+    # Graph processing
+    #
+    @staticmethod
+    def _remove_crossing_edges_between_cases(
+        graph: networkx.DiGraph, case_entry_to_switch_head: dict[int, int]
+    ) -> networkx.DiGraph:
+        starting_nodes = {node for node in graph if node.addr in case_entry_to_switch_head}
+        if not starting_nodes:
+            return graph
+        traversed_nodes = set()
+        edges_to_remove = set()
+        for starting_node in starting_nodes:
+            queue = [starting_node]
+            while queue:
+                src = queue.pop(0)
+                traversed_nodes.add(src)
+                successors = graph.successors(src)
+                for succ in successors:
+                    if succ in traversed_nodes:
+                        # we should not traverse this node twice
+                        if graph.out_degree(succ) > 0:
+                            edges_to_remove.add((src, succ))
+                        continue
+                    if succ in starting_nodes:
+                        # we do not want any jump from one node to a starting node
+                        edges_to_remove.add((src, succ))
+                        continue
+                    traversed_nodes.add(src)
+                    queue.append(succ)
+        if not edges_to_remove:
+            return graph
+        # make a copy before modifying the graph
+        graph = networkx.DiGraph(graph)
+        graph.remove_edges_from(edges_to_remove)
+        return graph
+    #
+    # Utils
+    #
+    def create_jump_target_var(self, jumptable_head_addr: int):
+        return claripy.BVS("jump_table_%x" % jumptable_head_addr, self.arch.bits, explicit_name=True)