angr 9.2.103__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +153 -0
- angr/__main__.py +59 -0
- angr/analyses/__init__.py +46 -0
- angr/analyses/analysis.py +359 -0
- angr/analyses/backward_slice.py +691 -0
- angr/analyses/binary_optimizer.py +683 -0
- angr/analyses/bindiff.py +1251 -0
- angr/analyses/boyscout.py +77 -0
- angr/analyses/callee_cleanup_finder.py +75 -0
- angr/analyses/calling_convention.py +956 -0
- angr/analyses/cdg.py +197 -0
- angr/analyses/cfg/__init__.py +11 -0
- angr/analyses/cfg/cfb.py +436 -0
- angr/analyses/cfg/cfg.py +73 -0
- angr/analyses/cfg/cfg_arch_options.py +82 -0
- angr/analyses/cfg/cfg_base.py +2917 -0
- angr/analyses/cfg/cfg_emulated.py +3570 -0
- angr/analyses/cfg/cfg_fast.py +5053 -0
- angr/analyses/cfg/cfg_fast_soot.py +669 -0
- angr/analyses/cfg/cfg_job_base.py +204 -0
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +8 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +63 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +52 -0
- angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +151 -0
- angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +141 -0
- angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +68 -0
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2368 -0
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +517 -0
- angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +26 -0
- angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +93 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +51 -0
- angr/analyses/cfg_slice_to_sink/__init__.py +2 -0
- angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
- angr/analyses/cfg_slice_to_sink/graph.py +84 -0
- angr/analyses/cfg_slice_to_sink/transitions.py +25 -0
- angr/analyses/class_identifier.py +62 -0
- angr/analyses/code_tagging.py +123 -0
- angr/analyses/complete_calling_conventions.py +424 -0
- angr/analyses/congruency_check.py +384 -0
- angr/analyses/data_dep/__init__.py +2 -0
- angr/analyses/data_dep/data_dependency_analysis.py +605 -0
- angr/analyses/data_dep/dep_nodes.py +170 -0
- angr/analyses/data_dep/sim_act_location.py +46 -0
- angr/analyses/datagraph_meta.py +105 -0
- angr/analyses/ddg.py +1695 -0
- angr/analyses/decompiler/__init__.py +13 -0
- angr/analyses/decompiler/ail_simplifier.py +1408 -0
- angr/analyses/decompiler/ailgraph_walker.py +48 -0
- angr/analyses/decompiler/block_io_finder.py +293 -0
- angr/analyses/decompiler/block_similarity.py +188 -0
- angr/analyses/decompiler/block_simplifier.py +434 -0
- angr/analyses/decompiler/call_counter.py +43 -0
- angr/analyses/decompiler/callsite_maker.py +403 -0
- angr/analyses/decompiler/ccall_rewriters/__init__.py +6 -0
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +489 -0
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +19 -0
- angr/analyses/decompiler/clinic.py +2166 -0
- angr/analyses/decompiler/condition_processor.py +1184 -0
- angr/analyses/decompiler/decompilation_cache.py +38 -0
- angr/analyses/decompiler/decompilation_options.py +274 -0
- angr/analyses/decompiler/decompiler.py +544 -0
- angr/analyses/decompiler/empty_node_remover.py +211 -0
- angr/analyses/decompiler/expression_counters.py +76 -0
- angr/analyses/decompiler/expression_narrower.py +92 -0
- angr/analyses/decompiler/goto_manager.py +73 -0
- angr/analyses/decompiler/graph_region.py +413 -0
- angr/analyses/decompiler/jump_target_collector.py +36 -0
- angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +66 -0
- angr/analyses/decompiler/optimization_passes/__init__.py +108 -0
- angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +144 -0
- angr/analyses/decompiler/optimization_passes/code_motion.py +360 -0
- angr/analyses/decompiler/optimization_passes/const_derefs.py +265 -0
- angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +108 -0
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +73 -0
- angr/analyses/decompiler/optimization_passes/div_simplifier.py +391 -0
- angr/analyses/decompiler/optimization_passes/engine_base.py +303 -0
- angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +136 -0
- angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +91 -0
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +386 -0
- angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +226 -0
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +189 -0
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +757 -0
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +86 -0
- angr/analyses/decompiler/optimization_passes/multi_simplifier.py +227 -0
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +397 -0
- angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +198 -0
- angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +172 -0
- angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +219 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +448 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +57 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +121 -0
- angr/analyses/decompiler/optimization_passes/spilled_register_finder.py +18 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +293 -0
- angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +110 -0
- angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +281 -0
- angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +87 -0
- angr/analyses/decompiler/peephole_optimizations/__init__.py +69 -0
- angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +38 -0
- angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
- angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +31 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_div_const_mul_const.py +56 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +19 -0
- angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +235 -0
- angr/analyses/decompiler/peephole_optimizations/base.py +120 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +33 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +35 -0
- angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
- angr/analyses/decompiler/peephole_optimizations/bswap.py +131 -0
- angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +72 -0
- angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +27 -0
- angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py +91 -0
- angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +43 -0
- angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +70 -0
- angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +51 -0
- angr/analyses/decompiler/peephole_optimizations/eager_eval.py +225 -0
- angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +55 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +146 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +102 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +159 -0
- angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
- angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
- angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +19 -0
- angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +45 -0
- angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +26 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +48 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +160 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +29 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +17 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +43 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +40 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +47 -0
- angr/analyses/decompiler/peephole_optimizations/rol_ror.py +77 -0
- angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +105 -0
- angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +37 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +52 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +26 -0
- angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +133 -0
- angr/analyses/decompiler/redundant_label_remover.py +116 -0
- angr/analyses/decompiler/region_identifier.py +1098 -0
- angr/analyses/decompiler/region_simplifiers/__init__.py +1 -0
- angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +93 -0
- angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +81 -0
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +606 -0
- angr/analyses/decompiler/region_simplifiers/goto.py +177 -0
- angr/analyses/decompiler/region_simplifiers/if_.py +142 -0
- angr/analyses/decompiler/region_simplifiers/ifelse.py +90 -0
- angr/analyses/decompiler/region_simplifiers/loop.py +135 -0
- angr/analyses/decompiler/region_simplifiers/node_address_finder.py +23 -0
- angr/analyses/decompiler/region_simplifiers/region_simplifier.py +211 -0
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +644 -0
- angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +83 -0
- angr/analyses/decompiler/region_walker.py +23 -0
- angr/analyses/decompiler/return_maker.py +70 -0
- angr/analyses/decompiler/seq_to_blocks.py +19 -0
- angr/analyses/decompiler/sequence_walker.py +235 -0
- angr/analyses/decompiler/structured_codegen/__init__.py +10 -0
- angr/analyses/decompiler/structured_codegen/base.py +132 -0
- angr/analyses/decompiler/structured_codegen/c.py +3811 -0
- angr/analyses/decompiler/structured_codegen/dummy.py +14 -0
- angr/analyses/decompiler/structured_codegen/dwarf_import.py +186 -0
- angr/analyses/decompiler/structuring/__init__.py +15 -0
- angr/analyses/decompiler/structuring/dream.py +1225 -0
- angr/analyses/decompiler/structuring/phoenix.py +2546 -0
- angr/analyses/decompiler/structuring/recursive_structurer.py +186 -0
- angr/analyses/decompiler/structuring/structurer_base.py +954 -0
- angr/analyses/decompiler/structuring/structurer_nodes.py +414 -0
- angr/analyses/decompiler/utils.py +787 -0
- angr/analyses/disassembly.py +1302 -0
- angr/analyses/disassembly_utils.py +104 -0
- angr/analyses/dominance_frontier.py +39 -0
- angr/analyses/find_objects_static.py +203 -0
- angr/analyses/flirt.py +185 -0
- angr/analyses/forward_analysis/__init__.py +2 -0
- angr/analyses/forward_analysis/forward_analysis.py +527 -0
- angr/analyses/forward_analysis/job_info.py +64 -0
- angr/analyses/forward_analysis/visitors/__init__.py +4 -0
- angr/analyses/forward_analysis/visitors/call_graph.py +28 -0
- angr/analyses/forward_analysis/visitors/function_graph.py +85 -0
- angr/analyses/forward_analysis/visitors/graph.py +250 -0
- angr/analyses/forward_analysis/visitors/loop.py +28 -0
- angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
- angr/analyses/identifier/__init__.py +1 -0
- angr/analyses/identifier/custom_callable.py +138 -0
- angr/analyses/identifier/errors.py +9 -0
- angr/analyses/identifier/func.py +57 -0
- angr/analyses/identifier/functions/__init__.py +36 -0
- angr/analyses/identifier/functions/atoi.py +75 -0
- angr/analyses/identifier/functions/based_atoi.py +128 -0
- angr/analyses/identifier/functions/fdprintf.py +122 -0
- angr/analyses/identifier/functions/free.py +64 -0
- angr/analyses/identifier/functions/int2str.py +302 -0
- angr/analyses/identifier/functions/malloc.py +113 -0
- angr/analyses/identifier/functions/memcmp.py +69 -0
- angr/analyses/identifier/functions/memcpy.py +89 -0
- angr/analyses/identifier/functions/memset.py +43 -0
- angr/analyses/identifier/functions/printf.py +122 -0
- angr/analyses/identifier/functions/recv_until.py +315 -0
- angr/analyses/identifier/functions/skip_calloc.py +72 -0
- angr/analyses/identifier/functions/skip_realloc.py +99 -0
- angr/analyses/identifier/functions/skip_recv_n.py +107 -0
- angr/analyses/identifier/functions/snprintf.py +114 -0
- angr/analyses/identifier/functions/sprintf.py +115 -0
- angr/analyses/identifier/functions/strcasecmp.py +32 -0
- angr/analyses/identifier/functions/strcmp.py +112 -0
- angr/analyses/identifier/functions/strcpy.py +43 -0
- angr/analyses/identifier/functions/strlen.py +26 -0
- angr/analyses/identifier/functions/strncmp.py +103 -0
- angr/analyses/identifier/functions/strncpy.py +65 -0
- angr/analyses/identifier/functions/strtol.py +91 -0
- angr/analyses/identifier/identify.py +848 -0
- angr/analyses/identifier/runner.py +359 -0
- angr/analyses/init_finder.py +264 -0
- angr/analyses/loop_analysis.py +353 -0
- angr/analyses/loopfinder.py +174 -0
- angr/analyses/propagator/__init__.py +1 -0
- angr/analyses/propagator/engine_ail.py +1560 -0
- angr/analyses/propagator/engine_base.py +53 -0
- angr/analyses/propagator/engine_vex.py +328 -0
- angr/analyses/propagator/outdated_definition_walker.py +158 -0
- angr/analyses/propagator/propagator.py +422 -0
- angr/analyses/propagator/tmpvar_finder.py +17 -0
- angr/analyses/propagator/top_checker_mixin.py +14 -0
- angr/analyses/propagator/values.py +116 -0
- angr/analyses/propagator/vex_vars.py +67 -0
- angr/analyses/proximity_graph.py +452 -0
- angr/analyses/reaching_definitions/__init__.py +65 -0
- angr/analyses/reaching_definitions/call_trace.py +72 -0
- angr/analyses/reaching_definitions/dep_graph.py +392 -0
- angr/analyses/reaching_definitions/engine_ail.py +1172 -0
- angr/analyses/reaching_definitions/engine_vex.py +1102 -0
- angr/analyses/reaching_definitions/external_codeloc.py +0 -0
- angr/analyses/reaching_definitions/function_handler.py +603 -0
- angr/analyses/reaching_definitions/heap_allocator.py +69 -0
- angr/analyses/reaching_definitions/rd_initializer.py +235 -0
- angr/analyses/reaching_definitions/rd_state.py +613 -0
- angr/analyses/reaching_definitions/reaching_definitions.py +594 -0
- angr/analyses/reaching_definitions/subject.py +64 -0
- angr/analyses/reassembler.py +2970 -0
- angr/analyses/soot_class_hierarchy.py +283 -0
- angr/analyses/stack_pointer_tracker.py +832 -0
- angr/analyses/static_hooker.py +51 -0
- angr/analyses/typehoon/__init__.py +1 -0
- angr/analyses/typehoon/dfa.py +108 -0
- angr/analyses/typehoon/lifter.py +91 -0
- angr/analyses/typehoon/simple_solver.py +1258 -0
- angr/analyses/typehoon/translator.py +242 -0
- angr/analyses/typehoon/typeconsts.py +294 -0
- angr/analyses/typehoon/typehoon.py +239 -0
- angr/analyses/typehoon/typevars.py +565 -0
- angr/analyses/typehoon/variance.py +10 -0
- angr/analyses/variable_recovery/__init__.py +2 -0
- angr/analyses/variable_recovery/annotations.py +57 -0
- angr/analyses/variable_recovery/engine_ail.py +746 -0
- angr/analyses/variable_recovery/engine_base.py +962 -0
- angr/analyses/variable_recovery/engine_vex.py +580 -0
- angr/analyses/variable_recovery/irsb_scanner.py +131 -0
- angr/analyses/variable_recovery/variable_recovery.py +552 -0
- angr/analyses/variable_recovery/variable_recovery_base.py +452 -0
- angr/analyses/variable_recovery/variable_recovery_fast.py +589 -0
- angr/analyses/veritesting.py +635 -0
- angr/analyses/vfg.py +1945 -0
- angr/analyses/vsa_ddg.py +423 -0
- angr/analyses/vtable.py +92 -0
- angr/analyses/xrefs.py +263 -0
- angr/angrdb/__init__.py +9 -0
- angr/angrdb/db.py +208 -0
- angr/angrdb/models.py +183 -0
- angr/angrdb/serializers/__init__.py +2 -0
- angr/angrdb/serializers/cfg_model.py +41 -0
- angr/angrdb/serializers/comments.py +59 -0
- angr/angrdb/serializers/funcs.py +60 -0
- angr/angrdb/serializers/kb.py +110 -0
- angr/angrdb/serializers/labels.py +58 -0
- angr/angrdb/serializers/loader.py +81 -0
- angr/angrdb/serializers/structured_code.py +128 -0
- angr/angrdb/serializers/variables.py +58 -0
- angr/angrdb/serializers/xrefs.py +48 -0
- angr/annocfg.py +320 -0
- angr/blade.py +430 -0
- angr/block.py +506 -0
- angr/callable.py +162 -0
- angr/calling_conventions.py +2383 -0
- angr/code_location.py +168 -0
- angr/codenode.py +140 -0
- angr/concretization_strategies/__init__.py +97 -0
- angr/concretization_strategies/any.py +15 -0
- angr/concretization_strategies/any_named.py +32 -0
- angr/concretization_strategies/controlled_data.py +54 -0
- angr/concretization_strategies/eval.py +18 -0
- angr/concretization_strategies/logging.py +32 -0
- angr/concretization_strategies/max.py +24 -0
- angr/concretization_strategies/nonzero.py +14 -0
- angr/concretization_strategies/nonzero_range.py +20 -0
- angr/concretization_strategies/norepeats.py +35 -0
- angr/concretization_strategies/norepeats_range.py +35 -0
- angr/concretization_strategies/range.py +17 -0
- angr/concretization_strategies/signed_add.py +24 -0
- angr/concretization_strategies/single.py +12 -0
- angr/concretization_strategies/solutions.py +18 -0
- angr/concretization_strategies/unlimited_range.py +15 -0
- angr/distributed/__init__.py +3 -0
- angr/distributed/server.py +198 -0
- angr/distributed/worker.py +183 -0
- angr/engines/__init__.py +41 -0
- angr/engines/concrete.py +178 -0
- angr/engines/engine.py +212 -0
- angr/engines/failure.py +27 -0
- angr/engines/hook.py +67 -0
- angr/engines/light/__init__.py +2 -0
- angr/engines/light/data.py +715 -0
- angr/engines/light/engine.py +1441 -0
- angr/engines/pcode/__init__.py +2 -0
- angr/engines/pcode/behavior.py +995 -0
- angr/engines/pcode/cc.py +123 -0
- angr/engines/pcode/emulate.py +446 -0
- angr/engines/pcode/engine.py +256 -0
- angr/engines/pcode/lifter.py +1423 -0
- angr/engines/procedure.py +71 -0
- angr/engines/soot/__init__.py +1 -0
- angr/engines/soot/engine.py +415 -0
- angr/engines/soot/exceptions.py +14 -0
- angr/engines/soot/expressions/__init__.py +56 -0
- angr/engines/soot/expressions/arrayref.py +21 -0
- angr/engines/soot/expressions/base.py +22 -0
- angr/engines/soot/expressions/binop.py +27 -0
- angr/engines/soot/expressions/cast.py +21 -0
- angr/engines/soot/expressions/condition.py +34 -0
- angr/engines/soot/expressions/constants.py +45 -0
- angr/engines/soot/expressions/instanceOf.py +11 -0
- angr/engines/soot/expressions/instancefieldref.py +7 -0
- angr/engines/soot/expressions/invoke.py +117 -0
- angr/engines/soot/expressions/length.py +7 -0
- angr/engines/soot/expressions/local.py +7 -0
- angr/engines/soot/expressions/new.py +15 -0
- angr/engines/soot/expressions/newArray.py +51 -0
- angr/engines/soot/expressions/newMultiArray.py +84 -0
- angr/engines/soot/expressions/paramref.py +7 -0
- angr/engines/soot/expressions/phi.py +29 -0
- angr/engines/soot/expressions/staticfieldref.py +7 -0
- angr/engines/soot/expressions/thisref.py +6 -0
- angr/engines/soot/expressions/unsupported.py +6 -0
- angr/engines/soot/field_dispatcher.py +49 -0
- angr/engines/soot/method_dispatcher.py +49 -0
- angr/engines/soot/statements/__init__.py +30 -0
- angr/engines/soot/statements/assign.py +29 -0
- angr/engines/soot/statements/base.py +80 -0
- angr/engines/soot/statements/goto.py +11 -0
- angr/engines/soot/statements/identity.py +14 -0
- angr/engines/soot/statements/if_.py +16 -0
- angr/engines/soot/statements/invoke.py +11 -0
- angr/engines/soot/statements/return_.py +19 -0
- angr/engines/soot/statements/switch.py +38 -0
- angr/engines/soot/statements/throw.py +12 -0
- angr/engines/soot/values/__init__.py +24 -0
- angr/engines/soot/values/arrayref.py +124 -0
- angr/engines/soot/values/base.py +4 -0
- angr/engines/soot/values/constants.py +17 -0
- angr/engines/soot/values/instancefieldref.py +42 -0
- angr/engines/soot/values/local.py +17 -0
- angr/engines/soot/values/paramref.py +17 -0
- angr/engines/soot/values/staticfieldref.py +37 -0
- angr/engines/soot/values/strref.py +37 -0
- angr/engines/soot/values/thisref.py +148 -0
- angr/engines/successors.py +540 -0
- angr/engines/syscall.py +53 -0
- angr/engines/unicorn.py +483 -0
- angr/engines/vex/__init__.py +4 -0
- angr/engines/vex/claripy/__init__.py +1 -0
- angr/engines/vex/claripy/ccall.py +2097 -0
- angr/engines/vex/claripy/datalayer.py +149 -0
- angr/engines/vex/claripy/irop.py +1279 -0
- angr/engines/vex/heavy/__init__.py +5 -0
- angr/engines/vex/heavy/actions.py +237 -0
- angr/engines/vex/heavy/concretizers.py +394 -0
- angr/engines/vex/heavy/dirty.py +467 -0
- angr/engines/vex/heavy/heavy.py +379 -0
- angr/engines/vex/heavy/inspect.py +51 -0
- angr/engines/vex/heavy/resilience.py +85 -0
- angr/engines/vex/heavy/super_fastpath.py +34 -0
- angr/engines/vex/lifter.py +424 -0
- angr/engines/vex/light/__init__.py +3 -0
- angr/engines/vex/light/light.py +555 -0
- angr/engines/vex/light/resilience.py +73 -0
- angr/engines/vex/light/slicing.py +51 -0
- angr/errors.py +604 -0
- angr/exploration_techniques/__init__.py +176 -0
- angr/exploration_techniques/bucketizer.py +96 -0
- angr/exploration_techniques/common.py +56 -0
- angr/exploration_techniques/dfs.py +34 -0
- angr/exploration_techniques/director.py +523 -0
- angr/exploration_techniques/driller_core.py +102 -0
- angr/exploration_techniques/explorer.py +146 -0
- angr/exploration_techniques/lengthlimiter.py +20 -0
- angr/exploration_techniques/local_loop_seer.py +64 -0
- angr/exploration_techniques/loop_seer.py +239 -0
- angr/exploration_techniques/manual_mergepoint.py +80 -0
- angr/exploration_techniques/memory_watcher.py +40 -0
- angr/exploration_techniques/oppologist.py +93 -0
- angr/exploration_techniques/slicecutor.py +115 -0
- angr/exploration_techniques/spiller.py +282 -0
- angr/exploration_techniques/spiller_db.py +27 -0
- angr/exploration_techniques/stochastic.py +57 -0
- angr/exploration_techniques/suggestions.py +156 -0
- angr/exploration_techniques/symbion.py +78 -0
- angr/exploration_techniques/tech_builder.py +47 -0
- angr/exploration_techniques/threading.py +77 -0
- angr/exploration_techniques/timeout.py +31 -0
- angr/exploration_techniques/tracer.py +1101 -0
- angr/exploration_techniques/unique.py +104 -0
- angr/exploration_techniques/veritesting.py +36 -0
- angr/factory.py +385 -0
- angr/flirt/__init__.py +126 -0
- angr/flirt/build_sig.py +316 -0
- angr/graph_utils.py +0 -0
- angr/keyed_region.py +532 -0
- angr/knowledge_base/__init__.py +1 -0
- angr/knowledge_base/knowledge_base.py +145 -0
- angr/knowledge_plugins/__init__.py +18 -0
- angr/knowledge_plugins/callsite_prototypes.py +52 -0
- angr/knowledge_plugins/cfg/__init__.py +16 -0
- angr/knowledge_plugins/cfg/cfg_manager.py +94 -0
- angr/knowledge_plugins/cfg/cfg_model.py +1057 -0
- angr/knowledge_plugins/cfg/cfg_node.py +541 -0
- angr/knowledge_plugins/cfg/indirect_jump.py +67 -0
- angr/knowledge_plugins/cfg/memory_data.py +156 -0
- angr/knowledge_plugins/comments.py +15 -0
- angr/knowledge_plugins/custom_strings.py +37 -0
- angr/knowledge_plugins/data.py +21 -0
- angr/knowledge_plugins/debug_variables.py +221 -0
- angr/knowledge_plugins/functions/__init__.py +2 -0
- angr/knowledge_plugins/functions/function.py +1694 -0
- angr/knowledge_plugins/functions/function_manager.py +501 -0
- angr/knowledge_plugins/functions/function_parser.py +295 -0
- angr/knowledge_plugins/functions/soot_function.py +131 -0
- angr/knowledge_plugins/indirect_jumps.py +34 -0
- angr/knowledge_plugins/key_definitions/__init__.py +16 -0
- angr/knowledge_plugins/key_definitions/atoms.py +314 -0
- angr/knowledge_plugins/key_definitions/constants.py +23 -0
- angr/knowledge_plugins/key_definitions/definition.py +217 -0
- angr/knowledge_plugins/key_definitions/environment.py +92 -0
- angr/knowledge_plugins/key_definitions/heap_address.py +32 -0
- angr/knowledge_plugins/key_definitions/key_definition_manager.py +81 -0
- angr/knowledge_plugins/key_definitions/live_definitions.py +1074 -0
- angr/knowledge_plugins/key_definitions/liveness.py +170 -0
- angr/knowledge_plugins/key_definitions/rd_model.py +176 -0
- angr/knowledge_plugins/key_definitions/tag.py +77 -0
- angr/knowledge_plugins/key_definitions/undefined.py +67 -0
- angr/knowledge_plugins/key_definitions/unknown_size.py +83 -0
- angr/knowledge_plugins/key_definitions/uses.py +180 -0
- angr/knowledge_plugins/labels.py +109 -0
- angr/knowledge_plugins/patches.py +125 -0
- angr/knowledge_plugins/plugin.py +23 -0
- angr/knowledge_plugins/propagations/__init__.py +2 -0
- angr/knowledge_plugins/propagations/prop_value.py +193 -0
- angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
- angr/knowledge_plugins/propagations/propagation_model.py +74 -0
- angr/knowledge_plugins/propagations/states.py +1064 -0
- angr/knowledge_plugins/structured_code/__init__.py +1 -0
- angr/knowledge_plugins/structured_code/manager.py +59 -0
- angr/knowledge_plugins/sync/__init__.py +1 -0
- angr/knowledge_plugins/sync/sync_controller.py +329 -0
- angr/knowledge_plugins/types.py +87 -0
- angr/knowledge_plugins/variables/__init__.py +1 -0
- angr/knowledge_plugins/variables/variable_access.py +114 -0
- angr/knowledge_plugins/variables/variable_manager.py +1191 -0
- angr/knowledge_plugins/xrefs/__init__.py +3 -0
- angr/knowledge_plugins/xrefs/xref.py +157 -0
- angr/knowledge_plugins/xrefs/xref_manager.py +122 -0
- angr/knowledge_plugins/xrefs/xref_types.py +13 -0
- angr/lib/angr_native.so +0 -0
- angr/misc/__init__.py +8 -0
- angr/misc/ansi.py +46 -0
- angr/misc/autoimport.py +89 -0
- angr/misc/bug_report.py +125 -0
- angr/misc/hookset.py +106 -0
- angr/misc/import_hooks.py +63 -0
- angr/misc/loggers.py +130 -0
- angr/misc/picklable_lock.py +45 -0
- angr/misc/plugins.py +291 -0
- angr/misc/range.py +21 -0
- angr/misc/testing.py +23 -0
- angr/misc/ux.py +31 -0
- angr/misc/weakpatch.py +58 -0
- angr/procedures/__init__.py +2 -0
- angr/procedures/advapi32/__init__.py +0 -0
- angr/procedures/cgc/__init__.py +3 -0
- angr/procedures/cgc/_terminate.py +10 -0
- angr/procedures/cgc/allocate.py +76 -0
- angr/procedures/cgc/deallocate.py +59 -0
- angr/procedures/cgc/fdwait.py +62 -0
- angr/procedures/cgc/random.py +60 -0
- angr/procedures/cgc/receive.py +91 -0
- angr/procedures/cgc/transmit.py +63 -0
- angr/procedures/definitions/__init__.py +784 -0
- angr/procedures/definitions/cgc.py +19 -0
- angr/procedures/definitions/glibc.py +8384 -0
- angr/procedures/definitions/gnulib.py +35 -0
- angr/procedures/definitions/libstdcpp.py +20 -0
- angr/procedures/definitions/linux_kernel.py +6167 -0
- angr/procedures/definitions/linux_loader.py +6 -0
- angr/procedures/definitions/msvcr.py +15 -0
- angr/procedures/definitions/parse_syscalls_from_local_system.py +49 -0
- angr/procedures/definitions/parse_win32json.py +2556 -0
- angr/procedures/definitions/types_win32.py +34481 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +44 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +40 -0
- angr/procedures/definitions/wdk_clfs.py +154 -0
- angr/procedures/definitions/wdk_fltmgr.py +570 -0
- angr/procedures/definitions/wdk_fwpkclnt.py +44 -0
- angr/procedures/definitions/wdk_fwpuclnt.py +330 -0
- angr/procedures/definitions/wdk_gdi32.py +380 -0
- angr/procedures/definitions/wdk_hal.py +92 -0
- angr/procedures/definitions/wdk_ksecdd.py +76 -0
- angr/procedures/definitions/wdk_ndis.py +252 -0
- angr/procedures/definitions/wdk_ntoskrnl.py +3463 -0
- angr/procedures/definitions/wdk_offreg.py +86 -0
- angr/procedures/definitions/wdk_pshed.py +50 -0
- angr/procedures/definitions/wdk_secur32.py +54 -0
- angr/procedures/definitions/wdk_vhfum.py +48 -0
- angr/procedures/definitions/win32_aclui.py +44 -0
- angr/procedures/definitions/win32_activeds.py +82 -0
- angr/procedures/definitions/win32_advapi32.py +1698 -0
- angr/procedures/definitions/win32_advpack.py +138 -0
- angr/procedures/definitions/win32_amsi.py +52 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +58 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +48 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +48 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +60 -0
- angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +62 -0
- angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +46 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +46 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +46 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +82 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +43 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +37 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +39 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +23 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +23 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +27 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +75 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +23 -0
- angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +56 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +48 -0
- angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +52 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +52 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +54 -0
- angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +54 -0
- angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +50 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +27 -0
- angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +52 -0
- angr/procedures/definitions/win32_apphelp.py +40 -0
- angr/procedures/definitions/win32_authz.py +104 -0
- angr/procedures/definitions/win32_avicap32.py +46 -0
- angr/procedures/definitions/win32_avifil32.py +158 -0
- angr/procedures/definitions/win32_avrt.py +66 -0
- angr/procedures/definitions/win32_bcp47mrm.py +42 -0
- angr/procedures/definitions/win32_bcrypt.py +144 -0
- angr/procedures/definitions/win32_bcryptprimitives.py +42 -0
- angr/procedures/definitions/win32_bluetoothapis.py +120 -0
- angr/procedures/definitions/win32_bthprops.py +33 -0
- angr/procedures/definitions/win32_bthprops_cpl.py +50 -0
- angr/procedures/definitions/win32_cabinet.py +82 -0
- angr/procedures/definitions/win32_certadm.py +74 -0
- angr/procedures/definitions/win32_certpoleng.py +54 -0
- angr/procedures/definitions/win32_cfgmgr32.py +516 -0
- angr/procedures/definitions/win32_chakra.py +212 -0
- angr/procedures/definitions/win32_cldapi.py +110 -0
- angr/procedures/definitions/win32_clfsw32.py +156 -0
- angr/procedures/definitions/win32_clusapi.py +598 -0
- angr/procedures/definitions/win32_comctl32.py +268 -0
- angr/procedures/definitions/win32_comdlg32.py +80 -0
- angr/procedures/definitions/win32_compstui.py +46 -0
- angr/procedures/definitions/win32_computecore.py +146 -0
- angr/procedures/definitions/win32_computenetwork.py +124 -0
- angr/procedures/definitions/win32_computestorage.py +62 -0
- angr/procedures/definitions/win32_comsvcs.py +52 -0
- angr/procedures/definitions/win32_coremessaging.py +23 -0
- angr/procedures/definitions/win32_credui.py +76 -0
- angr/procedures/definitions/win32_crypt32.py +496 -0
- angr/procedures/definitions/win32_cryptnet.py +48 -0
- angr/procedures/definitions/win32_cryptui.py +58 -0
- angr/procedures/definitions/win32_cryptxml.py +76 -0
- angr/procedures/definitions/win32_cscapi.py +46 -0
- angr/procedures/definitions/win32_d2d1.py +64 -0
- angr/procedures/definitions/win32_d3d10.py +92 -0
- angr/procedures/definitions/win32_d3d10_1.py +42 -0
- angr/procedures/definitions/win32_d3d11.py +44 -0
- angr/procedures/definitions/win32_d3d12.py +54 -0
- angr/procedures/definitions/win32_d3d9.py +60 -0
- angr/procedures/definitions/win32_d3dcompiler_47.py +90 -0
- angr/procedures/definitions/win32_d3dcsx.py +56 -0
- angr/procedures/definitions/win32_davclnt.py +74 -0
- angr/procedures/definitions/win32_dbgeng.py +46 -0
- angr/procedures/definitions/win32_dbghelp.py +476 -0
- angr/procedures/definitions/win32_dbgmodel.py +40 -0
- angr/procedures/definitions/win32_dciman32.py +78 -0
- angr/procedures/definitions/win32_dcomp.py +62 -0
- angr/procedures/definitions/win32_ddraw.py +52 -0
- angr/procedures/definitions/win32_deviceaccess.py +40 -0
- angr/procedures/definitions/win32_dflayout.py +40 -0
- angr/procedures/definitions/win32_dhcpcsvc.py +68 -0
- angr/procedures/definitions/win32_dhcpcsvc6.py +50 -0
- angr/procedures/definitions/win32_dhcpsapi.py +430 -0
- angr/procedures/definitions/win32_diagnosticdataquery.py +108 -0
- angr/procedures/definitions/win32_dinput8.py +40 -0
- angr/procedures/definitions/win32_directml.py +42 -0
- angr/procedures/definitions/win32_dmprocessxmlfiltered.py +40 -0
- angr/procedures/definitions/win32_dnsapi.py +166 -0
- angr/procedures/definitions/win32_drt.py +70 -0
- angr/procedures/definitions/win32_drtprov.py +56 -0
- angr/procedures/definitions/win32_drttransport.py +42 -0
- angr/procedures/definitions/win32_dsound.py +58 -0
- angr/procedures/definitions/win32_dsparse.py +76 -0
- angr/procedures/definitions/win32_dsprop.py +52 -0
- angr/procedures/definitions/win32_dssec.py +46 -0
- angr/procedures/definitions/win32_dsuiext.py +46 -0
- angr/procedures/definitions/win32_dwmapi.py +100 -0
- angr/procedures/definitions/win32_dwrite.py +40 -0
- angr/procedures/definitions/win32_dxcompiler.py +42 -0
- angr/procedures/definitions/win32_dxcore.py +40 -0
- angr/procedures/definitions/win32_dxgi.py +50 -0
- angr/procedures/definitions/win32_dxva2.py +114 -0
- angr/procedures/definitions/win32_eappcfg.py +66 -0
- angr/procedures/definitions/win32_eappprxy.py +74 -0
- angr/procedures/definitions/win32_efswrt.py +42 -0
- angr/procedures/definitions/win32_elscore.py +48 -0
- angr/procedures/definitions/win32_esent.py +496 -0
- angr/procedures/definitions/win32_evr.py +52 -0
- angr/procedures/definitions/win32_faultrep.py +46 -0
- angr/procedures/definitions/win32_fhsvcctl.py +52 -0
- angr/procedures/definitions/win32_firewallapi.py +44 -0
- angr/procedures/definitions/win32_fltlib.py +94 -0
- angr/procedures/definitions/win32_fontsub.py +42 -0
- angr/procedures/definitions/win32_forceinline.py +44 -0
- angr/procedures/definitions/win32_fwpuclnt.py +422 -0
- angr/procedures/definitions/win32_fxsutility.py +42 -0
- angr/procedures/definitions/win32_gdi32.py +900 -0
- angr/procedures/definitions/win32_gdiplus.py +1296 -0
- angr/procedures/definitions/win32_glu32.py +142 -0
- angr/procedures/definitions/win32_gpedit.py +50 -0
- angr/procedures/definitions/win32_hhctrl_ocx.py +42 -0
- angr/procedures/definitions/win32_hid.py +128 -0
- angr/procedures/definitions/win32_hlink.py +94 -0
- angr/procedures/definitions/win32_hrtfapo.py +40 -0
- angr/procedures/definitions/win32_httpapi.py +124 -0
- angr/procedures/definitions/win32_icm32.py +80 -0
- angr/procedures/definitions/win32_icmui.py +42 -0
- angr/procedures/definitions/win32_icu.py +2088 -0
- angr/procedures/definitions/win32_ieframe.py +96 -0
- angr/procedures/definitions/win32_imagehlp.py +90 -0
- angr/procedures/definitions/win32_imgutil.py +56 -0
- angr/procedures/definitions/win32_imm32.py +202 -0
- angr/procedures/definitions/win32_infocardapi.py +72 -0
- angr/procedures/definitions/win32_inkobjcore.py +92 -0
- angr/procedures/definitions/win32_iphlpapi.py +440 -0
- angr/procedures/definitions/win32_iscsidsc.py +196 -0
- angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +42 -0
- angr/procedures/definitions/win32_kernel32.py +3199 -0
- angr/procedures/definitions/win32_kernelbase.py +50 -0
- angr/procedures/definitions/win32_keycredmgr.py +46 -0
- angr/procedures/definitions/win32_ksproxy_ax.py +50 -0
- angr/procedures/definitions/win32_ksuser.py +54 -0
- angr/procedures/definitions/win32_ktmw32.py +116 -0
- angr/procedures/definitions/win32_licenseprotection.py +42 -0
- angr/procedures/definitions/win32_loadperf.py +62 -0
- angr/procedures/definitions/win32_magnification.py +76 -0
- angr/procedures/definitions/win32_mapi32.py +170 -0
- angr/procedures/definitions/win32_mdmlocalmanagement.py +44 -0
- angr/procedures/definitions/win32_mdmregistration.py +68 -0
- angr/procedures/definitions/win32_mf.py +162 -0
- angr/procedures/definitions/win32_mfcore.py +42 -0
- angr/procedures/definitions/win32_mfplat.py +328 -0
- angr/procedures/definitions/win32_mfplay.py +40 -0
- angr/procedures/definitions/win32_mfreadwrite.py +48 -0
- angr/procedures/definitions/win32_mfsensorgroup.py +58 -0
- angr/procedures/definitions/win32_mfsrcsnk.py +42 -0
- angr/procedures/definitions/win32_mgmtapi.py +56 -0
- angr/procedures/definitions/win32_mi.py +40 -0
- angr/procedures/definitions/win32_mmdevapi.py +40 -0
- angr/procedures/definitions/win32_mpr.py +132 -0
- angr/procedures/definitions/win32_mprapi.py +262 -0
- angr/procedures/definitions/win32_mqrt.py +106 -0
- angr/procedures/definitions/win32_mrmsupport.py +92 -0
- angr/procedures/definitions/win32_msacm32.py +122 -0
- angr/procedures/definitions/win32_msajapi.py +1132 -0
- angr/procedures/definitions/win32_mscms.py +196 -0
- angr/procedures/definitions/win32_mscoree.py +92 -0
- angr/procedures/definitions/win32_msctfmonitor.py +44 -0
- angr/procedures/definitions/win32_msdelta.py +70 -0
- angr/procedures/definitions/win32_msdmo.py +60 -0
- angr/procedures/definitions/win32_msdrm.py +206 -0
- angr/procedures/definitions/win32_msi.py +566 -0
- angr/procedures/definitions/win32_msimg32.py +44 -0
- angr/procedures/definitions/win32_mspatcha.py +70 -0
- angr/procedures/definitions/win32_mspatchc.py +56 -0
- angr/procedures/definitions/win32_msports.py +52 -0
- angr/procedures/definitions/win32_msrating.py +76 -0
- angr/procedures/definitions/win32_mssign32.py +58 -0
- angr/procedures/definitions/win32_mstask.py +42 -0
- angr/procedures/definitions/win32_msvfw32.py +124 -0
- angr/procedures/definitions/win32_mswsock.py +70 -0
- angr/procedures/definitions/win32_mtxdm.py +40 -0
- angr/procedures/definitions/win32_ncrypt.py +116 -0
- angr/procedures/definitions/win32_ndfapi.py +70 -0
- angr/procedures/definitions/win32_netapi32.py +450 -0
- angr/procedures/definitions/win32_netsh.py +54 -0
- angr/procedures/definitions/win32_netshell.py +42 -0
- angr/procedures/definitions/win32_newdev.py +60 -0
- angr/procedures/definitions/win32_ninput.py +98 -0
- angr/procedures/definitions/win32_normaliz.py +42 -0
- angr/procedures/definitions/win32_ntdll.py +185 -0
- angr/procedures/definitions/win32_ntdllk.py +40 -0
- angr/procedures/definitions/win32_ntdsapi.py +200 -0
- angr/procedures/definitions/win32_ntlanman.py +58 -0
- angr/procedures/definitions/win32_odbc32.py +406 -0
- angr/procedures/definitions/win32_odbcbcp.py +92 -0
- angr/procedures/definitions/win32_ole32.py +672 -0
- angr/procedures/definitions/win32_oleacc.py +72 -0
- angr/procedures/definitions/win32_oleaut32.py +848 -0
- angr/procedures/definitions/win32_oledlg.py +84 -0
- angr/procedures/definitions/win32_ondemandconnroutehelper.py +48 -0
- angr/procedures/definitions/win32_opengl32.py +748 -0
- angr/procedures/definitions/win32_opmxbox.py +44 -0
- angr/procedures/definitions/win32_p2p.py +254 -0
- angr/procedures/definitions/win32_p2pgraph.py +112 -0
- angr/procedures/definitions/win32_pdh.py +234 -0
- angr/procedures/definitions/win32_peerdist.py +94 -0
- angr/procedures/definitions/win32_powrprof.py +206 -0
- angr/procedures/definitions/win32_prntvpt.py +60 -0
- angr/procedures/definitions/win32_projectedfslib.py +76 -0
- angr/procedures/definitions/win32_propsys.py +474 -0
- angr/procedures/definitions/win32_psapi.py +92 -0
- angr/procedures/definitions/win32_quartz.py +42 -0
- angr/procedures/definitions/win32_query.py +46 -0
- angr/procedures/definitions/win32_qwave.py +60 -0
- angr/procedures/definitions/win32_rasapi32.py +206 -0
- angr/procedures/definitions/win32_rasdlg.py +50 -0
- angr/procedures/definitions/win32_resutils.py +278 -0
- angr/procedures/definitions/win32_rometadata.py +23 -0
- angr/procedures/definitions/win32_rpcns4.py +160 -0
- angr/procedures/definitions/win32_rpcproxy.py +46 -0
- angr/procedures/definitions/win32_rpcrt4.py +932 -0
- angr/procedures/definitions/win32_rstrtmgr.py +60 -0
- angr/procedures/definitions/win32_rtm.py +190 -0
- angr/procedures/definitions/win32_rtutils.py +120 -0
- angr/procedures/definitions/win32_rtworkq.py +104 -0
- angr/procedures/definitions/win32_sas.py +40 -0
- angr/procedures/definitions/win32_scarddlg.py +48 -0
- angr/procedures/definitions/win32_schannel.py +56 -0
- angr/procedures/definitions/win32_sechost.py +42 -0
- angr/procedures/definitions/win32_secur32.py +216 -0
- angr/procedures/definitions/win32_sensapi.py +44 -0
- angr/procedures/definitions/win32_sensorsutilsv2.py +118 -0
- angr/procedures/definitions/win32_setupapi.py +706 -0
- angr/procedures/definitions/win32_sfc.py +50 -0
- angr/procedures/definitions/win32_shdocvw.py +44 -0
- angr/procedures/definitions/win32_shell32.py +526 -0
- angr/procedures/definitions/win32_shlwapi.py +758 -0
- angr/procedures/definitions/win32_slc.py +102 -0
- angr/procedures/definitions/win32_slcext.py +46 -0
- angr/procedures/definitions/win32_slwga.py +40 -0
- angr/procedures/definitions/win32_snmpapi.py +90 -0
- angr/procedures/definitions/win32_spoolss.py +90 -0
- angr/procedures/definitions/win32_srclient.py +40 -0
- angr/procedures/definitions/win32_srpapi.py +60 -0
- angr/procedures/definitions/win32_sspicli.py +52 -0
- angr/procedures/definitions/win32_sti.py +40 -0
- angr/procedures/definitions/win32_t2embed.py +66 -0
- angr/procedures/definitions/win32_tapi32.py +536 -0
- angr/procedures/definitions/win32_tbs.py +66 -0
- angr/procedures/definitions/win32_tdh.py +92 -0
- angr/procedures/definitions/win32_tokenbinding.py +58 -0
- angr/procedures/definitions/win32_traffic.py +78 -0
- angr/procedures/definitions/win32_txfw32.py +56 -0
- angr/procedures/definitions/win32_ualapi.py +46 -0
- angr/procedures/definitions/win32_uiautomationcore.py +234 -0
- angr/procedures/definitions/win32_urlmon.py +192 -0
- angr/procedures/definitions/win32_user32.py +1565 -0
- angr/procedures/definitions/win32_userenv.py +126 -0
- angr/procedures/definitions/win32_usp10.py +118 -0
- angr/procedures/definitions/win32_uxtheme.py +192 -0
- angr/procedures/definitions/win32_verifier.py +40 -0
- angr/procedures/definitions/win32_version.py +66 -0
- angr/procedures/definitions/win32_vertdll.py +52 -0
- angr/procedures/definitions/win32_virtdisk.py +96 -0
- angr/procedures/definitions/win32_vmdevicehost.py +64 -0
- angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +124 -0
- angr/procedures/definitions/win32_vssapi.py +40 -0
- angr/procedures/definitions/win32_wcmapi.py +48 -0
- angr/procedures/definitions/win32_wdsbp.py +52 -0
- angr/procedures/definitions/win32_wdsclientapi.py +112 -0
- angr/procedures/definitions/win32_wdsmc.py +50 -0
- angr/procedures/definitions/win32_wdspxe.py +100 -0
- angr/procedures/definitions/win32_wdstptc.py +64 -0
- angr/procedures/definitions/win32_webauthn.py +64 -0
- angr/procedures/definitions/win32_webservices.py +424 -0
- angr/procedures/definitions/win32_websocket.py +64 -0
- angr/procedures/definitions/win32_wecapi.py +68 -0
- angr/procedures/definitions/win32_wer.py +80 -0
- angr/procedures/definitions/win32_wevtapi.py +108 -0
- angr/procedures/definitions/win32_winbio.py +146 -0
- angr/procedures/definitions/win32_windows_ai_machinelearning.py +40 -0
- angr/procedures/definitions/win32_windows_data_pdf.py +23 -0
- angr/procedures/definitions/win32_windows_media_mediacontrol.py +54 -0
- angr/procedures/definitions/win32_windows_networking.py +40 -0
- angr/procedures/definitions/win32_windows_ui_xaml.py +42 -0
- angr/procedures/definitions/win32_windowscodecs.py +56 -0
- angr/procedures/definitions/win32_winfax.py +150 -0
- angr/procedures/definitions/win32_winhttp.py +150 -0
- angr/procedures/definitions/win32_winhvemulation.py +46 -0
- angr/procedures/definitions/win32_winhvplatform.py +170 -0
- angr/procedures/definitions/win32_wininet.py +630 -0
- angr/procedures/definitions/win32_winml.py +40 -0
- angr/procedures/definitions/win32_winmm.py +390 -0
- angr/procedures/definitions/win32_winscard.py +178 -0
- angr/procedures/definitions/win32_winspool.py +363 -0
- angr/procedures/definitions/win32_winspool_drv.py +382 -0
- angr/procedures/definitions/win32_wintrust.py +158 -0
- angr/procedures/definitions/win32_winusb.py +106 -0
- angr/procedures/definitions/win32_wlanapi.py +158 -0
- angr/procedures/definitions/win32_wlanui.py +40 -0
- angr/procedures/definitions/win32_wldap32.py +524 -0
- angr/procedures/definitions/win32_wldp.py +56 -0
- angr/procedures/definitions/win32_wmvcore.py +60 -0
- angr/procedures/definitions/win32_wnvapi.py +42 -0
- angr/procedures/definitions/win32_wofutil.py +60 -0
- angr/procedures/definitions/win32_ws2_32.py +358 -0
- angr/procedures/definitions/win32_wscapi.py +50 -0
- angr/procedures/definitions/win32_wsclient.py +44 -0
- angr/procedures/definitions/win32_wsdapi.py +102 -0
- angr/procedures/definitions/win32_wsmsvc.py +104 -0
- angr/procedures/definitions/win32_wsnmp32.py +136 -0
- angr/procedures/definitions/win32_wtsapi32.py +164 -0
- angr/procedures/definitions/win32_xaudio2_8.py +46 -0
- angr/procedures/definitions/win32_xinput1_4.py +52 -0
- angr/procedures/definitions/win32_xinputuap.py +35 -0
- angr/procedures/definitions/win32_xmllite.py +50 -0
- angr/procedures/definitions/win32_xolehlp.py +46 -0
- angr/procedures/definitions/win32_xpsprint.py +42 -0
- angr/procedures/glibc/__ctype_b_loc.py +22 -0
- angr/procedures/glibc/__ctype_tolower_loc.py +22 -0
- angr/procedures/glibc/__ctype_toupper_loc.py +22 -0
- angr/procedures/glibc/__errno_location.py +6 -0
- angr/procedures/glibc/__init__.py +3 -0
- angr/procedures/glibc/__libc_init.py +36 -0
- angr/procedures/glibc/__libc_start_main.py +294 -0
- angr/procedures/glibc/dynamic_loading.py +19 -0
- angr/procedures/glibc/scanf.py +10 -0
- angr/procedures/glibc/sscanf.py +5 -0
- angr/procedures/gnulib/__init__.py +3 -0
- angr/procedures/gnulib/xalloc_die.py +13 -0
- angr/procedures/gnulib/xstrtol_fatal.py +13 -0
- angr/procedures/java/__init__.py +38 -0
- angr/procedures/java/unconstrained.py +64 -0
- angr/procedures/java_io/__init__.py +0 -0
- angr/procedures/java_io/read.py +11 -0
- angr/procedures/java_io/write.py +16 -0
- angr/procedures/java_jni/__init__.py +475 -0
- angr/procedures/java_jni/array_operations.py +309 -0
- angr/procedures/java_jni/class_and_interface_operations.py +31 -0
- angr/procedures/java_jni/field_access.py +176 -0
- angr/procedures/java_jni/global_and_local_refs.py +56 -0
- angr/procedures/java_jni/method_calls.py +364 -0
- angr/procedures/java_jni/not_implemented.py +25 -0
- angr/procedures/java_jni/object_operations.py +95 -0
- angr/procedures/java_jni/string_operations.py +86 -0
- angr/procedures/java_jni/version_information.py +11 -0
- angr/procedures/java_lang/__init__.py +0 -0
- angr/procedures/java_lang/character.py +31 -0
- angr/procedures/java_lang/double.py +24 -0
- angr/procedures/java_lang/exit.py +12 -0
- angr/procedures/java_lang/getsimplename.py +15 -0
- angr/procedures/java_lang/integer.py +42 -0
- angr/procedures/java_lang/load_library.py +8 -0
- angr/procedures/java_lang/math.py +14 -0
- angr/procedures/java_lang/string.py +78 -0
- angr/procedures/java_lang/stringbuilder.py +43 -0
- angr/procedures/java_lang/system.py +17 -0
- angr/procedures/java_util/__init__.py +0 -0
- angr/procedures/java_util/collection.py +34 -0
- angr/procedures/java_util/iterator.py +45 -0
- angr/procedures/java_util/list.py +98 -0
- angr/procedures/java_util/map.py +132 -0
- angr/procedures/java_util/random.py +11 -0
- angr/procedures/java_util/scanner_nextline.py +22 -0
- angr/procedures/libc/__init__.py +3 -0
- angr/procedures/libc/abort.py +8 -0
- angr/procedures/libc/access.py +10 -0
- angr/procedures/libc/atoi.py +14 -0
- angr/procedures/libc/atol.py +12 -0
- angr/procedures/libc/calloc.py +7 -0
- angr/procedures/libc/closelog.py +9 -0
- angr/procedures/libc/err.py +13 -0
- angr/procedures/libc/error.py +55 -0
- angr/procedures/libc/exit.py +10 -0
- angr/procedures/libc/fclose.py +20 -0
- angr/procedures/libc/feof.py +19 -0
- angr/procedures/libc/fflush.py +15 -0
- angr/procedures/libc/fgetc.py +24 -0
- angr/procedures/libc/fgets.py +68 -0
- angr/procedures/libc/fopen.py +64 -0
- angr/procedures/libc/fprintf.py +24 -0
- angr/procedures/libc/fputc.py +22 -0
- angr/procedures/libc/fputs.py +23 -0
- angr/procedures/libc/fread.py +22 -0
- angr/procedures/libc/free.py +8 -0
- angr/procedures/libc/fscanf.py +20 -0
- angr/procedures/libc/fseek.py +32 -0
- angr/procedures/libc/ftell.py +21 -0
- angr/procedures/libc/fwrite.py +18 -0
- angr/procedures/libc/getchar.py +13 -0
- angr/procedures/libc/getdelim.py +96 -0
- angr/procedures/libc/getegid.py +7 -0
- angr/procedures/libc/geteuid.py +7 -0
- angr/procedures/libc/getgid.py +7 -0
- angr/procedures/libc/gets.py +66 -0
- angr/procedures/libc/getuid.py +7 -0
- angr/procedures/libc/malloc.py +11 -0
- angr/procedures/libc/memcmp.py +69 -0
- angr/procedures/libc/memcpy.py +37 -0
- angr/procedures/libc/memset.py +69 -0
- angr/procedures/libc/openlog.py +9 -0
- angr/procedures/libc/perror.py +12 -0
- angr/procedures/libc/printf.py +33 -0
- angr/procedures/libc/putchar.py +12 -0
- angr/procedures/libc/puts.py +16 -0
- angr/procedures/libc/rand.py +7 -0
- angr/procedures/libc/realloc.py +7 -0
- angr/procedures/libc/rewind.py +11 -0
- angr/procedures/libc/scanf.py +20 -0
- angr/procedures/libc/setbuf.py +8 -0
- angr/procedures/libc/setvbuf.py +6 -0
- angr/procedures/libc/snprintf.py +33 -0
- angr/procedures/libc/sprintf.py +22 -0
- angr/procedures/libc/srand.py +6 -0
- angr/procedures/libc/sscanf.py +13 -0
- angr/procedures/libc/stpcpy.py +18 -0
- angr/procedures/libc/strcat.py +13 -0
- angr/procedures/libc/strchr.py +44 -0
- angr/procedures/libc/strcmp.py +28 -0
- angr/procedures/libc/strcpy.py +13 -0
- angr/procedures/libc/strlen.py +99 -0
- angr/procedures/libc/strncat.py +18 -0
- angr/procedures/libc/strncmp.py +180 -0
- angr/procedures/libc/strncpy.py +18 -0
- angr/procedures/libc/strnlen.py +13 -0
- angr/procedures/libc/strstr.py +94 -0
- angr/procedures/libc/strtol.py +263 -0
- angr/procedures/libc/strtoul.py +9 -0
- angr/procedures/libc/system.py +12 -0
- angr/procedures/libc/time.py +9 -0
- angr/procedures/libc/tmpnam.py +19 -0
- angr/procedures/libc/tolower.py +7 -0
- angr/procedures/libc/toupper.py +7 -0
- angr/procedures/libc/ungetc.py +19 -0
- angr/procedures/libc/vsnprintf.py +16 -0
- angr/procedures/libc/wchar.py +15 -0
- angr/procedures/libstdcpp/__init__.py +0 -0
- angr/procedures/libstdcpp/_unwind_resume.py +10 -0
- angr/procedures/libstdcpp/std____throw_bad_alloc.py +12 -0
- angr/procedures/libstdcpp/std____throw_bad_cast.py +12 -0
- angr/procedures/libstdcpp/std____throw_length_error.py +12 -0
- angr/procedures/libstdcpp/std____throw_logic_error.py +12 -0
- angr/procedures/libstdcpp/std__terminate.py +12 -0
- angr/procedures/linux_kernel/__init__.py +3 -0
- angr/procedures/linux_kernel/access.py +17 -0
- angr/procedures/linux_kernel/arch_prctl.py +33 -0
- angr/procedures/linux_kernel/arm_user_helpers.py +58 -0
- angr/procedures/linux_kernel/brk.py +17 -0
- angr/procedures/linux_kernel/cwd.py +27 -0
- angr/procedures/linux_kernel/fstat.py +137 -0
- angr/procedures/linux_kernel/fstat64.py +169 -0
- angr/procedures/linux_kernel/futex.py +17 -0
- angr/procedures/linux_kernel/getegid.py +16 -0
- angr/procedures/linux_kernel/geteuid.py +16 -0
- angr/procedures/linux_kernel/getgid.py +16 -0
- angr/procedures/linux_kernel/getpid.py +13 -0
- angr/procedures/linux_kernel/getrlimit.py +24 -0
- angr/procedures/linux_kernel/gettid.py +8 -0
- angr/procedures/linux_kernel/getuid.py +16 -0
- angr/procedures/linux_kernel/iovec.py +43 -0
- angr/procedures/linux_kernel/lseek.py +39 -0
- angr/procedures/linux_kernel/mmap.py +15 -0
- angr/procedures/linux_kernel/mprotect.py +41 -0
- angr/procedures/linux_kernel/munmap.py +7 -0
- angr/procedures/linux_kernel/openat.py +28 -0
- angr/procedures/linux_kernel/set_tid_address.py +7 -0
- angr/procedures/linux_kernel/sigaction.py +16 -0
- angr/procedures/linux_kernel/sigprocmask.py +20 -0
- angr/procedures/linux_kernel/stat.py +22 -0
- angr/procedures/linux_kernel/sysinfo.py +58 -0
- angr/procedures/linux_kernel/tgkill.py +7 -0
- angr/procedures/linux_kernel/time.py +30 -0
- angr/procedures/linux_kernel/uid.py +29 -0
- angr/procedures/linux_kernel/uname.py +28 -0
- angr/procedures/linux_kernel/unlink.py +22 -0
- angr/procedures/linux_kernel/vsyscall.py +15 -0
- angr/procedures/linux_loader/__init__.py +3 -0
- angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +6 -0
- angr/procedures/linux_loader/_dl_rtld_lock.py +14 -0
- angr/procedures/linux_loader/sim_loader.py +53 -0
- angr/procedures/linux_loader/tls.py +40 -0
- angr/procedures/msvcr/__getmainargs.py +15 -0
- angr/procedures/msvcr/__init__.py +4 -0
- angr/procedures/msvcr/_initterm.py +37 -0
- angr/procedures/msvcr/fmode.py +28 -0
- angr/procedures/ntdll/__init__.py +0 -0
- angr/procedures/ntdll/exceptions.py +57 -0
- angr/procedures/posix/__init__.py +3 -0
- angr/procedures/posix/accept.py +29 -0
- angr/procedures/posix/bind.py +12 -0
- angr/procedures/posix/bzero.py +6 -0
- angr/procedures/posix/chroot.py +26 -0
- angr/procedures/posix/close.py +9 -0
- angr/procedures/posix/closedir.py +6 -0
- angr/procedures/posix/dup.py +55 -0
- angr/procedures/posix/fcntl.py +9 -0
- angr/procedures/posix/fdopen.py +77 -0
- angr/procedures/posix/fileno.py +17 -0
- angr/procedures/posix/fork.py +10 -0
- angr/procedures/posix/getenv.py +34 -0
- angr/procedures/posix/gethostbyname.py +42 -0
- angr/procedures/posix/getpass.py +18 -0
- angr/procedures/posix/getsockopt.py +10 -0
- angr/procedures/posix/htonl.py +11 -0
- angr/procedures/posix/htons.py +11 -0
- angr/procedures/posix/inet_ntoa.py +61 -0
- angr/procedures/posix/listen.py +12 -0
- angr/procedures/posix/mmap.py +140 -0
- angr/procedures/posix/open.py +17 -0
- angr/procedures/posix/opendir.py +9 -0
- angr/procedures/posix/poll.py +54 -0
- angr/procedures/posix/pread64.py +45 -0
- angr/procedures/posix/pthread.py +87 -0
- angr/procedures/posix/pwrite64.py +45 -0
- angr/procedures/posix/read.py +12 -0
- angr/procedures/posix/readdir.py +59 -0
- angr/procedures/posix/recv.py +12 -0
- angr/procedures/posix/recvfrom.py +12 -0
- angr/procedures/posix/select.py +46 -0
- angr/procedures/posix/send.py +22 -0
- angr/procedures/posix/setsockopt.py +8 -0
- angr/procedures/posix/sigaction.py +20 -0
- angr/procedures/posix/sim_time.py +45 -0
- angr/procedures/posix/sleep.py +7 -0
- angr/procedures/posix/socket.py +18 -0
- angr/procedures/posix/strcasecmp.py +23 -0
- angr/procedures/posix/strdup.py +17 -0
- angr/procedures/posix/strtok_r.py +65 -0
- angr/procedures/posix/syslog.py +15 -0
- angr/procedures/posix/tz.py +8 -0
- angr/procedures/posix/unlink.py +10 -0
- angr/procedures/posix/usleep.py +7 -0
- angr/procedures/posix/write.py +12 -0
- angr/procedures/procedure_dict.py +48 -0
- angr/procedures/stubs/CallReturn.py +12 -0
- angr/procedures/stubs/NoReturnUnconstrained.py +12 -0
- angr/procedures/stubs/Nop.py +6 -0
- angr/procedures/stubs/PathTerminator.py +8 -0
- angr/procedures/stubs/Redirect.py +15 -0
- angr/procedures/stubs/ReturnChar.py +10 -0
- angr/procedures/stubs/ReturnUnconstrained.py +24 -0
- angr/procedures/stubs/UnresolvableCallTarget.py +8 -0
- angr/procedures/stubs/UnresolvableJumpTarget.py +8 -0
- angr/procedures/stubs/UserHook.py +15 -0
- angr/procedures/stubs/__init__.py +3 -0
- angr/procedures/stubs/b64_decode.py +12 -0
- angr/procedures/stubs/caller.py +13 -0
- angr/procedures/stubs/crazy_scanf.py +17 -0
- angr/procedures/stubs/format_parser.py +677 -0
- angr/procedures/stubs/syscall_stub.py +26 -0
- angr/procedures/testing/__init__.py +3 -0
- angr/procedures/testing/manyargs.py +8 -0
- angr/procedures/testing/retreg.py +8 -0
- angr/procedures/tracer/__init__.py +4 -0
- angr/procedures/tracer/random.py +8 -0
- angr/procedures/tracer/receive.py +21 -0
- angr/procedures/tracer/transmit.py +24 -0
- angr/procedures/uclibc/__init__.py +3 -0
- angr/procedures/uclibc/__uClibc_main.py +9 -0
- angr/procedures/win32/EncodePointer.py +6 -0
- angr/procedures/win32/ExitProcess.py +8 -0
- angr/procedures/win32/GetCommandLine.py +11 -0
- angr/procedures/win32/GetCurrentProcessId.py +6 -0
- angr/procedures/win32/GetCurrentThreadId.py +6 -0
- angr/procedures/win32/GetLastInputInfo.py +37 -0
- angr/procedures/win32/GetModuleHandle.py +30 -0
- angr/procedures/win32/GetProcessAffinityMask.py +34 -0
- angr/procedures/win32/InterlockedExchange.py +14 -0
- angr/procedures/win32/IsProcessorFeaturePresent.py +6 -0
- angr/procedures/win32/VirtualAlloc.py +113 -0
- angr/procedures/win32/VirtualProtect.py +59 -0
- angr/procedures/win32/__init__.py +3 -0
- angr/procedures/win32/critical_section.py +11 -0
- angr/procedures/win32/dynamic_loading.py +103 -0
- angr/procedures/win32/file_handles.py +47 -0
- angr/procedures/win32/gethostbyname.py +10 -0
- angr/procedures/win32/heap.py +42 -0
- angr/procedures/win32/is_bad_ptr.py +25 -0
- angr/procedures/win32/local_storage.py +85 -0
- angr/procedures/win32/mutex.py +10 -0
- angr/procedures/win32/sim_time.py +135 -0
- angr/procedures/win32/system_paths.py +34 -0
- angr/procedures/win32_kernel/ExAllocatePool.py +12 -0
- angr/procedures/win32_kernel/ExFreePoolWithTag.py +7 -0
- angr/procedures/win32_kernel/__init__.py +3 -0
- angr/procedures/win_user32/__init__.py +0 -0
- angr/procedures/win_user32/chars.py +12 -0
- angr/procedures/win_user32/keyboard.py +13 -0
- angr/procedures/win_user32/messagebox.py +49 -0
- angr/project.py +834 -0
- angr/protos/__init__.py +13 -0
- angr/protos/cfg_pb2.py +31 -0
- angr/protos/function_pb2.py +37 -0
- angr/protos/primitives_pb2.py +124 -0
- angr/protos/variables_pb2.py +126 -0
- angr/protos/xrefs_pb2.py +34 -0
- angr/py.typed +1 -0
- angr/serializable.py +63 -0
- angr/service.py +35 -0
- angr/sim_manager.py +971 -0
- angr/sim_options.py +444 -0
- angr/sim_procedure.py +606 -0
- angr/sim_state.py +1003 -0
- angr/sim_state_options.py +409 -0
- angr/sim_type.py +3372 -0
- angr/sim_variable.py +562 -0
- angr/simos/__init__.py +31 -0
- angr/simos/cgc.py +152 -0
- angr/simos/javavm.py +471 -0
- angr/simos/linux.py +519 -0
- angr/simos/simos.py +450 -0
- angr/simos/snimmuc_nxp.py +152 -0
- angr/simos/userland.py +163 -0
- angr/simos/windows.py +562 -0
- angr/slicer.py +353 -0
- angr/state_hierarchy.py +262 -0
- angr/state_plugins/__init__.py +29 -0
- angr/state_plugins/callstack.py +404 -0
- angr/state_plugins/cgc.py +153 -0
- angr/state_plugins/concrete.py +297 -0
- angr/state_plugins/debug_variables.py +194 -0
- angr/state_plugins/filesystem.py +469 -0
- angr/state_plugins/gdb.py +146 -0
- angr/state_plugins/globals.py +62 -0
- angr/state_plugins/heap/__init__.py +5 -0
- angr/state_plugins/heap/heap_base.py +126 -0
- angr/state_plugins/heap/heap_brk.py +134 -0
- angr/state_plugins/heap/heap_freelist.py +210 -0
- angr/state_plugins/heap/heap_libc.py +45 -0
- angr/state_plugins/heap/heap_ptmalloc.py +646 -0
- angr/state_plugins/heap/utils.py +21 -0
- angr/state_plugins/history.py +548 -0
- angr/state_plugins/inspect.py +376 -0
- angr/state_plugins/javavm_classloader.py +133 -0
- angr/state_plugins/jni_references.py +93 -0
- angr/state_plugins/libc.py +1263 -0
- angr/state_plugins/light_registers.py +170 -0
- angr/state_plugins/log.py +85 -0
- angr/state_plugins/loop_data.py +92 -0
- angr/state_plugins/plugin.py +155 -0
- angr/state_plugins/posix.py +709 -0
- angr/state_plugins/preconstrainer.py +195 -0
- angr/state_plugins/scratch.py +175 -0
- angr/state_plugins/sim_action.py +334 -0
- angr/state_plugins/sim_action_object.py +148 -0
- angr/state_plugins/sim_event.py +58 -0
- angr/state_plugins/solver.py +1129 -0
- angr/state_plugins/symbolizer.py +292 -0
- angr/state_plugins/trace_additions.py +752 -0
- angr/state_plugins/uc_manager.py +85 -0
- angr/state_plugins/unicorn_engine.py +1899 -0
- angr/state_plugins/view.py +341 -0
- angr/storage/__init__.py +9 -0
- angr/storage/file.py +1219 -0
- angr/storage/memory_mixins/__init__.py +393 -0
- angr/storage/memory_mixins/__init__.pyi +49 -0
- angr/storage/memory_mixins/actions_mixin.py +69 -0
- angr/storage/memory_mixins/address_concretization_mixin.py +388 -0
- angr/storage/memory_mixins/bvv_conversion_mixin.py +74 -0
- angr/storage/memory_mixins/clouseau_mixin.py +131 -0
- angr/storage/memory_mixins/conditional_store_mixin.py +24 -0
- angr/storage/memory_mixins/convenient_mappings_mixin.py +257 -0
- angr/storage/memory_mixins/default_filler_mixin.py +146 -0
- angr/storage/memory_mixins/dirty_addrs_mixin.py +9 -0
- angr/storage/memory_mixins/hex_dumper_mixin.py +85 -0
- angr/storage/memory_mixins/javavm_memory/__init__.py +1 -0
- angr/storage/memory_mixins/javavm_memory/javavm_memory_mixin.py +394 -0
- angr/storage/memory_mixins/keyvalue_memory/__init__.py +1 -0
- angr/storage/memory_mixins/keyvalue_memory/keyvalue_memory_mixin.py +36 -0
- angr/storage/memory_mixins/label_merger_mixin.py +31 -0
- angr/storage/memory_mixins/multi_value_merger_mixin.py +68 -0
- angr/storage/memory_mixins/name_resolution_mixin.py +70 -0
- angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
- angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +750 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +63 -0
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +33 -0
- angr/storage/memory_mixins/paged_memory/pages/cooperation.py +330 -0
- angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +87 -0
- angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +53 -0
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +346 -0
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +290 -0
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +434 -0
- angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +33 -0
- angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +51 -0
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +468 -0
- angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
- angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +73 -0
- angr/storage/memory_mixins/regioned_memory/__init__.py +6 -0
- angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +35 -0
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +43 -0
- angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +7 -0
- angr/storage/memory_mixins/regioned_memory/region_data.py +245 -0
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +125 -0
- angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +118 -0
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +462 -0
- angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +70 -0
- angr/storage/memory_mixins/simple_interface_mixin.py +73 -0
- angr/storage/memory_mixins/simplification_mixin.py +13 -0
- angr/storage/memory_mixins/size_resolution_mixin.py +140 -0
- angr/storage/memory_mixins/slotted_memory.py +140 -0
- angr/storage/memory_mixins/smart_find_mixin.py +159 -0
- angr/storage/memory_mixins/symbolic_merger_mixin.py +12 -0
- angr/storage/memory_mixins/top_merger_mixin.py +24 -0
- angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
- angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
- angr/storage/memory_object.py +194 -0
- angr/storage/pcap.py +65 -0
- angr/tablespecs.py +90 -0
- angr/utils/__init__.py +33 -0
- angr/utils/algo.py +33 -0
- angr/utils/constants.py +7 -0
- angr/utils/cowdict.py +64 -0
- angr/utils/dynamic_dictlist.py +92 -0
- angr/utils/enums_conv.py +80 -0
- angr/utils/env.py +11 -0
- angr/utils/formatting.py +124 -0
- angr/utils/funcid.py +133 -0
- angr/utils/graph.py +822 -0
- angr/utils/lazy_import.py +12 -0
- angr/utils/library.py +214 -0
- angr/utils/loader.py +55 -0
- angr/utils/mp.py +64 -0
- angr/utils/segment_list.py +558 -0
- angr/utils/timing.py +45 -0
- angr/utils/typing.py +17 -0
- angr/vaults.py +370 -0
- angr-9.2.103.dist-info/LICENSE +24 -0
- angr-9.2.103.dist-info/METADATA +119 -0
- angr-9.2.103.dist-info/RECORD +1300 -0
- angr-9.2.103.dist-info/WHEEL +5 -0
- angr-9.2.103.dist-info/entry_points.txt +2 -0
- angr-9.2.103.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1098 @@
|
|
|
1
|
+
from itertools import count
|
|
2
|
+
from collections import defaultdict
|
|
3
|
+
import logging
|
|
4
|
+
|
|
5
|
+
import networkx
|
|
6
|
+
|
|
7
|
+
import ailment
|
|
8
|
+
from ailment import Block
|
|
9
|
+
from ailment.statement import ConditionalJump, Jump
|
|
10
|
+
from ailment.expression import Const
|
|
11
|
+
|
|
12
|
+
from angr.utils.graph import GraphUtils
|
|
13
|
+
from ...utils.graph import dfs_back_edges, subgraph_between_nodes, dominates, shallow_reverse
|
|
14
|
+
from .. import Analysis, register_analysis
|
|
15
|
+
from .structuring.structurer_nodes import MultiNode, ConditionNode, IncompleteSwitchCaseHeadStatement
|
|
16
|
+
from .graph_region import GraphRegion
|
|
17
|
+
from .condition_processor import ConditionProcessor
|
|
18
|
+
from .utils import replace_last_statement, first_nonlabel_statement, copy_graph
|
|
19
|
+
|
|
20
|
+
l = logging.getLogger(name=__name__)
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
# an ever-incrementing counter
|
|
24
|
+
CONDITIONNODE_ADDR = count(0xFF000000)
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
class RegionIdentifier(Analysis):
|
|
28
|
+
"""
|
|
29
|
+
Identifies regions within a function graph and creates a recursive GraphRegion object.
|
|
30
|
+
Note, that the analysis may modify the graph in-place. If you want to keep the original graph,
|
|
31
|
+
set the `update_graph` parameter to False.
|
|
32
|
+
"""
|
|
33
|
+
|
|
34
|
+
def __init__(
|
|
35
|
+
self,
|
|
36
|
+
func,
|
|
37
|
+
cond_proc=None,
|
|
38
|
+
graph=None,
|
|
39
|
+
update_graph=True,
|
|
40
|
+
largest_successor_tree_outside_loop=True,
|
|
41
|
+
force_loop_single_exit=True,
|
|
42
|
+
complete_successors=False,
|
|
43
|
+
):
|
|
44
|
+
self.function = func
|
|
45
|
+
self.cond_proc = (
|
|
46
|
+
cond_proc
|
|
47
|
+
if cond_proc is not None
|
|
48
|
+
else ConditionProcessor(
|
|
49
|
+
self.project.arch
|
|
50
|
+
if getattr(self, "project", None) is not None
|
|
51
|
+
else None # it's only None in test cases
|
|
52
|
+
)
|
|
53
|
+
)
|
|
54
|
+
self._graph = graph if graph is not None else self.function.graph
|
|
55
|
+
if not update_graph:
|
|
56
|
+
# copy the graph so updates don't affect the original graph
|
|
57
|
+
self._graph = copy_graph(self._graph)
|
|
58
|
+
|
|
59
|
+
self.region = None
|
|
60
|
+
self._start_node = None
|
|
61
|
+
self._loop_headers: list | None = None
|
|
62
|
+
self.regions_by_block_addrs = []
|
|
63
|
+
self._largest_successor_tree_outside_loop = largest_successor_tree_outside_loop
|
|
64
|
+
self._force_loop_single_exit = force_loop_single_exit
|
|
65
|
+
self._complete_successors = complete_successors
|
|
66
|
+
|
|
67
|
+
self._analyze()
|
|
68
|
+
|
|
69
|
+
@staticmethod
|
|
70
|
+
def slice_graph(graph, node, frontier, include_frontier=False):
|
|
71
|
+
"""
|
|
72
|
+
Generate a slice of the graph from the head node to the given frontier.
|
|
73
|
+
|
|
74
|
+
:param networkx.DiGraph graph: The graph to work on.
|
|
75
|
+
:param node: The starting node in the graph.
|
|
76
|
+
:param frontier: A list of frontier nodes.
|
|
77
|
+
:param bool include_frontier: Whether the frontier nodes are included in the slice or not.
|
|
78
|
+
:return: A subgraph.
|
|
79
|
+
:rtype: networkx.DiGraph
|
|
80
|
+
"""
|
|
81
|
+
|
|
82
|
+
subgraph = subgraph_between_nodes(graph, node, frontier, include_frontier=include_frontier)
|
|
83
|
+
if not list(subgraph.nodes):
|
|
84
|
+
# HACK: FIXME: for infinite loop nodes, this would return an empty set, so we include the loop body itself
|
|
85
|
+
# Make sure this makes sense (EDG thinks it does)
|
|
86
|
+
if (node, node) in graph.edges:
|
|
87
|
+
subgraph.add_edge(node, node)
|
|
88
|
+
return subgraph
|
|
89
|
+
|
|
90
|
+
def _analyze(self):
|
|
91
|
+
# make a copy of the graph
|
|
92
|
+
graph = networkx.DiGraph(self._graph)
|
|
93
|
+
|
|
94
|
+
# preprocess: make it a super graph
|
|
95
|
+
self._make_supergraph(graph)
|
|
96
|
+
|
|
97
|
+
self._start_node = self._get_start_node(graph)
|
|
98
|
+
|
|
99
|
+
self.region = self._make_regions(graph)
|
|
100
|
+
|
|
101
|
+
# make regions into block address lists
|
|
102
|
+
self.regions_by_block_addrs = self._make_regions_by_block_addrs()
|
|
103
|
+
|
|
104
|
+
def _make_regions_by_block_addrs(self) -> list[list[int]]:
|
|
105
|
+
"""
|
|
106
|
+
Creates a list of addr lists representing each region without recursion. A single region is defined
|
|
107
|
+
as a set of only blocks, no Graphs containing nested regions. The list contains the address of each
|
|
108
|
+
block in the region, including the heads of each recursive region.
|
|
109
|
+
|
|
110
|
+
@return: List of addr lists
|
|
111
|
+
"""
|
|
112
|
+
|
|
113
|
+
work_list = [self.region]
|
|
114
|
+
block_only_regions = []
|
|
115
|
+
seen_regions = set()
|
|
116
|
+
while work_list:
|
|
117
|
+
children_regions = []
|
|
118
|
+
for region in work_list:
|
|
119
|
+
children_blocks = []
|
|
120
|
+
for node in region.graph.nodes:
|
|
121
|
+
if isinstance(node, Block):
|
|
122
|
+
children_blocks.append(node.addr)
|
|
123
|
+
elif isinstance(node, MultiNode):
|
|
124
|
+
children_blocks += [n.addr for n in node.nodes]
|
|
125
|
+
elif isinstance(node, GraphRegion):
|
|
126
|
+
if node not in seen_regions:
|
|
127
|
+
children_regions.append(node)
|
|
128
|
+
children_blocks.append(node.head.addr)
|
|
129
|
+
seen_regions.add(node)
|
|
130
|
+
else:
|
|
131
|
+
continue
|
|
132
|
+
|
|
133
|
+
if children_blocks:
|
|
134
|
+
block_only_regions.append(children_blocks)
|
|
135
|
+
|
|
136
|
+
work_list = children_regions
|
|
137
|
+
|
|
138
|
+
return block_only_regions
|
|
139
|
+
|
|
140
|
+
def _get_start_node(self, graph: networkx.DiGraph):
|
|
141
|
+
try:
|
|
142
|
+
return next(n for n in graph.nodes() if graph.in_degree(n) == 0)
|
|
143
|
+
except StopIteration:
|
|
144
|
+
pass
|
|
145
|
+
|
|
146
|
+
try:
|
|
147
|
+
return next(n for n in graph.nodes() if n.addr == self.function.addr)
|
|
148
|
+
except StopIteration as ex:
|
|
149
|
+
raise RuntimeError("Cannot find the start node from the graph!") from ex
|
|
150
|
+
|
|
151
|
+
def _test_reducibility(self):
|
|
152
|
+
# make a copy of the graph
|
|
153
|
+
graph = networkx.DiGraph(self._graph)
|
|
154
|
+
|
|
155
|
+
# preprocess: make it a super graph
|
|
156
|
+
self._make_supergraph(graph)
|
|
157
|
+
|
|
158
|
+
while True:
|
|
159
|
+
changed = False
|
|
160
|
+
|
|
161
|
+
# find a node with a back-edge, remove the edge (deleting the loop), and replace it with a MultiNode
|
|
162
|
+
changed |= self._remove_self_loop(graph)
|
|
163
|
+
|
|
164
|
+
# find a node that has only one predecessor, and merge it with its predecessor (replace them with a
|
|
165
|
+
# MultiNode)
|
|
166
|
+
changed |= self._merge_single_entry_node(graph)
|
|
167
|
+
|
|
168
|
+
if not changed:
|
|
169
|
+
# a fixed-point is reached
|
|
170
|
+
break
|
|
171
|
+
|
|
172
|
+
# Flow graph reducibility, Hecht and Ullman
|
|
173
|
+
if len(graph.nodes) == 1:
|
|
174
|
+
return True
|
|
175
|
+
|
|
176
|
+
return False
|
|
177
|
+
|
|
178
|
+
def _make_supergraph(self, graph: networkx.DiGraph):
|
|
179
|
+
while True:
|
|
180
|
+
for src, dst, data in graph.edges(data=True):
|
|
181
|
+
type_ = data.get("type", None)
|
|
182
|
+
if type_ == "fake_return":
|
|
183
|
+
if len(list(graph.successors(src))) == 1 and len(list(graph.predecessors(dst))) == 1:
|
|
184
|
+
self._merge_nodes(graph, src, dst, force_multinode=True)
|
|
185
|
+
break
|
|
186
|
+
elif type_ == "call":
|
|
187
|
+
graph.remove_node(dst)
|
|
188
|
+
break
|
|
189
|
+
else:
|
|
190
|
+
break
|
|
191
|
+
|
|
192
|
+
def _find_loop_headers(self, graph: networkx.DiGraph) -> list:
|
|
193
|
+
heads = {t for _, t in dfs_back_edges(graph, self._start_node)}
|
|
194
|
+
return GraphUtils.quasi_topological_sort_nodes(graph, heads)
|
|
195
|
+
|
|
196
|
+
def _find_initial_loop_nodes(self, graph: networkx.DiGraph, head):
|
|
197
|
+
# TODO optimize
|
|
198
|
+
latching_nodes = {s for s, t in dfs_back_edges(graph, self._start_node) if t == head}
|
|
199
|
+
loop_subgraph = self.slice_graph(graph, head, latching_nodes, include_frontier=True)
|
|
200
|
+
|
|
201
|
+
# special case: any node with more than two non-self successors are probably the head of a switch-case. we
|
|
202
|
+
# should include all successors into the loop subgraph.
|
|
203
|
+
while True:
|
|
204
|
+
updated = False
|
|
205
|
+
for node in list(loop_subgraph):
|
|
206
|
+
nonself_successors = [succ for succ in graph.successors(node) if succ is not node]
|
|
207
|
+
if len(nonself_successors) > 2:
|
|
208
|
+
for succ in nonself_successors:
|
|
209
|
+
if not loop_subgraph.has_edge(node, succ):
|
|
210
|
+
updated = True
|
|
211
|
+
loop_subgraph.add_edge(node, succ)
|
|
212
|
+
if not updated:
|
|
213
|
+
break
|
|
214
|
+
|
|
215
|
+
nodes = set(loop_subgraph)
|
|
216
|
+
return nodes
|
|
217
|
+
|
|
218
|
+
def _refine_loop(self, graph: networkx.DiGraph, head, initial_loop_nodes, initial_exit_nodes):
|
|
219
|
+
if len(initial_exit_nodes) <= 1:
|
|
220
|
+
return initial_loop_nodes, initial_exit_nodes
|
|
221
|
+
|
|
222
|
+
refined_loop_nodes = initial_loop_nodes.copy()
|
|
223
|
+
refined_exit_nodes = initial_exit_nodes.copy()
|
|
224
|
+
|
|
225
|
+
# simple optimization: include all single-in-degree successors of existing loop nodes
|
|
226
|
+
while True:
|
|
227
|
+
added = set()
|
|
228
|
+
for exit_node in list(refined_exit_nodes):
|
|
229
|
+
if graph.in_degree[exit_node] == 1 and graph.out_degree[exit_node] <= 1:
|
|
230
|
+
added.add(exit_node)
|
|
231
|
+
refined_loop_nodes.add(exit_node)
|
|
232
|
+
refined_exit_nodes |= {
|
|
233
|
+
succ for succ in graph.successors(exit_node) if succ not in refined_loop_nodes
|
|
234
|
+
}
|
|
235
|
+
refined_exit_nodes.remove(exit_node)
|
|
236
|
+
if not added:
|
|
237
|
+
break
|
|
238
|
+
|
|
239
|
+
if len(refined_exit_nodes) <= 1:
|
|
240
|
+
return refined_loop_nodes, refined_exit_nodes
|
|
241
|
+
|
|
242
|
+
idom = networkx.immediate_dominators(graph, head)
|
|
243
|
+
|
|
244
|
+
new_exit_nodes = refined_exit_nodes
|
|
245
|
+
# a graph with only initial exit nodes and new loop nodes that are reachable from at least one initial exit
|
|
246
|
+
# node.
|
|
247
|
+
subgraph = networkx.DiGraph()
|
|
248
|
+
|
|
249
|
+
sorted_refined_exit_nodes = GraphUtils.quasi_topological_sort_nodes(graph, refined_exit_nodes)
|
|
250
|
+
while len(sorted_refined_exit_nodes) > 1 and new_exit_nodes:
|
|
251
|
+
# visit each node in refined_exit_nodes once and determine which nodes to consider as loop nodes
|
|
252
|
+
candidate_nodes = {}
|
|
253
|
+
for n in list(sorted_refined_exit_nodes):
|
|
254
|
+
if all((pred is n or pred in refined_loop_nodes) for pred in graph.predecessors(n)) and dominates(
|
|
255
|
+
idom, head, n
|
|
256
|
+
):
|
|
257
|
+
to_add = set(graph.successors(n)) - refined_loop_nodes
|
|
258
|
+
candidate_nodes[n] = to_add
|
|
259
|
+
|
|
260
|
+
# visit all candidate nodes and only consider candidates that will not be added as exit nodes
|
|
261
|
+
all_new_exit_candidates = set()
|
|
262
|
+
for new_exit_candidates in candidate_nodes.values():
|
|
263
|
+
all_new_exit_candidates |= new_exit_candidates
|
|
264
|
+
|
|
265
|
+
# to guarantee progressing, we must ensure all_new_exit_candidates cannot contain all candidate nodes
|
|
266
|
+
if all(n in all_new_exit_candidates for n in candidate_nodes):
|
|
267
|
+
all_new_exit_candidates = set()
|
|
268
|
+
|
|
269
|
+
# do the actual work
|
|
270
|
+
new_exit_nodes = set()
|
|
271
|
+
for n in candidate_nodes:
|
|
272
|
+
if n in all_new_exit_candidates:
|
|
273
|
+
continue
|
|
274
|
+
refined_loop_nodes.add(n)
|
|
275
|
+
sorted_refined_exit_nodes.remove(n)
|
|
276
|
+
to_add = set(graph.successors(n)) - refined_loop_nodes
|
|
277
|
+
new_exit_nodes |= to_add
|
|
278
|
+
for succ in to_add:
|
|
279
|
+
subgraph.add_edge(n, succ)
|
|
280
|
+
|
|
281
|
+
sorted_refined_exit_nodes += list(new_exit_nodes)
|
|
282
|
+
sorted_refined_exit_nodes = list(set(sorted_refined_exit_nodes))
|
|
283
|
+
sorted_refined_exit_nodes = GraphUtils.quasi_topological_sort_nodes(graph, sorted_refined_exit_nodes)
|
|
284
|
+
|
|
285
|
+
refined_exit_nodes = set(sorted_refined_exit_nodes)
|
|
286
|
+
refined_loop_nodes = refined_loop_nodes - refined_exit_nodes
|
|
287
|
+
|
|
288
|
+
if self._largest_successor_tree_outside_loop and not refined_exit_nodes:
|
|
289
|
+
# figure out the new successor tree with the highest number of nodes
|
|
290
|
+
initial_exit_to_newnodes = defaultdict(set)
|
|
291
|
+
newnode_to_initial_exits = defaultdict(set)
|
|
292
|
+
for initial_exit in initial_exit_nodes:
|
|
293
|
+
if initial_exit in subgraph:
|
|
294
|
+
for _, succs in networkx.bfs_successors(subgraph, initial_exit):
|
|
295
|
+
initial_exit_to_newnodes[initial_exit] |= set(succs)
|
|
296
|
+
for succ in succs:
|
|
297
|
+
newnode_to_initial_exits[succ].add(initial_exit)
|
|
298
|
+
|
|
299
|
+
for newnode, exits in newnode_to_initial_exits.items():
|
|
300
|
+
for exit_ in exits:
|
|
301
|
+
initial_exit_to_newnodes[exit_].add(newnode)
|
|
302
|
+
|
|
303
|
+
# filter initial_exit_to_newnodes and remove the subtrees with nodes that are reachable from nodes that are
|
|
304
|
+
# outside the current subtree
|
|
305
|
+
for initial_exit, subtree in list(initial_exit_to_newnodes.items()):
|
|
306
|
+
subtree_preds = set()
|
|
307
|
+
for node in subtree:
|
|
308
|
+
preds = set(graph.predecessors(node))
|
|
309
|
+
subtree_preds |= {pred for pred in preds if pred not in subtree}
|
|
310
|
+
if len(subtree_preds) > 1:
|
|
311
|
+
# early break
|
|
312
|
+
break
|
|
313
|
+
|
|
314
|
+
if len(subtree_preds) > 1:
|
|
315
|
+
# there is more than one out-of-tree predecessor. remove this subtree
|
|
316
|
+
del initial_exit_to_newnodes[initial_exit]
|
|
317
|
+
|
|
318
|
+
if initial_exit_to_newnodes:
|
|
319
|
+
tree_sizes = {exit_: len(initial_exit_to_newnodes[exit_]) for exit_ in initial_exit_to_newnodes}
|
|
320
|
+
max_tree_size = max(tree_sizes.values())
|
|
321
|
+
if list(tree_sizes.values()).count(max_tree_size) == 1:
|
|
322
|
+
tree_size_to_exit = {v: k for k, v in tree_sizes.items()}
|
|
323
|
+
max_size_exit = tree_size_to_exit[max_tree_size]
|
|
324
|
+
if all(len(newnode_to_initial_exits[nn]) == 1 for nn in initial_exit_to_newnodes[max_size_exit]):
|
|
325
|
+
refined_loop_nodes = (
|
|
326
|
+
refined_loop_nodes - initial_exit_to_newnodes[max_size_exit] - {max_size_exit}
|
|
327
|
+
)
|
|
328
|
+
refined_exit_nodes.add(max_size_exit)
|
|
329
|
+
|
|
330
|
+
return refined_loop_nodes, refined_exit_nodes
|
|
331
|
+
|
|
332
|
+
def _remove_self_loop(self, graph: networkx.DiGraph):
|
|
333
|
+
r = False
|
|
334
|
+
|
|
335
|
+
while True:
|
|
336
|
+
for node in graph.nodes():
|
|
337
|
+
if node in graph[node]:
|
|
338
|
+
# found a self loop
|
|
339
|
+
self._remove_node(graph, node)
|
|
340
|
+
r = True
|
|
341
|
+
break
|
|
342
|
+
else:
|
|
343
|
+
break
|
|
344
|
+
|
|
345
|
+
return r
|
|
346
|
+
|
|
347
|
+
def _merge_single_entry_node(self, graph: networkx.DiGraph):
|
|
348
|
+
r = False
|
|
349
|
+
|
|
350
|
+
while True:
|
|
351
|
+
for node in networkx.dfs_postorder_nodes(graph):
|
|
352
|
+
preds = graph.predecessors(node)
|
|
353
|
+
if len(preds) == 1:
|
|
354
|
+
# merge the two nodes
|
|
355
|
+
self._absorb_node(graph, preds[0], node)
|
|
356
|
+
r = True
|
|
357
|
+
break
|
|
358
|
+
else:
|
|
359
|
+
break
|
|
360
|
+
|
|
361
|
+
return r
|
|
362
|
+
|
|
363
|
+
def _make_regions(self, graph: networkx.DiGraph):
|
|
364
|
+
structured_loop_headers = set()
|
|
365
|
+
new_regions = []
|
|
366
|
+
|
|
367
|
+
# FIXME: _get_start_node() will fail if the graph is just a loop
|
|
368
|
+
|
|
369
|
+
# iteratively find and make loop regions
|
|
370
|
+
while True:
|
|
371
|
+
# find loop headers
|
|
372
|
+
self._loop_headers = self._find_loop_headers(graph)
|
|
373
|
+
if not self._loop_headers:
|
|
374
|
+
break
|
|
375
|
+
|
|
376
|
+
# Find all loops
|
|
377
|
+
while True:
|
|
378
|
+
restart = False
|
|
379
|
+
|
|
380
|
+
self._start_node = self._get_start_node(graph)
|
|
381
|
+
|
|
382
|
+
# re-find loop headers
|
|
383
|
+
self._loop_headers = self._find_loop_headers(graph)
|
|
384
|
+
if not self._loop_headers:
|
|
385
|
+
break
|
|
386
|
+
|
|
387
|
+
# Start from loops
|
|
388
|
+
for node in list(reversed(self._loop_headers)):
|
|
389
|
+
if node in structured_loop_headers:
|
|
390
|
+
continue
|
|
391
|
+
if node not in graph:
|
|
392
|
+
continue
|
|
393
|
+
region = self._make_cyclic_region(node, graph)
|
|
394
|
+
if region is None:
|
|
395
|
+
# failed to struct the loop region - remove the header node from loop headers
|
|
396
|
+
l.debug(
|
|
397
|
+
"Failed to structure a loop region starting at %#x. Remove it from loop headers.", node.addr
|
|
398
|
+
)
|
|
399
|
+
self._loop_headers.remove(node)
|
|
400
|
+
else:
|
|
401
|
+
l.debug("Structured a loop region %r.", region)
|
|
402
|
+
new_regions.append(region)
|
|
403
|
+
structured_loop_headers.add(node)
|
|
404
|
+
restart = True
|
|
405
|
+
break
|
|
406
|
+
|
|
407
|
+
if restart:
|
|
408
|
+
continue
|
|
409
|
+
|
|
410
|
+
break
|
|
411
|
+
|
|
412
|
+
new_regions.append(GraphRegion(self._get_start_node(graph), graph, None, None, False, None))
|
|
413
|
+
|
|
414
|
+
l.debug("Identified %d loop regions.", len(structured_loop_headers))
|
|
415
|
+
l.debug("No more loops left. Start structuring acyclic regions.")
|
|
416
|
+
# No more loops left. Structure acyclic regions.
|
|
417
|
+
while new_regions:
|
|
418
|
+
region = new_regions.pop(0)
|
|
419
|
+
head = region.head
|
|
420
|
+
subgraph = region.graph
|
|
421
|
+
|
|
422
|
+
failed_region_attempts = set()
|
|
423
|
+
while self._make_acyclic_region(
|
|
424
|
+
head, subgraph, region.graph_with_successors, failed_region_attempts, region.cyclic
|
|
425
|
+
):
|
|
426
|
+
if head not in subgraph:
|
|
427
|
+
# update head
|
|
428
|
+
head = next(iter(n for n in subgraph.nodes() if n.addr == head.addr))
|
|
429
|
+
|
|
430
|
+
head = next(iter(n for n in subgraph.nodes() if n.addr == head.addr))
|
|
431
|
+
region.head = head
|
|
432
|
+
|
|
433
|
+
if len(graph.nodes()) == 1 and isinstance(list(graph.nodes())[0], GraphRegion):
|
|
434
|
+
return list(graph.nodes())[0]
|
|
435
|
+
# create a large graph region
|
|
436
|
+
new_head = self._get_start_node(graph)
|
|
437
|
+
region = GraphRegion(new_head, graph, None, None, False, None)
|
|
438
|
+
return region
|
|
439
|
+
|
|
440
|
+
#
|
|
441
|
+
# Cyclic regions
|
|
442
|
+
#
|
|
443
|
+
|
|
444
|
+
def _make_cyclic_region(self, head, graph: networkx.DiGraph):
|
|
445
|
+
l.debug("Found cyclic region at %#08x", head.addr)
|
|
446
|
+
initial_loop_nodes = self._find_initial_loop_nodes(graph, head)
|
|
447
|
+
l.debug("Initial loop nodes %s", self._dbg_block_list(initial_loop_nodes))
|
|
448
|
+
|
|
449
|
+
# Make sure no other loops are contained in the current loop
|
|
450
|
+
if {n for n in initial_loop_nodes if n.addr != head.addr}.intersection(self._loop_headers):
|
|
451
|
+
return None
|
|
452
|
+
|
|
453
|
+
normal_entries = {n for n in graph.predecessors(head) if n not in initial_loop_nodes}
|
|
454
|
+
abnormal_entries = set()
|
|
455
|
+
for n in initial_loop_nodes:
|
|
456
|
+
if n == head:
|
|
457
|
+
continue
|
|
458
|
+
preds = set(graph.predecessors(n))
|
|
459
|
+
abnormal_entries |= preds - initial_loop_nodes
|
|
460
|
+
l.debug("Normal entries %s", self._dbg_block_list(normal_entries))
|
|
461
|
+
l.debug("Abnormal entries %s", self._dbg_block_list(abnormal_entries))
|
|
462
|
+
|
|
463
|
+
initial_exit_nodes = set()
|
|
464
|
+
for n in initial_loop_nodes:
|
|
465
|
+
succs = set(graph.successors(n))
|
|
466
|
+
initial_exit_nodes |= succs - initial_loop_nodes
|
|
467
|
+
|
|
468
|
+
l.debug("Initial exit nodes %s", self._dbg_block_list(initial_exit_nodes))
|
|
469
|
+
|
|
470
|
+
refined_loop_nodes, refined_exit_nodes = self._refine_loop(graph, head, initial_loop_nodes, initial_exit_nodes)
|
|
471
|
+
l.debug("Refined loop nodes %s", self._dbg_block_list(refined_loop_nodes))
|
|
472
|
+
l.debug("Refined exit nodes %s", self._dbg_block_list(refined_exit_nodes))
|
|
473
|
+
|
|
474
|
+
# make sure there is a jump statement to the outside at the end of each node going to exit nodes.
|
|
475
|
+
# this jump statement will be rewritten to a break statement during structuring.
|
|
476
|
+
for exit_node in refined_exit_nodes:
|
|
477
|
+
for pred in graph.predecessors(exit_node):
|
|
478
|
+
if pred in refined_loop_nodes:
|
|
479
|
+
self._ensure_jump_at_loop_exit_ends(pred)
|
|
480
|
+
|
|
481
|
+
if len(refined_exit_nodes) > 1:
|
|
482
|
+
# self._get_start_node(graph)
|
|
483
|
+
node_post_order = list(networkx.dfs_postorder_nodes(graph, head))
|
|
484
|
+
sorted_exit_nodes = sorted(list(refined_exit_nodes), key=node_post_order.index)
|
|
485
|
+
normal_exit_node = sorted_exit_nodes[0]
|
|
486
|
+
abnormal_exit_nodes = set(sorted_exit_nodes[1:])
|
|
487
|
+
else:
|
|
488
|
+
normal_exit_node = next(iter(refined_exit_nodes)) if len(refined_exit_nodes) > 0 else None
|
|
489
|
+
abnormal_exit_nodes = set()
|
|
490
|
+
|
|
491
|
+
region = self._abstract_cyclic_region(
|
|
492
|
+
graph, refined_loop_nodes, head, normal_entries, abnormal_entries, normal_exit_node, abnormal_exit_nodes
|
|
493
|
+
)
|
|
494
|
+
if len(region.successors) > 1 and self._force_loop_single_exit:
|
|
495
|
+
# multi-successor region. refinement is required
|
|
496
|
+
self._refine_loop_successors(region, graph)
|
|
497
|
+
|
|
498
|
+
return region
|
|
499
|
+
|
|
500
|
+
def _refine_loop_successors(self, region, graph: networkx.DiGraph):
|
|
501
|
+
"""
|
|
502
|
+
If there are multiple successors of a loop, convert them into conditional gotos. Eventually there should be
|
|
503
|
+
only one loop successor.
|
|
504
|
+
|
|
505
|
+
:param GraphRegion region: The cyclic region to refine.
|
|
506
|
+
:param networkx.DiGraph graph: The current graph that is being structured.
|
|
507
|
+
:return: None
|
|
508
|
+
"""
|
|
509
|
+
if len(region.successors) <= 1:
|
|
510
|
+
return
|
|
511
|
+
|
|
512
|
+
# recover reaching conditions
|
|
513
|
+
self.cond_proc.recover_reaching_conditions(region, with_successors=True)
|
|
514
|
+
|
|
515
|
+
successors = list(region.successors)
|
|
516
|
+
|
|
517
|
+
condnode_addr = next(CONDITIONNODE_ADDR)
|
|
518
|
+
# create a new successor
|
|
519
|
+
cond = ConditionNode(
|
|
520
|
+
condnode_addr,
|
|
521
|
+
None,
|
|
522
|
+
self.cond_proc.reaching_conditions[successors[0]],
|
|
523
|
+
successors[0],
|
|
524
|
+
false_node=None,
|
|
525
|
+
)
|
|
526
|
+
for succ in successors[1:]:
|
|
527
|
+
cond = ConditionNode(
|
|
528
|
+
condnode_addr,
|
|
529
|
+
None,
|
|
530
|
+
self.cond_proc.reaching_conditions[succ],
|
|
531
|
+
succ,
|
|
532
|
+
false_node=cond,
|
|
533
|
+
)
|
|
534
|
+
|
|
535
|
+
g = region.graph_with_successors
|
|
536
|
+
|
|
537
|
+
# modify region in place
|
|
538
|
+
region.successors = {cond}
|
|
539
|
+
for succ in successors:
|
|
540
|
+
for src, _, data in list(g.in_edges(succ, data=True)):
|
|
541
|
+
removed_edges = []
|
|
542
|
+
for src2src, _, data_ in list(g.in_edges(src, data=True)):
|
|
543
|
+
removed_edges.append((src2src, src, data_))
|
|
544
|
+
g.remove_edge(src2src, src)
|
|
545
|
+
g.remove_edge(src, succ)
|
|
546
|
+
|
|
547
|
+
# TODO: rewrite the conditional jumps in src so that it goes to cond-node instead.
|
|
548
|
+
|
|
549
|
+
# modify the last statement of src so that it jumps to cond
|
|
550
|
+
replaced_any_stmt = False
|
|
551
|
+
last_stmts = self.cond_proc.get_last_statements(src)
|
|
552
|
+
for last_stmt in last_stmts:
|
|
553
|
+
if isinstance(last_stmt, ConditionalJump):
|
|
554
|
+
if (
|
|
555
|
+
isinstance(last_stmt.true_target, ailment.Expr.Const)
|
|
556
|
+
and last_stmt.true_target.value == succ.addr
|
|
557
|
+
):
|
|
558
|
+
new_last_stmt = ConditionalJump(
|
|
559
|
+
last_stmt.idx,
|
|
560
|
+
last_stmt.condition,
|
|
561
|
+
ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
|
|
562
|
+
last_stmt.false_target,
|
|
563
|
+
ins_addr=last_stmt.ins_addr,
|
|
564
|
+
)
|
|
565
|
+
elif (
|
|
566
|
+
isinstance(last_stmt.false_target, ailment.Expr.Const)
|
|
567
|
+
and last_stmt.false_target.value == succ.addr
|
|
568
|
+
):
|
|
569
|
+
new_last_stmt = ConditionalJump(
|
|
570
|
+
last_stmt.idx,
|
|
571
|
+
last_stmt.condition,
|
|
572
|
+
last_stmt.true_target,
|
|
573
|
+
ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
|
|
574
|
+
ins_addr=last_stmt.ins_addr,
|
|
575
|
+
)
|
|
576
|
+
else:
|
|
577
|
+
# none of the two branches is jumping out of the loop
|
|
578
|
+
continue
|
|
579
|
+
elif isinstance(last_stmt, Jump):
|
|
580
|
+
if isinstance(last_stmt.target, ailment.Expr.Const):
|
|
581
|
+
new_last_stmt = Jump(
|
|
582
|
+
last_stmt.idx,
|
|
583
|
+
ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
|
|
584
|
+
ins_addr=last_stmt.ins_addr,
|
|
585
|
+
)
|
|
586
|
+
else:
|
|
587
|
+
# an indirect jump - might be a jump table. ignore it
|
|
588
|
+
continue
|
|
589
|
+
else:
|
|
590
|
+
l.error("Unexpected last_stmt type %s. Ignore.", type(last_stmt))
|
|
591
|
+
continue
|
|
592
|
+
replace_last_statement(src, last_stmt, new_last_stmt)
|
|
593
|
+
replaced_any_stmt = True
|
|
594
|
+
if not replaced_any_stmt:
|
|
595
|
+
l.warning("No statement was replaced. Is there anything wrong?")
|
|
596
|
+
# raise Exception()
|
|
597
|
+
|
|
598
|
+
# add src back
|
|
599
|
+
for src2src, _, data_ in removed_edges:
|
|
600
|
+
g.add_edge(src2src, src, **data_)
|
|
601
|
+
|
|
602
|
+
g.add_edge(src, cond, **data)
|
|
603
|
+
|
|
604
|
+
# modify graph
|
|
605
|
+
graph.add_edge(region, cond)
|
|
606
|
+
for succ in successors:
|
|
607
|
+
edge_data = graph.get_edge_data(region, succ)
|
|
608
|
+
graph.remove_edge(region, succ)
|
|
609
|
+
graph.add_edge(cond, succ, **edge_data)
|
|
610
|
+
|
|
611
|
+
#
|
|
612
|
+
# Acyclic regions
|
|
613
|
+
#
|
|
614
|
+
|
|
615
|
+
def _make_acyclic_region(self, head, graph: networkx.DiGraph, secondary_graph, failed_region_attempts, cyclic):
|
|
616
|
+
# pre-processing
|
|
617
|
+
|
|
618
|
+
# we need to create a copy of the original graph if
|
|
619
|
+
# - there are in edges to the head node, or
|
|
620
|
+
# - there are more than one end nodes
|
|
621
|
+
|
|
622
|
+
head_inedges = list(graph.in_edges(head))
|
|
623
|
+
if head_inedges:
|
|
624
|
+
# we need a copy of the graph to remove edges coming into the head
|
|
625
|
+
graph_copy = networkx.DiGraph(graph)
|
|
626
|
+
# remove any in-edge to the head node
|
|
627
|
+
for src, _ in head_inedges:
|
|
628
|
+
graph_copy.remove_edge(src, head)
|
|
629
|
+
else:
|
|
630
|
+
graph_copy = graph
|
|
631
|
+
|
|
632
|
+
endnodes = [node for node in graph_copy.nodes() if graph_copy.out_degree(node) == 0]
|
|
633
|
+
if len(endnodes) == 0:
|
|
634
|
+
# sanity check: there should be at least one end node
|
|
635
|
+
l.critical("No end node is found in a supposedly acyclic graph. Is it really acyclic?")
|
|
636
|
+
return False
|
|
637
|
+
|
|
638
|
+
add_dummy_endnode = False
|
|
639
|
+
if len(endnodes) > 1:
|
|
640
|
+
# if this graph has multiple end nodes: create a single end node
|
|
641
|
+
add_dummy_endnode = True
|
|
642
|
+
elif head_inedges and len(endnodes) == 1 and endnodes[0] not in list(graph.predecessors(head)):
|
|
643
|
+
# special case: there are in-edges to head, but the only end node is not a predecessor to head.
|
|
644
|
+
# in this case, we will want to put the end node and a predecessor of the head into the same region.
|
|
645
|
+
add_dummy_endnode = True
|
|
646
|
+
|
|
647
|
+
if add_dummy_endnode:
|
|
648
|
+
# we need a copy of the graph!
|
|
649
|
+
graph_copy = networkx.DiGraph(graph_copy)
|
|
650
|
+
dummy_endnode = "DUMMY_ENDNODE"
|
|
651
|
+
for endnode in endnodes:
|
|
652
|
+
graph_copy.add_edge(endnode, dummy_endnode)
|
|
653
|
+
endnodes = [dummy_endnode]
|
|
654
|
+
else:
|
|
655
|
+
dummy_endnode = None
|
|
656
|
+
|
|
657
|
+
# compute dominator tree
|
|
658
|
+
doms = networkx.immediate_dominators(graph_copy, head)
|
|
659
|
+
|
|
660
|
+
# compute post-dominator tree
|
|
661
|
+
inverted_graph = shallow_reverse(graph_copy)
|
|
662
|
+
postdoms = networkx.immediate_dominators(inverted_graph, endnodes[0])
|
|
663
|
+
|
|
664
|
+
# dominance frontiers
|
|
665
|
+
df = networkx.algorithms.dominance_frontiers(graph_copy, head)
|
|
666
|
+
|
|
667
|
+
# visit the nodes in post-order
|
|
668
|
+
for node in networkx.dfs_postorder_nodes(graph_copy, source=head):
|
|
669
|
+
if node is dummy_endnode:
|
|
670
|
+
# skip the dummy endnode
|
|
671
|
+
continue
|
|
672
|
+
if cyclic and node is head:
|
|
673
|
+
continue
|
|
674
|
+
|
|
675
|
+
out_degree = graph_copy.out_degree[node]
|
|
676
|
+
if out_degree == 0:
|
|
677
|
+
# the root element of the region hierarchy should always be a GraphRegion,
|
|
678
|
+
# so we transform it into one, if necessary
|
|
679
|
+
if graph_copy.in_degree(node) == 0 and not isinstance(node, GraphRegion):
|
|
680
|
+
subgraph = networkx.DiGraph()
|
|
681
|
+
subgraph.add_node(node)
|
|
682
|
+
self._abstract_acyclic_region(
|
|
683
|
+
graph,
|
|
684
|
+
GraphRegion(node, subgraph, None, None, False, None, cyclic_ancestor=cyclic),
|
|
685
|
+
[],
|
|
686
|
+
secondary_graph=secondary_graph,
|
|
687
|
+
)
|
|
688
|
+
continue
|
|
689
|
+
|
|
690
|
+
# test if this node is an entry to a single-entry, single-successor region
|
|
691
|
+
levels = 0
|
|
692
|
+
postdom_node = postdoms.get(node, None)
|
|
693
|
+
while postdom_node is not None:
|
|
694
|
+
if (node, postdom_node) not in failed_region_attempts:
|
|
695
|
+
if self._check_region(graph_copy, node, postdom_node, doms, df):
|
|
696
|
+
frontier = [postdom_node]
|
|
697
|
+
region = self._compute_region(
|
|
698
|
+
graph_copy, node, frontier, dummy_endnode=dummy_endnode, cyclic_ancestor=cyclic
|
|
699
|
+
)
|
|
700
|
+
if region is not None:
|
|
701
|
+
# update region.graph_with_successors
|
|
702
|
+
if secondary_graph is not None:
|
|
703
|
+
if self._complete_successors:
|
|
704
|
+
for nn in list(region.graph_with_successors.nodes):
|
|
705
|
+
original_successors = secondary_graph.successors(nn)
|
|
706
|
+
for succ in original_successors:
|
|
707
|
+
if not region.graph_with_successors.has_edge(nn, succ):
|
|
708
|
+
region.graph_with_successors.add_edge(nn, succ)
|
|
709
|
+
region.successors.add(succ)
|
|
710
|
+
else:
|
|
711
|
+
for nn in list(region.graph_with_successors.nodes):
|
|
712
|
+
original_successors = secondary_graph.successors(nn)
|
|
713
|
+
for succ in original_successors:
|
|
714
|
+
if succ not in graph_copy:
|
|
715
|
+
# the successor wasn't added to the graph because it does not belong
|
|
716
|
+
# to the frontier. we backpatch the successor graph here.
|
|
717
|
+
region.graph_with_successors.add_edge(nn, succ)
|
|
718
|
+
region.successors.add(succ)
|
|
719
|
+
|
|
720
|
+
# add edges between successors
|
|
721
|
+
for succ_0 in region.successors:
|
|
722
|
+
for succ_1 in region.successors:
|
|
723
|
+
if succ_0 is not succ_1:
|
|
724
|
+
if secondary_graph.has_edge(succ_0, succ_1):
|
|
725
|
+
region.graph_with_successors.add_edge(succ_0, succ_1)
|
|
726
|
+
|
|
727
|
+
# l.debug("Walked back %d levels in postdom tree.", levels)
|
|
728
|
+
l.debug("Node %r, frontier %r.", node, frontier)
|
|
729
|
+
# l.debug("Identified an acyclic region %s.", self._dbg_block_list(region.graph.nodes()))
|
|
730
|
+
self._abstract_acyclic_region(
|
|
731
|
+
graph, region, frontier, dummy_endnode=dummy_endnode, secondary_graph=secondary_graph
|
|
732
|
+
)
|
|
733
|
+
# assert dummy_endnode not in graph
|
|
734
|
+
return True
|
|
735
|
+
|
|
736
|
+
failed_region_attempts.add((node, postdom_node))
|
|
737
|
+
if not dominates(doms, node, postdom_node):
|
|
738
|
+
break
|
|
739
|
+
if postdom_node is postdoms.get(postdom_node, None):
|
|
740
|
+
break
|
|
741
|
+
postdom_node = postdoms.get(postdom_node, None)
|
|
742
|
+
levels += 1
|
|
743
|
+
# l.debug("Walked back %d levels in postdom tree and did not find anything for %r. Next.", levels, node)
|
|
744
|
+
|
|
745
|
+
return False
|
|
746
|
+
|
|
747
|
+
@staticmethod
|
|
748
|
+
def _check_region(graph, start_node, end_node, doms, df):
|
|
749
|
+
"""
|
|
750
|
+
|
|
751
|
+
:param graph:
|
|
752
|
+
:param start_node:
|
|
753
|
+
:param end_node:
|
|
754
|
+
:param doms:
|
|
755
|
+
:param df:
|
|
756
|
+
:return:
|
|
757
|
+
"""
|
|
758
|
+
|
|
759
|
+
# if the exit node is the header of a loop that contains the start node, the dominance frontier should only
|
|
760
|
+
# contain the exit node.
|
|
761
|
+
if not dominates(doms, start_node, end_node):
|
|
762
|
+
frontier = df.get(start_node, set())
|
|
763
|
+
for node in frontier:
|
|
764
|
+
if node is not start_node and node is not end_node:
|
|
765
|
+
return False
|
|
766
|
+
|
|
767
|
+
# no edges should enter the region.
|
|
768
|
+
for node in df.get(end_node, set()):
|
|
769
|
+
if dominates(doms, start_node, node) and node is not end_node:
|
|
770
|
+
return False
|
|
771
|
+
|
|
772
|
+
# no edges should leave the region.
|
|
773
|
+
for node in df.get(start_node, set()):
|
|
774
|
+
if node is start_node or node is end_node:
|
|
775
|
+
continue
|
|
776
|
+
if node not in df.get(end_node, set()):
|
|
777
|
+
return False
|
|
778
|
+
for pred in graph.predecessors(node):
|
|
779
|
+
if dominates(doms, start_node, pred) and not dominates(doms, end_node, pred):
|
|
780
|
+
return False
|
|
781
|
+
|
|
782
|
+
return True
|
|
783
|
+
|
|
784
|
+
@staticmethod
|
|
785
|
+
def _compute_region(graph, node, frontier, include_frontier=False, dummy_endnode=None, cyclic_ancestor=False):
|
|
786
|
+
subgraph = networkx.DiGraph()
|
|
787
|
+
frontier_edges = []
|
|
788
|
+
queue = [node]
|
|
789
|
+
traversed = set()
|
|
790
|
+
|
|
791
|
+
while queue:
|
|
792
|
+
node_ = queue.pop()
|
|
793
|
+
if node_ in frontier:
|
|
794
|
+
continue
|
|
795
|
+
traversed.add(node_)
|
|
796
|
+
subgraph.add_node(node_)
|
|
797
|
+
|
|
798
|
+
for succ in graph.successors(node_):
|
|
799
|
+
edge_data = graph.get_edge_data(node_, succ)
|
|
800
|
+
|
|
801
|
+
if node_ in frontier and succ in traversed:
|
|
802
|
+
if include_frontier:
|
|
803
|
+
# if frontier nodes are included, do not keep traversing their successors
|
|
804
|
+
# however, if it has an edge to an already traversed node, we should add that edge
|
|
805
|
+
subgraph.add_edge(node_, succ, **edge_data)
|
|
806
|
+
else:
|
|
807
|
+
frontier_edges.append((node_, succ, edge_data))
|
|
808
|
+
continue
|
|
809
|
+
|
|
810
|
+
if succ is dummy_endnode:
|
|
811
|
+
continue
|
|
812
|
+
|
|
813
|
+
if succ in frontier:
|
|
814
|
+
if not include_frontier:
|
|
815
|
+
# skip all frontier nodes
|
|
816
|
+
frontier_edges.append((node_, succ, edge_data))
|
|
817
|
+
continue
|
|
818
|
+
subgraph.add_edge(node_, succ, **edge_data)
|
|
819
|
+
if succ in traversed:
|
|
820
|
+
continue
|
|
821
|
+
queue.append(succ)
|
|
822
|
+
|
|
823
|
+
if dummy_endnode is not None:
|
|
824
|
+
frontier = {n for n in frontier if n is not dummy_endnode}
|
|
825
|
+
|
|
826
|
+
if subgraph.number_of_nodes() > 1:
|
|
827
|
+
subgraph_with_frontier = networkx.DiGraph(subgraph)
|
|
828
|
+
for src, dst, edge_data in frontier_edges:
|
|
829
|
+
if dst is not dummy_endnode:
|
|
830
|
+
subgraph_with_frontier.add_edge(src, dst, **edge_data)
|
|
831
|
+
# assert dummy_endnode not in frontier
|
|
832
|
+
# assert dummy_endnode not in subgraph_with_frontier
|
|
833
|
+
return GraphRegion(
|
|
834
|
+
node, subgraph, frontier, subgraph_with_frontier, False, None, cyclic_ancestor=cyclic_ancestor
|
|
835
|
+
)
|
|
836
|
+
else:
|
|
837
|
+
return None
|
|
838
|
+
|
|
839
|
+
def _abstract_acyclic_region(
|
|
840
|
+
self, graph: networkx.DiGraph, region, frontier, dummy_endnode=None, secondary_graph=None
|
|
841
|
+
):
|
|
842
|
+
in_edges = self._region_in_edges(graph, region, data=True)
|
|
843
|
+
out_edges = self._region_out_edges(graph, region, data=True)
|
|
844
|
+
|
|
845
|
+
nodes_set = set()
|
|
846
|
+
for node_ in list(region.graph.nodes()):
|
|
847
|
+
nodes_set.add(node_)
|
|
848
|
+
if node_ is not dummy_endnode:
|
|
849
|
+
graph.remove_node(node_)
|
|
850
|
+
|
|
851
|
+
graph.add_node(region)
|
|
852
|
+
|
|
853
|
+
for src, _, data in in_edges:
|
|
854
|
+
if src not in nodes_set:
|
|
855
|
+
graph.add_edge(src, region, **data)
|
|
856
|
+
|
|
857
|
+
for _, dst, data in out_edges:
|
|
858
|
+
if dst not in nodes_set:
|
|
859
|
+
graph.add_edge(region, dst, **data)
|
|
860
|
+
|
|
861
|
+
if frontier:
|
|
862
|
+
for frontier_node in frontier:
|
|
863
|
+
if frontier_node is not dummy_endnode:
|
|
864
|
+
graph.add_edge(region, frontier_node)
|
|
865
|
+
|
|
866
|
+
if secondary_graph is not None:
|
|
867
|
+
self._abstract_acyclic_region(secondary_graph, region, {})
|
|
868
|
+
|
|
869
|
+
@staticmethod
|
|
870
|
+
def _abstract_cyclic_region(
|
|
871
|
+
graph: networkx.DiGraph,
|
|
872
|
+
loop_nodes,
|
|
873
|
+
head,
|
|
874
|
+
normal_entries,
|
|
875
|
+
abnormal_entries,
|
|
876
|
+
normal_exit_node,
|
|
877
|
+
abnormal_exit_nodes,
|
|
878
|
+
):
|
|
879
|
+
region = GraphRegion(head, None, None, None, True, None)
|
|
880
|
+
|
|
881
|
+
subgraph = networkx.DiGraph()
|
|
882
|
+
region_outedges = []
|
|
883
|
+
|
|
884
|
+
delayed_edges = []
|
|
885
|
+
|
|
886
|
+
full_graph = networkx.DiGraph()
|
|
887
|
+
|
|
888
|
+
for node in loop_nodes:
|
|
889
|
+
subgraph.add_node(node)
|
|
890
|
+
in_edges = list(graph.in_edges(node, data=True))
|
|
891
|
+
out_edges = list(graph.out_edges(node, data=True))
|
|
892
|
+
|
|
893
|
+
for src, dst, data in in_edges:
|
|
894
|
+
full_graph.add_edge(src, dst, **data)
|
|
895
|
+
if src in loop_nodes:
|
|
896
|
+
subgraph.add_edge(src, dst, **data)
|
|
897
|
+
elif src == region:
|
|
898
|
+
subgraph.add_edge(head, dst, **data)
|
|
899
|
+
elif src in normal_entries:
|
|
900
|
+
# graph.add_edge(src, region, **data)
|
|
901
|
+
delayed_edges.append((src, region, data))
|
|
902
|
+
elif src in abnormal_entries:
|
|
903
|
+
data["region_dst_node"] = dst
|
|
904
|
+
# graph.add_edge(src, region, **data)
|
|
905
|
+
delayed_edges.append((src, region, data))
|
|
906
|
+
else:
|
|
907
|
+
assert 0
|
|
908
|
+
|
|
909
|
+
for src, dst, data in out_edges:
|
|
910
|
+
full_graph.add_edge(src, dst, **data)
|
|
911
|
+
if dst in loop_nodes:
|
|
912
|
+
subgraph.add_edge(src, dst, **data)
|
|
913
|
+
elif dst == region:
|
|
914
|
+
subgraph.add_edge(src, head, **data)
|
|
915
|
+
elif dst == normal_exit_node:
|
|
916
|
+
region_outedges.append((node, dst))
|
|
917
|
+
# graph.add_edge(region, dst, **data)
|
|
918
|
+
delayed_edges.append((region, dst, data))
|
|
919
|
+
elif dst in abnormal_exit_nodes:
|
|
920
|
+
region_outedges.append((node, dst))
|
|
921
|
+
# data['region_src_node'] = src
|
|
922
|
+
# graph.add_edge(region, dst, **data)
|
|
923
|
+
delayed_edges.append((region, dst, data))
|
|
924
|
+
else:
|
|
925
|
+
assert 0
|
|
926
|
+
|
|
927
|
+
subgraph_with_exits = networkx.DiGraph(subgraph)
|
|
928
|
+
for src, dst in region_outedges:
|
|
929
|
+
subgraph_with_exits.add_edge(src, dst)
|
|
930
|
+
region.graph = subgraph
|
|
931
|
+
region.graph_with_successors = subgraph_with_exits
|
|
932
|
+
if normal_exit_node is not None:
|
|
933
|
+
region.successors = [normal_exit_node]
|
|
934
|
+
else:
|
|
935
|
+
region.successors = []
|
|
936
|
+
region.successors += list(abnormal_exit_nodes)
|
|
937
|
+
|
|
938
|
+
for succ_0 in region.successors:
|
|
939
|
+
for succ_1 in region.successors:
|
|
940
|
+
if succ_0 is not succ_1:
|
|
941
|
+
if graph.has_edge(succ_0, succ_1):
|
|
942
|
+
region.graph_with_successors.add_edge(succ_0, succ_1)
|
|
943
|
+
|
|
944
|
+
for node in loop_nodes:
|
|
945
|
+
graph.remove_node(node)
|
|
946
|
+
|
|
947
|
+
# add delayed edges
|
|
948
|
+
graph.add_node(region)
|
|
949
|
+
for src, dst, data in delayed_edges:
|
|
950
|
+
graph.add_edge(src, dst, **data)
|
|
951
|
+
|
|
952
|
+
region.full_graph = full_graph
|
|
953
|
+
|
|
954
|
+
return region
|
|
955
|
+
|
|
956
|
+
@staticmethod
|
|
957
|
+
def _region_in_edges(graph, region, data=False):
|
|
958
|
+
return list(graph.in_edges(region.head, data=data))
|
|
959
|
+
|
|
960
|
+
@staticmethod
|
|
961
|
+
def _region_out_edges(graph, region, data=False):
|
|
962
|
+
out_edges = []
|
|
963
|
+
for node in region.graph.nodes():
|
|
964
|
+
out_ = graph.out_edges(node, data=data)
|
|
965
|
+
for _, dst, data_ in out_:
|
|
966
|
+
if dst in region.graph:
|
|
967
|
+
continue
|
|
968
|
+
out_edges.append((region, dst, data_))
|
|
969
|
+
return out_edges
|
|
970
|
+
|
|
971
|
+
def _remove_node(self, graph: networkx.DiGraph, node): # pylint:disable=no-self-use
|
|
972
|
+
in_edges = [(src, dst, data) for (src, dst, data) in graph.in_edges(node, data=True) if src is not node]
|
|
973
|
+
out_edges = [(src, dst, data) for (src, dst, data) in graph.out_edges(node, data=True) if dst is not node]
|
|
974
|
+
|
|
975
|
+
if len(in_edges) <= 1 and len(out_edges) <= 1:
|
|
976
|
+
# it forms a region by itself :-)
|
|
977
|
+
new_node = None
|
|
978
|
+
|
|
979
|
+
else:
|
|
980
|
+
new_node = MultiNode([node])
|
|
981
|
+
|
|
982
|
+
graph.remove_node(node)
|
|
983
|
+
|
|
984
|
+
if new_node is not None:
|
|
985
|
+
for src, _, data in in_edges:
|
|
986
|
+
graph.add_edge(src, new_node, **data)
|
|
987
|
+
|
|
988
|
+
for _, dst, data in out_edges:
|
|
989
|
+
graph.add_edge(new_node, dst, **data)
|
|
990
|
+
|
|
991
|
+
def _merge_nodes(
|
|
992
|
+
self, graph: networkx.DiGraph, node_a, node_b, force_multinode=False
|
|
993
|
+
): # pylint:disable=no-self-use
|
|
994
|
+
in_edges = list(graph.in_edges(node_a, data=True))
|
|
995
|
+
out_edges = list(graph.out_edges(node_b, data=True))
|
|
996
|
+
|
|
997
|
+
if not force_multinode and len(in_edges) <= 1 and len(out_edges) <= 1:
|
|
998
|
+
# it forms a region by itself :-)
|
|
999
|
+
new_node = None
|
|
1000
|
+
|
|
1001
|
+
else:
|
|
1002
|
+
new_node = MultiNode([node_a, node_b])
|
|
1003
|
+
|
|
1004
|
+
graph.remove_node(node_a)
|
|
1005
|
+
graph.remove_node(node_b)
|
|
1006
|
+
|
|
1007
|
+
if new_node is not None:
|
|
1008
|
+
graph.add_node(new_node)
|
|
1009
|
+
|
|
1010
|
+
for src, _, data in in_edges:
|
|
1011
|
+
if src is node_b:
|
|
1012
|
+
src = new_node
|
|
1013
|
+
graph.add_edge(src, new_node, **data)
|
|
1014
|
+
|
|
1015
|
+
for _, dst, data in out_edges:
|
|
1016
|
+
if dst is node_a:
|
|
1017
|
+
dst = new_node
|
|
1018
|
+
graph.add_edge(new_node, dst, **data)
|
|
1019
|
+
|
|
1020
|
+
assert node_a not in graph
|
|
1021
|
+
assert node_b not in graph
|
|
1022
|
+
|
|
1023
|
+
def _absorb_node(
|
|
1024
|
+
self, graph: networkx.DiGraph, node_mommy, node_kiddie, force_multinode=False
|
|
1025
|
+
): # pylint:disable=no-self-use
|
|
1026
|
+
in_edges_mommy = graph.in_edges(node_mommy, data=True)
|
|
1027
|
+
out_edges_mommy = graph.out_edges(node_mommy, data=True)
|
|
1028
|
+
out_edges_kiddie = graph.out_edges(node_kiddie, data=True)
|
|
1029
|
+
|
|
1030
|
+
if not force_multinode and len(in_edges_mommy) <= 1 and len(out_edges_kiddie) <= 1:
|
|
1031
|
+
# it forms a region by itself :-)
|
|
1032
|
+
new_node = None
|
|
1033
|
+
|
|
1034
|
+
else:
|
|
1035
|
+
new_node = MultiNode([node_mommy, node_kiddie])
|
|
1036
|
+
|
|
1037
|
+
graph.remove_node(node_mommy)
|
|
1038
|
+
graph.remove_node(node_kiddie)
|
|
1039
|
+
|
|
1040
|
+
if new_node is not None:
|
|
1041
|
+
graph.add_node(new_node)
|
|
1042
|
+
|
|
1043
|
+
for src, _, data in in_edges_mommy:
|
|
1044
|
+
if src == node_kiddie:
|
|
1045
|
+
src = new_node
|
|
1046
|
+
graph.add_edge(src, new_node, **data)
|
|
1047
|
+
|
|
1048
|
+
for _, dst, data in out_edges_mommy:
|
|
1049
|
+
if dst == node_kiddie:
|
|
1050
|
+
continue
|
|
1051
|
+
if dst == node_mommy:
|
|
1052
|
+
dst = new_node
|
|
1053
|
+
graph.add_edge(new_node, dst, **data)
|
|
1054
|
+
|
|
1055
|
+
for _, dst, data in out_edges_kiddie:
|
|
1056
|
+
if dst == node_mommy:
|
|
1057
|
+
dst = new_node
|
|
1058
|
+
graph.add_edge(new_node, dst, **data)
|
|
1059
|
+
|
|
1060
|
+
assert node_mommy not in graph
|
|
1061
|
+
assert node_kiddie not in graph
|
|
1062
|
+
|
|
1063
|
+
def _ensure_jump_at_loop_exit_ends(self, node: Block | MultiNode) -> None:
|
|
1064
|
+
if isinstance(node, Block):
|
|
1065
|
+
if not node.statements:
|
|
1066
|
+
node.statements.append(
|
|
1067
|
+
Jump(
|
|
1068
|
+
None,
|
|
1069
|
+
Const(None, None, node.addr + node.original_size, self.project.arch.bits),
|
|
1070
|
+
ins_addr=node.addr,
|
|
1071
|
+
)
|
|
1072
|
+
)
|
|
1073
|
+
else:
|
|
1074
|
+
if not isinstance(first_nonlabel_statement(node), ConditionalJump) and not isinstance(
|
|
1075
|
+
node.statements[-1],
|
|
1076
|
+
(
|
|
1077
|
+
Jump,
|
|
1078
|
+
ConditionalJump,
|
|
1079
|
+
IncompleteSwitchCaseHeadStatement,
|
|
1080
|
+
),
|
|
1081
|
+
):
|
|
1082
|
+
node.statements.append(
|
|
1083
|
+
Jump(
|
|
1084
|
+
None,
|
|
1085
|
+
Const(None, None, node.addr + node.original_size, self.project.arch.bits),
|
|
1086
|
+
ins_addr=node.addr,
|
|
1087
|
+
)
|
|
1088
|
+
)
|
|
1089
|
+
elif isinstance(node, MultiNode):
|
|
1090
|
+
if node.nodes:
|
|
1091
|
+
self._ensure_jump_at_loop_exit_ends(node.nodes[-1])
|
|
1092
|
+
|
|
1093
|
+
@staticmethod
|
|
1094
|
+
def _dbg_block_list(blocks):
|
|
1095
|
+
return [(hex(b.addr) if hasattr(b, "addr") else repr(b)) for b in blocks]
|
|
1096
|
+
|
|
1097
|
+
|
|
1098
|
+
register_analysis(RegionIdentifier, "RegionIdentifier")
|