angr 9.2.125__py3-none-win_amd64.whl → 9.2.126__py3-none-win_amd64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.125"
+__version__ = "9.2.126"
 
 if bytes is str:
     raise Exception(

angr/analyses/__init__.py

@@ -53,6 +53,8 @@ from .codecave import CodeCaveAnalysis
 from .patchfinder import PatchFinderAnalysis
 from .pathfinder import Pathfinder
 from .smc import SelfModifyingCodeAnalysis
+from .unpacker import PackingDetector
+from . import deobfuscator
 
 
 __all__ = (
@@ -109,4 +111,6 @@ __all__ = (
     "PatchFinderAnalysis",
     "Pathfinder",
     "SelfModifyingCodeAnalysis",
+    "PackingDetector",
+    "deobfuscator",
 )

angr/analyses/decompiler/ail_simplifier.py

@@ -872,6 +872,7 @@ class AILSimplifier(Analysis):
                         Const(None, None, eq.atom0.addr, self.project.arch.bits),
                         eq.atom0.size,
                         endness=self.project.arch.memory_endness,
+                        **eq.atom1.tags,
                     )
                 elif isinstance(eq.atom0, VirtualVariable) and eq.atom0.was_reg:
                     if isinstance(eq.atom1, VirtualVariable) and eq.atom1.was_reg:

angr/analyses/decompiler/callsite_maker.py

@@ -157,7 +157,15 @@ class CallSiteMaker(Analysis):
                         )
                         args.append(vvar_use)
                     else:
-                        args.append(Expr.Register(self._atom_idx(), None, offset, size * 8, reg_name=arg_loc.reg_name))
+                        reg = Expr.Register(
+                            self._atom_idx(),
+                            None,
+                            offset,
+                            size * 8,
+                            reg_name=arg_loc.reg_name,
+                            ins_addr=last_stmt.ins_addr,
+                        )
+                        args.append(reg)
                 elif isinstance(arg_loc, SimStackArg):
                     stack_arg_locs.append(arg_loc)
                     _, the_arg = self._resolve_stack_argument(call_stmt, arg_loc)

angr/analyses/decompiler/clinic.py

@@ -1812,7 +1812,7 @@ class Clinic(Analysis):
                 s = self.kb.custom_strings[expr.value]
                 expr.tags["reference_values"] = {
                     SimTypePointer(SimTypeChar().with_arch(self.project.arch)).with_arch(self.project.arch): s.decode(
-                        "ascii"
+                        "latin-1"
                     ),
                 }
             else:

angr/analyses/decompiler/condition_processor.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 from collections import defaultdict, OrderedDict
 from typing import Any
+from collections.abc import Callable
 from collections.abc import Generator
 import operator
 import logging
@@ -80,17 +81,17 @@ _INVERSE_OPERATIONS = {
 #
 
 
-def _op_with_unified_size(op, conv, operand0, operand1):
+def _op_with_unified_size(op, conv: Callable, operand0, operand1, ins_addr: int):
     # ensure operand1 is of the same size as operand0
     if isinstance(operand1, ailment.Expr.Const):
         # amazing - we do the easy thing here
-        return op(conv(operand0, nobool=True), operand1.value)
+        return op(conv(operand0, nobool=True, ins_addr=ins_addr), operand1.value)
     if operand1.bits == operand0.bits:
-        return op(conv(operand0, nobool=True), conv(operand1))
+        return op(conv(operand0, nobool=True, ins_addr=ins_addr), conv(operand1, ins_addr=ins_addr))
     # extension is required
     assert operand1.bits < operand0.bits
     operand1 = ailment.Expr.Convert(None, operand1.bits, operand0.bits, False, operand1)
-    return op(conv(operand0, nobool=True), conv(operand1, nobool=True))
+    return op(conv(operand0, nobool=True, ins_addr=ins_addr), conv(operand1, nobool=True, ins_addr=ins_addr))
 
 
 def _dummy_bvs(condition, condition_mapping, name_suffix=""):
@@ -106,62 +107,94 @@ def _dummy_bools(condition, condition_mapping, name_suffix=""):
 
 
 _ail2claripy_op_mapping = {
-    "LogicalAnd": lambda expr, conv, _: claripy.And(conv(expr.operands[0]), conv(expr.operands[1])),
-    "LogicalOr": lambda expr, conv, _: claripy.Or(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CmpEQ": lambda expr, conv, _: conv(expr.operands[0]) == conv(expr.operands[1]),
-    "CmpNE": lambda expr, conv, _: conv(expr.operands[0]) != conv(expr.operands[1]),
-    "CmpLE": lambda expr, conv, _: conv(expr.operands[0]) <= conv(expr.operands[1]),
-    "CmpLEs": lambda expr, conv, _: claripy.SLE(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CmpLT": lambda expr, conv, _: conv(expr.operands[0]) < conv(expr.operands[1]),
-    "CmpLTs": lambda expr, conv, _: claripy.SLT(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CmpGE": lambda expr, conv, _: conv(expr.operands[0]) >= conv(expr.operands[1]),
-    "CmpGEs": lambda expr, conv, _: claripy.SGE(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CmpGT": lambda expr, conv, _: conv(expr.operands[0]) > conv(expr.operands[1]),
-    "CmpGTs": lambda expr, conv, _: claripy.SGT(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CasCmpEQ": lambda expr, conv, _: conv(expr.operands[0]) == conv(expr.operands[1]),
-    "CasCmpNE": lambda expr, conv, _: conv(expr.operands[0]) != conv(expr.operands[1]),
-    "CasCmpLE": lambda expr, conv, _: conv(expr.operands[0]) <= conv(expr.operands[1]),
-    "CasCmpLEs": lambda expr, conv, _: claripy.SLE(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CasCmpLT": lambda expr, conv, _: conv(expr.operands[0]) < conv(expr.operands[1]),
-    "CasCmpLTs": lambda expr, conv, _: claripy.SLT(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CasCmpGE": lambda expr, conv, _: conv(expr.operands[0]) >= conv(expr.operands[1]),
-    "CasCmpGEs": lambda expr, conv, _: claripy.SGE(conv(expr.operands[0]), conv(expr.operands[1])),
-    "CasCmpGT": lambda expr, conv, _: conv(expr.operands[0]) > conv(expr.operands[1]),
-    "CasCmpGTs": lambda expr, conv, _: claripy.SGT(conv(expr.operands[0]), conv(expr.operands[1])),
-    "Add": lambda expr, conv, _: conv(expr.operands[0], nobool=True) + conv(expr.operands[1], nobool=True),
-    "Sub": lambda expr, conv, _: conv(expr.operands[0], nobool=True) - conv(expr.operands[1], nobool=True),
-    "Mul": lambda expr, conv, _: conv(expr.operands[0], nobool=True) * conv(expr.operands[1], nobool=True),
-    "Div": lambda expr, conv, _: conv(expr.operands[0], nobool=True) / conv(expr.operands[1], nobool=True),
-    "Mod": lambda expr, conv, _: conv(expr.operands[0], nobool=True) % conv(expr.operands[1], nobool=True),
-    "Not": lambda expr, conv, _: claripy.Not(conv(expr.operand)),
-    "Neg": lambda expr, conv, _: -conv(expr.operand),
-    "BitwiseNeg": lambda expr, conv, _: ~conv(expr.operand),
-    "Xor": lambda expr, conv, _: conv(expr.operands[0], nobool=True) ^ conv(expr.operands[1], nobool=True),
-    "And": lambda expr, conv, _: conv(expr.operands[0], nobool=True) & conv(expr.operands[1], nobool=True),
-    "Or": lambda expr, conv, _: conv(expr.operands[0], nobool=True) | conv(expr.operands[1], nobool=True),
-    "Shr": lambda expr, conv, _: _op_with_unified_size(claripy.LShR, conv, expr.operands[0], expr.operands[1]),
-    "Shl": lambda expr, conv, _: _op_with_unified_size(operator.lshift, conv, expr.operands[0], expr.operands[1]),
-    "Sar": lambda expr, conv, _: _op_with_unified_size(operator.rshift, conv, expr.operands[0], expr.operands[1]),
-    "Concat": lambda expr, conv, _: claripy.Concat(*[conv(operand) for operand in expr.operands]),
+    "LogicalAnd": lambda expr, conv, _, ia: claripy.And(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "LogicalOr": lambda expr, conv, _, ia: claripy.Or(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) == conv(expr.operands[1], ins_addr=ia),
+    "CmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) != conv(expr.operands[1], ins_addr=ia),
+    "CmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) <= conv(expr.operands[1], ins_addr=ia),
+    "CmpLEs": lambda expr, conv, _, ia: claripy.SLE(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) < conv(expr.operands[1], ins_addr=ia),
+    "CmpLTs": lambda expr, conv, _, ia: claripy.SLT(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) >= conv(expr.operands[1], ins_addr=ia),
+    "CmpGEs": lambda expr, conv, _, ia: claripy.SGE(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) > conv(expr.operands[1], ins_addr=ia),
+    "CmpGTs": lambda expr, conv, _, ia: claripy.SGT(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CasCmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) == conv(expr.operands[1], ins_addr=ia),
+    "CasCmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) != conv(expr.operands[1], ins_addr=ia),
+    "CasCmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) <= conv(expr.operands[1], ins_addr=ia),
+    "CasCmpLEs": lambda expr, conv, _, ia: claripy.SLE(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CasCmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) < conv(expr.operands[1], ins_addr=ia),
+    "CasCmpLTs": lambda expr, conv, _, ia: claripy.SLT(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CasCmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) >= conv(expr.operands[1], ins_addr=ia),
+    "CasCmpGEs": lambda expr, conv, _, ia: claripy.SGE(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "CasCmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) > conv(expr.operands[1], ins_addr=ia),
+    "CasCmpGTs": lambda expr, conv, _, ia: claripy.SGT(
+        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+    ),
+    "Add": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    + conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Sub": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    - conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Mul": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    * conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Div": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    / conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Mod": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    % conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Not": lambda expr, conv, _, ia: claripy.Not(conv(expr.operand, ins_addr=ia)),
+    "Neg": lambda expr, conv, _, ia: -conv(expr.operand, ins_addr=ia),
+    "BitwiseNeg": lambda expr, conv, _, ia: ~conv(expr.operand, ins_addr=ia),
+    "Xor": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    ^ conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "And": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    & conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Or": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    | conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "Shr": lambda expr, conv, _, ia: _op_with_unified_size(claripy.LShR, conv, expr.operands[0], expr.operands[1], ia),
+    "Shl": lambda expr, conv, _, ia: _op_with_unified_size(
+        operator.lshift, conv, expr.operands[0], expr.operands[1], ia
+    ),
+    "Sar": lambda expr, conv, _, ia: _op_with_unified_size(
+        operator.rshift, conv, expr.operands[0], expr.operands[1], ia
+    ),
+    "Concat": lambda expr, conv, _, ia: claripy.Concat(*[conv(operand, ins_addr=ia) for operand in expr.operands]),
     # There are no corresponding claripy operations for the following operations
-    "DivMod": lambda expr, _, m: _dummy_bvs(expr, m),
-    "CmpF": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Mull": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Mulls": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Reinterpret": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Rol": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Ror": lambda expr, _, m: _dummy_bvs(expr, m),
-    "LogicalXor": lambda expr, _, m: _dummy_bvs(expr, m),
-    "Carry": lambda expr, _, m: _dummy_bvs(expr, m),
-    "SCarry": lambda expr, _, m: _dummy_bvs(expr, m),
-    "SBorrow": lambda expr, _, m: _dummy_bvs(expr, m),
-    "ExpCmpNE": lambda expr, _, m: _dummy_bools(expr, m),
-    "CmpORD": lambda expr, _, m: _dummy_bvs(expr, m),  # in case CmpORDRewriter fails
-    "GetMSBs": lambda expr, _, m: _dummy_bvs(expr, m),
-    "InterleaveLOV": lambda expr, _, m: _dummy_bvs(expr, m),
-    "InterleaveHIV": lambda expr, _, m: _dummy_bvs(expr, m),
+    "DivMod": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "CmpF": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Mull": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Mulls": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Reinterpret": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Rol": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Ror": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "LogicalXor": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "Carry": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "SCarry": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "SBorrow": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "ExpCmpNE": lambda expr, _, m, *args: _dummy_bools(expr, m),
+    "CmpORD": lambda expr, _, m, *args: _dummy_bvs(expr, m),  # in case CmpORDRewriter fails
+    "GetMSBs": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "InterleaveLOV": lambda expr, _, m, *args: _dummy_bvs(expr, m),
+    "InterleaveHIV": lambda expr, _, m, *args: _dummy_bvs(expr, m),
     # catch-all
-    "_DUMMY_": lambda expr, _, m: _dummy_bvs(expr, m),
+    "_DUMMY_": lambda expr, _, m, *args: _dummy_bvs(expr, m),
 }
 
 #
@@ -610,6 +643,7 @@ class ConditionProcessor:
                     ),
                     False,
                 ),
+                ins_addr=dst_block.addr,
             )
 
         if type(src_block) is ConditionalBreakNode:
@@ -638,10 +672,10 @@ class ConditionProcessor:
             if isinstance(last_stmt.target, ailment.Expr.Const):
                 return claripy.true()
             # indirect jump
-            target_ast = self.claripy_ast_from_ail_condition(last_stmt.target)
+            target_ast = self.claripy_ast_from_ail_condition(last_stmt.target, ins_addr=last_stmt.ins_addr)
             return target_ast == dst_block.addr
         if type(last_stmt) is ailment.Stmt.ConditionalJump:
-            bool_var = self.claripy_ast_from_ail_condition(last_stmt.condition)
+            bool_var = self.claripy_ast_from_ail_condition(last_stmt.condition, ins_addr=last_stmt.ins_addr)
             if isinstance(last_stmt.true_target, ailment.Expr.Const) and last_stmt.true_target.value == dst_block.addr:
                 return bool_var
             return claripy.Not(bool_var)
@@ -766,7 +800,7 @@ class ConditionProcessor:
             f"Condition variable {cond} has an unsupported operator {cond.op}. Consider implementing."
         )
 
-    def claripy_ast_from_ail_condition(self, condition, nobool: bool = False) -> claripy.ast.Bool:
+    def claripy_ast_from_ail_condition(self, condition, nobool: bool = False, *, ins_addr: int = 0) -> claripy.ast.Bool:
         # Unpack a condition all the way to the leaves
         if isinstance(condition, claripy.ast.Base):  # pylint:disable=isinstance-second-argument-not-valid-type
             return condition
@@ -782,20 +816,24 @@ class ConditionProcessor:
             # does it have a variable associated?
             if condition.variable is not None:
                 var = claripy.BVS(
-                    f"ailexpr_{condition!r}-{condition.variable.ident}", condition.bits, explicit_name=True
+                    f"ailexpr_{condition!r}-{condition.variable.ident}-{ins_addr:x}",
+                    condition.bits,
+                    explicit_name=True,
                 )
             else:
-                var = claripy.BVS(f"ailexpr_{condition!r}-{condition.idx}", condition.bits, explicit_name=True)
+                var = claripy.BVS(
+                    f"ailexpr_{condition!r}-{condition.idx}-{ins_addr:x}", condition.bits, explicit_name=True
+                )
             self._condition_mapping[var.args[0]] = condition
             return var
         if isinstance(condition, ailment.Expr.Convert):
             # convert is special. if it generates a 1-bit variable, it should be treated as a BoolS
             if condition.to_bits == 1:
-                var_ = self.claripy_ast_from_ail_condition(condition.operands[0])
+                var_ = self.claripy_ast_from_ail_condition(condition.operands[0], ins_addr=ins_addr)
                 name = "ailcond_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
                 var = claripy.BoolS(name, explicit_name=True)
             else:
-                var_ = self.claripy_ast_from_ail_condition(condition.operands[0])
+                var_ = self.claripy_ast_from_ail_condition(condition.operands[0], ins_addr=ins_addr)
                 name = "ailexpr_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
                 var = claripy.BVS(name, condition.to_bits, explicit_name=True)
             self._condition_mapping[var.args[0]] = condition
@@ -838,7 +876,7 @@ class ConditionProcessor:
                 condition.verbose_op,
             )
             lambda_expr = _ail2claripy_op_mapping["_DUMMY_"]
-        r = lambda_expr(condition, self.claripy_ast_from_ail_condition, self._condition_mapping)
+        r = lambda_expr(condition, self.claripy_ast_from_ail_condition, self._condition_mapping, ins_addr)
 
         if isinstance(r, claripy.ast.Bool) and nobool:
             r = claripy.BVS(f"ailexpr_from_bool_{r!r}", 1, explicit_name=True)

angr/analyses/decompiler/decompiler.py

@@ -70,6 +70,7 @@ class Decompiler(Analysis):
         update_memory_data: bool = True,
         generate_code: bool = True,
         use_cache: bool = True,
+        expr_collapse_depth: int = 16,
     ):
         if not isinstance(func, Function):
             func = self.kb.functions[func]
@@ -135,6 +136,7 @@ class Decompiler(Analysis):
         self.ail_graph: networkx.DiGraph | None = None
         self.vvar_id_start = None
         self._optimization_scratch: dict[str, Any] = {}
+        self.expr_collapse_depth = expr_collapse_depth
 
         if decompile:
             self._decompile()
@@ -333,6 +335,7 @@ class Decompiler(Analysis):
                 stmt_comments=old_codegen.stmt_comments if old_codegen is not None else None,
                 const_formats=old_codegen.const_formats if old_codegen is not None else None,
                 externs=clinic.externs,
+                binop_depth_cutoff=self.expr_collapse_depth,
                 **self.options_to_params(self.options_by_class["codegen"]),
             )
 

angr/analyses/decompiler/optimization_passes/__init__.py

@@ -1,5 +1,6 @@
 # pylint:disable=import-outside-toplevel
 from __future__ import annotations
+from typing import TYPE_CHECKING
 
 from archinfo import Arch
 
@@ -32,6 +33,10 @@ from .const_prop_reverter import ConstPropOptReverter
 from .call_stmt_rewriter import CallStatementRewriter
 from .duplication_reverter import DuplicationReverter
 
+if TYPE_CHECKING:
+    from angr.analyses.decompiler.presets import DecompilationPreset
+
+
 # order matters!
 ALL_OPTIMIZATION_PASSES = [
     RegisterSaveAreaSimplifier,
@@ -88,9 +93,18 @@ def get_optimization_passes(arch, platform):
     return passes
 
 
-def register_optimization_pass(opt_pass):
+def register_optimization_pass(opt_pass, *, presets: list[str | DecompilationPreset] | None = None):
     ALL_OPTIMIZATION_PASSES.append(opt_pass)
 
+    if presets:
+        from angr.analyses.decompiler.presets import DECOMPILATION_PRESETS
+
+        for preset in presets:
+            if isinstance(preset, str):
+                preset = DECOMPILATION_PRESETS[preset]  # intentionally raise a KeyError if the preset is not found
+            if opt_pass not in preset.opt_passes:
+                preset.opt_passes.append(opt_pass)
+
 
 __all__ = (
     "OptimizationPassStage",

angr/analyses/decompiler/return_maker.py

@@ -48,6 +48,7 @@ class ReturnMaker(AILGraphWalker):
                         reg[0],
                         ret_val.size * self.arch.byte_width,
                         reg_name=self.arch.translate_register_name(reg[0], ret_val.size),
+                        ins_addr=stmt.ins_addr,
                     )
                 )
             else:

angr/analyses/decompiler/ssailification/rewriting.py

@@ -119,6 +119,7 @@ class RewritingAnalysis(ForwardAnalysis[RewritingState, NodeType, object, object
                         self._ail_manager.next_atom(),
                         reg_bits,
                         src_and_vvars=[],  # back patch later
+                        ins_addr=node.addr,
                     )
                     phi_dst = VirtualVariable(
                         self._ail_manager.next_atom(),
@@ -126,6 +127,7 @@ class RewritingAnalysis(ForwardAnalysis[RewritingState, NodeType, object, object
                         reg_bits,
                         VirtualVariableCategory.REGISTER,
                         oident=reg_offset,
+                        ins_addr=node.addr,
                     )
 
                 case "stack":
@@ -135,6 +137,7 @@ class RewritingAnalysis(ForwardAnalysis[RewritingState, NodeType, object, object
                         self._ail_manager.next_atom(),
                         stack_size * self.project.arch.byte_width,
                         src_and_vvars=[],  # back patch later
+                        ins_addr=node.addr,
                     )
                     phi_dst = VirtualVariable(
                         self._ail_manager.next_atom(),
@@ -142,6 +145,7 @@ class RewritingAnalysis(ForwardAnalysis[RewritingState, NodeType, object, object
                         stack_size * self.project.arch.byte_width,
                         VirtualVariableCategory.STACK,
                         oident=stack_offset,
+                        ins_addr=node.addr,
                     )
                 case _:
                     raise NotImplementedError

angr/analyses/decompiler/ssailification/rewriting_engine.py

@@ -525,7 +525,7 @@ class SimEngineSSARewriting(
             **expr.tags,
         )
 
-    def _get_full_reg_vvar(self, reg_offset: int, size: int) -> VirtualVariable:
+    def _get_full_reg_vvar(self, reg_offset: int, size: int, ins_addr: int | None = None) -> VirtualVariable:
         base_off, base_size = get_reg_offset_base_and_size(reg_offset, self.arch, size=size)
         if (
             base_off not in self.state.registers
@@ -534,13 +534,16 @@ class SimEngineSSARewriting(
         ):
             # somehow it's never defined before...
             _l.debug("Creating a new virtual variable for an undefined register (%d [%d]).", base_off, base_size)
+            tags = {}
+            if ins_addr is not None:
+                tags["ins_addr"] = ins_addr
             vvar = VirtualVariable(
                 self.ail_manager.next_atom(),
                 self.next_vvar_id(),
                 base_size * self.arch.byte_width,
                 category=VirtualVariableCategory.REGISTER,
                 oident=base_off,
-                # FIXME: tags
+                **tags,
             )
             self.state.registers[base_off][base_size] = vvar
             return vvar
@@ -628,7 +631,11 @@ class SimEngineSSARewriting(
 
         # no good size available
         # get the full register, then extract from there
-        vvar = self._get_full_reg_vvar(reg_expr.reg_offset, reg_expr.size)
+        vvar = self._get_full_reg_vvar(
+            reg_expr.reg_offset,
+            reg_expr.size,
+            ins_addr=reg_expr.ins_addr,
+        )
         # extract
         shift_amount = Const(
             self.ail_manager.next_atom(),

angr/analyses/decompiler/structured_codegen/c.py

@@ -2148,6 +2148,12 @@ class CConstant(CExpression):
                 elif isinstance(v, Function):
                     yield get_cpp_function_name(v.demangled_name, specialized=False, qualified=True), self
                     return
+                elif isinstance(v, str):
+                    yield CConstant.str_to_c_str(v), self
+                    return
+                elif isinstance(v, bytes):
+                    yield CConstant.str_to_c_str(v.replace(b"\x00", b"").decode("utf-8")), self
+                    return
 
         if self.reference_values is not None and self._type is not None and self._type in self.reference_values:
             if isinstance(self._type, SimTypeInt):
@@ -3415,7 +3421,17 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         if reference_values is None:
             reference_values = {}
             type_ = unpack_typeref(type_)
-            if isinstance(type_, SimTypePointer) and isinstance(type_.pts_to, SimTypeChar):
+            if expr.value in self.kb.obfuscations.type1_deobfuscated_strings:
+                reference_values[SimTypePointer(SimTypeChar())] = self.kb.obfuscations.type1_deobfuscated_strings[
+                    expr.value
+                ]
+                inline_string = True
+            elif expr.value in self.kb.obfuscations.type2_deobfuscated_strings:
+                reference_values[SimTypePointer(SimTypeChar())] = self.kb.obfuscations.type2_deobfuscated_strings[
+                    expr.value
+                ]
+                inline_string = True
+            elif isinstance(type_, SimTypePointer) and isinstance(type_.pts_to, SimTypeChar):
                 # char*
                 # Try to get a string
                 if (
@@ -3433,7 +3449,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
             # edge cases: (void*)"this is a constant string pointer". in this case, the type_ will be a void*
             # (BOT*) instead of a char*.
 
-            if isinstance(expr.value, int):
+            if not reference_values and isinstance(expr.value, int):
                 if expr.value in self.project.kb.functions:
                     # It's a function pointer
                     # We don't care about the actual prototype here

angr/analyses/deobfuscator/__init__.py

@@ -0,0 +1,18 @@
+# deobfuscator is a collection of analyses that automatically identifies functions where obfuscation techniques are
+# in-use.
+from __future__ import annotations
+
+from .string_obf_finder import StringObfuscationFinder
+from .string_obf_peephole_optimizer import StringObfType1PeepholeOptimizer
+from .string_obf_opt_passes import StringObfType3Rewriter
+from .api_obf_finder import APIObfuscationFinder
+from .api_obf_peephole_optimizer import APIObfType1PeepholeOptimizer
+
+
+__all__ = (
+    "StringObfuscationFinder",
+    "StringObfType1PeepholeOptimizer",
+    "StringObfType3Rewriter",
+    "APIObfuscationFinder",
+    "APIObfType1PeepholeOptimizer",
+)