angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +128 -128
- angr/analyses/__init__.py +38 -38
- angr/analyses/analysis.py +6 -2
- angr/analyses/backward_slice.py +3 -4
- angr/analyses/binary_optimizer.py +5 -12
- angr/analyses/bindiff.py +3 -6
- angr/analyses/calling_convention.py +3 -4
- angr/analyses/cfg/__init__.py +3 -3
- angr/analyses/cfg/cfg_base.py +1 -1
- angr/analyses/cfg/cfg_emulated.py +5 -5
- angr/analyses/cfg/cfg_fast.py +19 -17
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +5 -5
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +148 -101
- angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +1 -1
- angr/analyses/data_dep/__init__.py +4 -4
- angr/analyses/datagraph_meta.py +1 -1
- angr/analyses/ddg.py +16 -17
- angr/analyses/decompiler/__init__.py +12 -12
- angr/analyses/decompiler/ail_simplifier.py +24 -12
- angr/analyses/decompiler/block_similarity.py +2 -4
- angr/analyses/decompiler/block_simplifier.py +10 -21
- angr/analyses/decompiler/callsite_maker.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +1 -1
- angr/analyses/decompiler/clinic.py +122 -41
- angr/analyses/decompiler/condition_processor.py +57 -39
- angr/analyses/decompiler/counters/__init__.py +3 -3
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/dephication/__init__.py +1 -1
- angr/analyses/decompiler/dephication/graph_rewriting.py +1 -1
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +11 -3
- angr/analyses/decompiler/dephication/rewriting_engine.py +169 -45
- angr/analyses/decompiler/dephication/seqnode_dephication.py +5 -4
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/graph_region.py +8 -8
- angr/analyses/decompiler/optimization_passes/__init__.py +20 -20
- angr/analyses/decompiler/optimization_passes/const_derefs.py +1 -0
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -2
- angr/analyses/decompiler/optimization_passes/div_simplifier.py +41 -16
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +1 -3
- angr/analyses/decompiler/optimization_passes/engine_base.py +262 -84
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +175 -39
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +2 -5
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +5 -5
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +12 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +42 -19
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +9 -5
- angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/base.py +6 -6
- angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +2 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +1 -1
- angr/analyses/decompiler/presets/__init__.py +1 -1
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +3 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +8 -12
- angr/analyses/decompiler/ssailification/rewriting.py +1 -2
- angr/analyses/decompiler/ssailification/rewriting_engine.py +139 -56
- angr/analyses/decompiler/ssailification/ssailification.py +2 -1
- angr/analyses/decompiler/ssailification/traversal.py +4 -6
- angr/analyses/decompiler/ssailification/traversal_engine.py +125 -42
- angr/analyses/decompiler/structured_codegen/__init__.py +5 -5
- angr/analyses/decompiler/structured_codegen/base.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +39 -40
- angr/analyses/decompiler/structuring/__init__.py +3 -3
- angr/analyses/decompiler/structuring/phoenix.py +45 -29
- angr/analyses/decompiler/structuring/structurer_base.py +2 -2
- angr/analyses/decompiler/structuring/structurer_nodes.py +23 -14
- angr/analyses/deobfuscator/__init__.py +3 -3
- angr/analyses/deobfuscator/irsb_reg_collector.py +29 -60
- angr/analyses/deobfuscator/string_obf_finder.py +2 -2
- angr/analyses/deobfuscator/string_obf_opt_passes.py +1 -1
- angr/analyses/disassembly.py +4 -4
- angr/analyses/forward_analysis/__init__.py +1 -1
- angr/analyses/forward_analysis/visitors/graph.py +6 -6
- angr/analyses/init_finder.py +47 -22
- angr/analyses/loop_analysis.py +1 -1
- angr/analyses/loopfinder.py +1 -1
- angr/analyses/propagator/engine_base.py +21 -14
- angr/analyses/propagator/engine_vex.py +149 -179
- angr/analyses/propagator/outdated_definition_walker.py +12 -6
- angr/analyses/propagator/propagator.py +10 -28
- angr/analyses/propagator/top_checker_mixin.py +211 -5
- angr/analyses/propagator/vex_vars.py +4 -4
- angr/analyses/reaching_definitions/__init__.py +9 -9
- angr/analyses/reaching_definitions/call_trace.py +2 -2
- angr/analyses/reaching_definitions/dep_graph.py +1 -1
- angr/analyses/reaching_definitions/engine_ail.py +304 -329
- angr/analyses/reaching_definitions/engine_vex.py +243 -229
- angr/analyses/reaching_definitions/function_handler.py +3 -3
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -1
- angr/analyses/reaching_definitions/rd_state.py +47 -42
- angr/analyses/reassembler.py +26 -31
- angr/analyses/s_liveness.py +8 -0
- angr/analyses/s_propagator.py +18 -3
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -5
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +9 -5
- angr/analyses/stack_pointer_tracker.py +4 -4
- angr/analyses/typehoon/simple_solver.py +14 -14
- angr/analyses/typehoon/translator.py +10 -2
- angr/analyses/typehoon/typeconsts.py +11 -3
- angr/analyses/typehoon/typevars.py +26 -26
- angr/analyses/unpacker/__init__.py +1 -1
- angr/analyses/variable_recovery/engine_ail.py +299 -259
- angr/analyses/variable_recovery/engine_base.py +138 -121
- angr/analyses/variable_recovery/engine_vex.py +175 -185
- angr/analyses/variable_recovery/irsb_scanner.py +49 -38
- angr/analyses/variable_recovery/variable_recovery.py +28 -5
- angr/analyses/variable_recovery/variable_recovery_base.py +33 -34
- angr/analyses/variable_recovery/variable_recovery_fast.py +4 -8
- angr/analyses/veritesting.py +2 -2
- angr/analyses/vfg.py +5 -5
- angr/analyses/xrefs.py +46 -19
- angr/angrdb/serializers/__init__.py +1 -1
- angr/annocfg.py +20 -15
- angr/blade.py +2 -2
- angr/block.py +20 -25
- angr/calling_conventions.py +12 -14
- angr/code_location.py +6 -10
- angr/codenode.py +3 -3
- angr/engines/__init__.py +12 -14
- angr/engines/engine.py +24 -61
- angr/engines/light/__init__.py +13 -5
- angr/engines/light/data.py +1 -1
- angr/engines/light/engine.py +1003 -1185
- angr/engines/pcode/__init__.py +1 -1
- angr/engines/pcode/behavior.py +1 -1
- angr/engines/pcode/cc.py +2 -0
- angr/engines/pcode/lifter.py +13 -15
- angr/engines/soot/expressions/__init__.py +12 -12
- angr/engines/soot/statements/__init__.py +6 -6
- angr/engines/soot/values/__init__.py +6 -6
- angr/engines/soot/values/arrayref.py +2 -2
- angr/engines/soot/values/constants.py +1 -1
- angr/engines/soot/values/instancefieldref.py +1 -1
- angr/engines/soot/values/paramref.py +1 -1
- angr/engines/soot/values/staticfieldref.py +1 -1
- angr/engines/successors.py +15 -14
- angr/engines/vex/__init__.py +5 -5
- angr/engines/vex/claripy/ccall.py +2 -2
- angr/engines/vex/claripy/datalayer.py +1 -1
- angr/engines/vex/claripy/irop.py +19 -19
- angr/engines/vex/heavy/__init__.py +2 -2
- angr/engines/vex/heavy/actions.py +1 -3
- angr/engines/vex/heavy/heavy.py +4 -6
- angr/engines/vex/lifter.py +2 -4
- angr/engines/vex/light/light.py +0 -2
- angr/engines/vex/light/slicing.py +5 -5
- angr/exploration_techniques/__init__.py +19 -142
- angr/exploration_techniques/base.py +126 -0
- angr/exploration_techniques/bucketizer.py +1 -1
- angr/exploration_techniques/dfs.py +3 -1
- angr/exploration_techniques/director.py +2 -3
- angr/exploration_techniques/driller_core.py +1 -1
- angr/exploration_techniques/explorer.py +4 -2
- angr/exploration_techniques/lengthlimiter.py +2 -1
- angr/exploration_techniques/local_loop_seer.py +2 -1
- angr/exploration_techniques/loop_seer.py +5 -5
- angr/exploration_techniques/manual_mergepoint.py +2 -1
- angr/exploration_techniques/memory_watcher.py +3 -1
- angr/exploration_techniques/oppologist.py +4 -5
- angr/exploration_techniques/slicecutor.py +4 -2
- angr/exploration_techniques/spiller.py +1 -1
- angr/exploration_techniques/stochastic.py +2 -1
- angr/exploration_techniques/stub_stasher.py +2 -1
- angr/exploration_techniques/suggestions.py +3 -1
- angr/exploration_techniques/symbion.py +3 -1
- angr/exploration_techniques/tech_builder.py +2 -1
- angr/exploration_techniques/threading.py +2 -11
- angr/exploration_techniques/timeout.py +4 -2
- angr/exploration_techniques/tracer.py +4 -3
- angr/exploration_techniques/unique.py +3 -2
- angr/exploration_techniques/veritesting.py +1 -1
- angr/factory.py +36 -6
- angr/keyed_region.py +4 -4
- angr/knowledge_base.py +1 -1
- angr/knowledge_plugins/__init__.py +11 -11
- angr/knowledge_plugins/cfg/__init__.py +5 -5
- angr/knowledge_plugins/cfg/cfg_manager.py +2 -2
- angr/knowledge_plugins/cfg/cfg_model.py +8 -8
- angr/knowledge_plugins/cfg/cfg_node.py +19 -19
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -6
- angr/knowledge_plugins/cfg/memory_data.py +5 -7
- angr/knowledge_plugins/functions/function.py +48 -52
- angr/knowledge_plugins/functions/function_parser.py +4 -4
- angr/knowledge_plugins/key_definitions/__init__.py +3 -3
- angr/knowledge_plugins/key_definitions/atoms.py +8 -8
- angr/knowledge_plugins/key_definitions/definition.py +1 -1
- angr/knowledge_plugins/key_definitions/live_definitions.py +30 -27
- angr/knowledge_plugins/labels.py +1 -1
- angr/knowledge_plugins/propagations/__init__.py +1 -1
- angr/knowledge_plugins/propagations/prop_value.py +2 -2
- angr/knowledge_plugins/propagations/propagation_model.py +7 -8
- angr/knowledge_plugins/propagations/states.py +44 -39
- angr/knowledge_plugins/variables/variable_access.py +2 -2
- angr/knowledge_plugins/variables/variable_manager.py +24 -10
- angr/knowledge_plugins/xrefs/xref.py +5 -8
- angr/misc/__init__.py +4 -4
- angr/misc/hookset.py +4 -5
- angr/misc/loggers.py +2 -2
- angr/misc/telemetry.py +1 -1
- angr/procedures/__init__.py +1 -1
- angr/procedures/cgc/fdwait.py +2 -2
- angr/procedures/definitions/__init__.py +2 -2
- angr/procedures/definitions/linux_kernel.py +0 -1
- angr/procedures/definitions/parse_syscalls_from_local_system.py +1 -1
- angr/procedures/definitions/parse_win32json.py +0 -1
- angr/procedures/ntdll/exceptions.py +1 -1
- angr/procedures/stubs/format_parser.py +3 -3
- angr/procedures/win32/dynamic_loading.py +1 -1
- angr/protos/__init__.py +3 -3
- angr/sim_manager.py +3 -5
- angr/sim_state.py +40 -42
- angr/sim_state_options.py +3 -3
- angr/sim_type.py +15 -14
- angr/sim_variable.py +42 -45
- angr/simos/__init__.py +4 -4
- angr/simos/cgc.py +1 -1
- angr/simos/simos.py +1 -1
- angr/simos/userland.py +1 -1
- angr/slicer.py +4 -7
- angr/state_plugins/__init__.py +34 -34
- angr/state_plugins/callstack.py +5 -12
- angr/state_plugins/heap/__init__.py +2 -2
- angr/state_plugins/heap/heap_brk.py +2 -4
- angr/state_plugins/heap/heap_ptmalloc.py +1 -1
- angr/state_plugins/jni_references.py +3 -2
- angr/state_plugins/scratch.py +1 -1
- angr/state_plugins/sim_action.py +1 -4
- angr/state_plugins/sim_event.py +1 -1
- angr/state_plugins/solver.py +7 -9
- angr/state_plugins/uc_manager.py +1 -1
- angr/state_plugins/view.py +2 -2
- angr/storage/__init__.py +1 -1
- angr/storage/file.py +10 -10
- angr/storage/memory_mixins/__init__.py +46 -46
- angr/storage/memory_mixins/default_filler_mixin.py +1 -3
- angr/storage/memory_mixins/javavm_memory_mixin.py +2 -2
- angr/storage/memory_mixins/name_resolution_mixin.py +2 -2
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +6 -6
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/regioned_memory/__init__.py +3 -3
- angr/storage/memory_mixins/regioned_memory/region_data.py +5 -5
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +7 -9
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +4 -4
- angr/storage/memory_object.py +4 -4
- angr/utils/__init__.py +3 -3
- angr/utils/bits.py +12 -0
- angr/utils/dynamic_dictlist.py +1 -1
- angr/utils/graph.py +1 -1
- angr/utils/orderedset.py +4 -1
- angr/utils/segment_list.py +2 -2
- angr/utils/ssa/__init__.py +33 -8
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/METADATA +6 -6
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/RECORD +262 -263
- angr/analyses/propagator/engine_ail.py +0 -1562
- angr/storage/memory_mixins/__init__.pyi +0 -48
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/LICENSE +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/WHEEL +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/entry_points.txt +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/top_level.txt +0 -0
angr/factory.py
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
|
|
2
|
+
|
|
3
3
|
import logging
|
|
4
|
+
import threading
|
|
5
|
+
from typing import overload, TYPE_CHECKING
|
|
6
|
+
|
|
4
7
|
import archinfo
|
|
5
8
|
from archinfo.arch_soot import ArchSoot, SootAddressDescriptor
|
|
6
9
|
|
|
@@ -8,7 +11,7 @@ from .sim_state import SimState
|
|
|
8
11
|
from .calling_conventions import default_cc, SimRegArg, SimStackArg, PointerWrapper, SimCCUnknown
|
|
9
12
|
from .callable import Callable
|
|
10
13
|
from .errors import AngrAssemblyError, AngrError
|
|
11
|
-
from .engines import UberEngine, ProcedureEngine, SimEngineConcrete
|
|
14
|
+
from .engines import UberEngine, ProcedureEngine, SimEngineConcrete
|
|
12
15
|
from .sim_type import SimTypeFunction, SimTypeInt
|
|
13
16
|
from .codenode import HookNode, SyscallNode
|
|
14
17
|
from .block import Block, SootBlock
|
|
@@ -20,6 +23,10 @@ try:
|
|
|
20
23
|
except ImportError:
|
|
21
24
|
UberEnginePcode = None
|
|
22
25
|
|
|
26
|
+
if TYPE_CHECKING:
|
|
27
|
+
from angr import Project, SimCC
|
|
28
|
+
from angr.engines import SimEngine
|
|
29
|
+
|
|
23
30
|
|
|
24
31
|
l = logging.getLogger(name=__name__)
|
|
25
32
|
|
|
@@ -29,15 +36,26 @@ class AngrObjectFactory:
|
|
|
29
36
|
This factory provides access to important analysis elements.
|
|
30
37
|
"""
|
|
31
38
|
|
|
39
|
+
project: Project
|
|
40
|
+
default_engine_factory: type[SimEngine]
|
|
41
|
+
procedure_engine: ProcedureEngine
|
|
42
|
+
concrete_engine: SimEngineConcrete | None
|
|
43
|
+
_default_cc: type[SimCC] | None
|
|
44
|
+
|
|
45
|
+
# We use thread local storage to cache engines on a per-thread basis
|
|
46
|
+
_tls: threading.local
|
|
47
|
+
|
|
32
48
|
def __init__(self, project, default_engine: type[SimEngine] | None = None):
|
|
49
|
+
self._tls = threading.local()
|
|
50
|
+
|
|
33
51
|
if default_engine is None:
|
|
34
52
|
if isinstance(project.arch, archinfo.ArchPcode) and UberEnginePcode is not None:
|
|
35
53
|
l.warning("Creating project with the experimental 'UberEnginePcode' engine")
|
|
36
|
-
|
|
54
|
+
self.default_engine_factory = UberEnginePcode
|
|
37
55
|
else:
|
|
38
|
-
|
|
56
|
+
self.default_engine_factory = UberEngine
|
|
39
57
|
else:
|
|
40
|
-
|
|
58
|
+
self.default_engine_factory = default_engine
|
|
41
59
|
|
|
42
60
|
if isinstance(project.arch, archinfo.ArchPcode):
|
|
43
61
|
register_pcode_arch_default_cc(project.arch)
|
|
@@ -46,7 +64,6 @@ class AngrObjectFactory:
|
|
|
46
64
|
self._default_cc = default_cc(
|
|
47
65
|
project.arch.name, platform=project.simos.name if project.simos is not None else None, default=SimCCUnknown
|
|
48
66
|
)
|
|
49
|
-
self.default_engine = default_engine_n(project)
|
|
50
67
|
self.procedure_engine = ProcedureEngine(project)
|
|
51
68
|
|
|
52
69
|
if project.concrete_target:
|
|
@@ -54,6 +71,19 @@ class AngrObjectFactory:
|
|
|
54
71
|
else:
|
|
55
72
|
self.concrete_engine = None
|
|
56
73
|
|
|
74
|
+
def __getstate__(self):
|
|
75
|
+
return self.project, self.default_engine_factory, self.procedure_engine, self.concrete_engine, self._default_cc
|
|
76
|
+
|
|
77
|
+
def __setstate__(self, state):
|
|
78
|
+
self.project, self.default_engine_factory, self.procedure_engine, self.concrete_engine, self._default_cc = state
|
|
79
|
+
self._tls = threading.local()
|
|
80
|
+
|
|
81
|
+
@property
|
|
82
|
+
def default_engine(self):
|
|
83
|
+
if not hasattr(self._tls, "default_engine"):
|
|
84
|
+
self._tls.default_engine = self.default_engine_factory(self.project)
|
|
85
|
+
return self._tls.default_engine
|
|
86
|
+
|
|
57
87
|
def snippet(self, addr, jumpkind=None, **block_opts):
|
|
58
88
|
if self.project.is_hooked(addr) and jumpkind != "Ijk_NoHook":
|
|
59
89
|
hook = self.project._sim_procedures[addr]
|
angr/keyed_region.py
CHANGED
|
@@ -13,7 +13,7 @@ l = logging.getLogger(name=__name__)
|
|
|
13
13
|
|
|
14
14
|
|
|
15
15
|
class StoredObject:
|
|
16
|
-
__slots__ = ("__weakref__", "
|
|
16
|
+
__slots__ = ("__weakref__", "obj", "size", "start")
|
|
17
17
|
|
|
18
18
|
def __init__(self, start, obj, size):
|
|
19
19
|
self.start = start
|
|
@@ -41,7 +41,7 @@ class RegionObject:
|
|
|
41
41
|
Represents one or more objects occupying one or more bytes in KeyedRegion.
|
|
42
42
|
"""
|
|
43
43
|
|
|
44
|
-
__slots__ = ("
|
|
44
|
+
__slots__ = ("_internal_objects", "size", "start", "stored_objects")
|
|
45
45
|
|
|
46
46
|
def __init__(self, start, size, objects=None):
|
|
47
47
|
self.start = start
|
|
@@ -114,10 +114,10 @@ class KeyedRegion:
|
|
|
114
114
|
"""
|
|
115
115
|
|
|
116
116
|
__slots__ = (
|
|
117
|
-
"
|
|
117
|
+
"_canonical_size",
|
|
118
118
|
"_object_mapping",
|
|
119
119
|
"_phi_node_contains",
|
|
120
|
-
"
|
|
120
|
+
"_storage",
|
|
121
121
|
)
|
|
122
122
|
|
|
123
123
|
def __init__(self, tree=None, phi_node_contains=None, canonical_size=8):
|
angr/knowledge_base.py
CHANGED
|
@@ -49,7 +49,7 @@ class KnowledgeBase:
|
|
|
49
49
|
object.__setattr__(self, "_project", project)
|
|
50
50
|
object.__setattr__(self, "_plugins", {})
|
|
51
51
|
|
|
52
|
-
self.name = name if name else
|
|
52
|
+
self.name = name if name else f"kb_{next(kb_ctr)}"
|
|
53
53
|
|
|
54
54
|
@property
|
|
55
55
|
def callgraph(self):
|
|
@@ -21,23 +21,23 @@ from .obfuscations import Obfuscations
|
|
|
21
21
|
|
|
22
22
|
|
|
23
23
|
__all__ = (
|
|
24
|
-
"
|
|
25
|
-
"
|
|
26
|
-
"VariableManager",
|
|
27
|
-
"DebugVariableManager",
|
|
24
|
+
"CFGManager",
|
|
25
|
+
"CallsitePrototypes",
|
|
28
26
|
"Comments",
|
|
27
|
+
"CustomStrings",
|
|
29
28
|
"Data",
|
|
29
|
+
"DebugVariableManager",
|
|
30
|
+
"Function",
|
|
31
|
+
"FunctionManager",
|
|
30
32
|
"IndirectJumps",
|
|
31
|
-
"
|
|
32
|
-
"CFGManager",
|
|
33
|
-
"XRefManager",
|
|
33
|
+
"KeyDefinitionManager",
|
|
34
34
|
"KnowledgeBasePlugin",
|
|
35
|
+
"Labels",
|
|
36
|
+
"Obfuscations",
|
|
35
37
|
"PatchManager",
|
|
36
|
-
"KeyDefinitionManager",
|
|
37
38
|
"PropagationManager",
|
|
38
39
|
"StructuredCodeManager",
|
|
39
40
|
"TypesStore",
|
|
40
|
-
"
|
|
41
|
-
"
|
|
42
|
-
"Obfuscations",
|
|
41
|
+
"VariableManager",
|
|
42
|
+
"XRefManager",
|
|
43
43
|
)
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
3
|
__all__ = (
|
|
4
|
-
"MemoryDataSort",
|
|
5
|
-
"MemoryData",
|
|
6
|
-
"CFGNode",
|
|
7
4
|
"CFGENode",
|
|
5
|
+
"CFGManager",
|
|
6
|
+
"CFGModel",
|
|
7
|
+
"CFGNode",
|
|
8
8
|
"IndirectJump",
|
|
9
9
|
"IndirectJumpType",
|
|
10
|
-
"
|
|
11
|
-
"
|
|
10
|
+
"MemoryData",
|
|
11
|
+
"MemoryDataSort",
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
from .memory_data import MemoryDataSort, MemoryData
|
|
@@ -18,7 +18,7 @@ class CFGManager(KnowledgeBasePlugin):
|
|
|
18
18
|
self.cfgs = {}
|
|
19
19
|
|
|
20
20
|
def __repr__(self):
|
|
21
|
-
return "<CFGManager with
|
|
21
|
+
return f"<CFGManager with {len(self.cfgs)} CFGs>"
|
|
22
22
|
|
|
23
23
|
def __contains__(self, ident):
|
|
24
24
|
return ident in self.cfgs
|
|
@@ -42,7 +42,7 @@ class CFGManager(KnowledgeBasePlugin):
|
|
|
42
42
|
# find a unique ident
|
|
43
43
|
i = 0
|
|
44
44
|
while True:
|
|
45
|
-
ident = prefix
|
|
45
|
+
ident = f"{prefix}_{i}"
|
|
46
46
|
if ident not in self.cfgs:
|
|
47
47
|
break
|
|
48
48
|
i += 1
|
|
@@ -41,19 +41,19 @@ class CFGModel(Serializable):
|
|
|
41
41
|
"""
|
|
42
42
|
|
|
43
43
|
__slots__ = (
|
|
44
|
-
"ident",
|
|
45
|
-
"graph",
|
|
46
|
-
"jump_tables",
|
|
47
|
-
"memory_data",
|
|
48
|
-
"insn_addr_to_memory_data",
|
|
49
|
-
"_nodes_by_addr",
|
|
50
|
-
"_nodes",
|
|
51
44
|
"_cfg_manager",
|
|
52
45
|
"_iropt_level",
|
|
53
46
|
"_node_addrs",
|
|
47
|
+
"_nodes",
|
|
48
|
+
"_nodes_by_addr",
|
|
49
|
+
"edges_to_repair",
|
|
50
|
+
"graph",
|
|
51
|
+
"ident",
|
|
52
|
+
"insn_addr_to_memory_data",
|
|
54
53
|
"is_arm",
|
|
54
|
+
"jump_tables",
|
|
55
|
+
"memory_data",
|
|
55
56
|
"normalized",
|
|
56
|
-
"edges_to_repair",
|
|
57
57
|
)
|
|
58
58
|
|
|
59
59
|
def __init__(self, ident, cfg_manager=None, is_arm=False):
|
|
@@ -29,7 +29,7 @@ class CFGNodeCreationFailure:
|
|
|
29
29
|
and the exception messages.
|
|
30
30
|
"""
|
|
31
31
|
|
|
32
|
-
__slots__ = ["
|
|
32
|
+
__slots__ = ["long_reason", "short_reason", "traceback"]
|
|
33
33
|
|
|
34
34
|
def __init__(self, exc_info=None, to_copy=None):
|
|
35
35
|
if to_copy is None:
|
|
@@ -52,23 +52,23 @@ class CFGNode(Serializable):
|
|
|
52
52
|
"""
|
|
53
53
|
|
|
54
54
|
__slots__ = (
|
|
55
|
+
"_cfg_model",
|
|
56
|
+
"_hash",
|
|
57
|
+
"_name",
|
|
55
58
|
"addr",
|
|
56
|
-
"simprocedure_name",
|
|
57
|
-
"syscall_name",
|
|
58
|
-
"size",
|
|
59
|
-
"no_ret",
|
|
60
|
-
"is_syscall",
|
|
61
|
-
"function_address",
|
|
62
59
|
"block_id",
|
|
63
|
-
"thumb",
|
|
64
60
|
"byte_string",
|
|
65
|
-
"
|
|
61
|
+
"function_address",
|
|
62
|
+
"has_return",
|
|
66
63
|
"instruction_addrs",
|
|
67
64
|
"irsb",
|
|
68
|
-
"
|
|
69
|
-
"
|
|
70
|
-
"
|
|
65
|
+
"is_syscall",
|
|
66
|
+
"no_ret",
|
|
67
|
+
"simprocedure_name",
|
|
68
|
+
"size",
|
|
71
69
|
"soot_block",
|
|
70
|
+
"syscall_name",
|
|
71
|
+
"thumb",
|
|
72
72
|
)
|
|
73
73
|
|
|
74
74
|
def __init__(
|
|
@@ -320,7 +320,7 @@ class CFGNode(Serializable):
|
|
|
320
320
|
elif not isinstance(self.addr, SootAddressDescriptor):
|
|
321
321
|
s += hex(self.addr)
|
|
322
322
|
if self.size is not None:
|
|
323
|
-
s += "[
|
|
323
|
+
s += f"[{self.size}]"
|
|
324
324
|
s += ">"
|
|
325
325
|
return s
|
|
326
326
|
|
|
@@ -362,14 +362,14 @@ class CFGENode(CFGNode):
|
|
|
362
362
|
"""
|
|
363
363
|
|
|
364
364
|
__slots__ = [
|
|
365
|
-
"
|
|
366
|
-
"
|
|
365
|
+
"_callstack_key",
|
|
366
|
+
"creation_failure_info",
|
|
367
367
|
"depth",
|
|
368
368
|
"final_states",
|
|
369
|
-
"
|
|
369
|
+
"input_state",
|
|
370
|
+
"looping_times",
|
|
370
371
|
"return_target",
|
|
371
372
|
"syscall",
|
|
372
|
-
"_callstack_key",
|
|
373
373
|
]
|
|
374
374
|
|
|
375
375
|
def __init__(
|
|
@@ -452,9 +452,9 @@ class CFGENode(CFGNode):
|
|
|
452
452
|
s += self.name + " "
|
|
453
453
|
s += hex(self.addr)
|
|
454
454
|
if self.size is not None:
|
|
455
|
-
s += "[
|
|
455
|
+
s += f"[{self.size}]"
|
|
456
456
|
if self.looping_times > 0:
|
|
457
|
-
s += " -
|
|
457
|
+
s += f" - {self.looping_times}"
|
|
458
458
|
if self.creation_failure_info is not None:
|
|
459
459
|
s += f" - creation failed: {self.creation_failure_info.long_reason}"
|
|
460
460
|
s += ">"
|
|
@@ -12,16 +12,16 @@ class IndirectJumpType:
|
|
|
12
12
|
class IndirectJump(Serializable):
|
|
13
13
|
__slots__ = (
|
|
14
14
|
"addr",
|
|
15
|
-
"ins_addr",
|
|
16
15
|
"func_addr",
|
|
16
|
+
"ins_addr",
|
|
17
17
|
"jumpkind",
|
|
18
|
-
"stmt_idx",
|
|
19
|
-
"resolved_targets",
|
|
20
18
|
"jumptable",
|
|
21
19
|
"jumptable_addr",
|
|
22
|
-
"jumptable_size",
|
|
23
|
-
"jumptable_entry_size",
|
|
24
20
|
"jumptable_entries",
|
|
21
|
+
"jumptable_entry_size",
|
|
22
|
+
"jumptable_size",
|
|
23
|
+
"resolved_targets",
|
|
24
|
+
"stmt_idx",
|
|
25
25
|
"type",
|
|
26
26
|
)
|
|
27
27
|
|
|
@@ -60,6 +60,6 @@ class IndirectJump(Serializable):
|
|
|
60
60
|
if self.jumptable_addr is not None:
|
|
61
61
|
status += f"@{self.jumptable_addr:#08x}"
|
|
62
62
|
if self.jumptable_entries is not None:
|
|
63
|
-
status += " with
|
|
63
|
+
status += f" with {len(self.jumptable_entries)} entries"
|
|
64
64
|
|
|
65
65
|
return "<IndirectJump {:#08x} - ins {:#08x}{}>".format(self.addr, self.ins_addr, " " + status if status else "")
|
|
@@ -47,12 +47,12 @@ class MemoryData(Serializable):
|
|
|
47
47
|
|
|
48
48
|
__slots__ = (
|
|
49
49
|
"addr",
|
|
50
|
-
"
|
|
51
|
-
"reference_size",
|
|
52
|
-
"sort",
|
|
50
|
+
"content",
|
|
53
51
|
"max_size",
|
|
54
52
|
"pointer_addr",
|
|
55
|
-
"
|
|
53
|
+
"reference_size",
|
|
54
|
+
"size",
|
|
55
|
+
"sort",
|
|
56
56
|
)
|
|
57
57
|
|
|
58
58
|
def __init__(
|
|
@@ -90,9 +90,7 @@ class MemoryData(Serializable):
|
|
|
90
90
|
return self.addr
|
|
91
91
|
|
|
92
92
|
def __repr__(self):
|
|
93
|
-
return "\\{:#x}, {}, {}/"
|
|
94
|
-
self.address, "%d bytes" % self.size if self.size is not None else "size unknown", self.sort
|
|
95
|
-
)
|
|
93
|
+
return f"\\{self.address:#x}, {self.size if self.size is not None else 'size unknown'} bytes, {self.sort}/"
|
|
96
94
|
|
|
97
95
|
def copy(self):
|
|
98
96
|
"""
|
|
@@ -39,51 +39,51 @@ class Function(Serializable):
|
|
|
39
39
|
"""
|
|
40
40
|
|
|
41
41
|
__slots__ = (
|
|
42
|
-
"
|
|
43
|
-
"
|
|
44
|
-
"
|
|
45
|
-
"
|
|
46
|
-
"
|
|
42
|
+
"_addr_to_block_node",
|
|
43
|
+
"_argument_registers",
|
|
44
|
+
"_argument_stack_variables",
|
|
45
|
+
"_block_cache",
|
|
46
|
+
"_block_sizes",
|
|
47
|
+
"_call_sites",
|
|
47
48
|
"_callout_sites",
|
|
49
|
+
"_cyclomatic_complexity",
|
|
48
50
|
"_endpoints",
|
|
49
|
-
"_call_sites",
|
|
50
|
-
"_retout_sites",
|
|
51
|
-
"addr",
|
|
52
51
|
"_function_manager",
|
|
53
|
-
"
|
|
52
|
+
"_jumpout_sites",
|
|
53
|
+
"_local_block_addrs",
|
|
54
|
+
"_local_blocks",
|
|
55
|
+
"_local_transition_graph",
|
|
56
|
+
"_name",
|
|
54
57
|
"_project",
|
|
55
|
-
"
|
|
58
|
+
"_ret_sites",
|
|
59
|
+
"_retout_sites",
|
|
60
|
+
"_returning",
|
|
61
|
+
"addr",
|
|
56
62
|
"addr",
|
|
57
|
-
"is_simprocedure",
|
|
58
|
-
"_name",
|
|
59
|
-
"previous_names",
|
|
60
|
-
"is_default_name",
|
|
61
|
-
"from_signature",
|
|
62
63
|
"binary_name",
|
|
63
|
-
"_argument_registers",
|
|
64
|
-
"_argument_stack_variables",
|
|
65
64
|
"bp_on_stack",
|
|
66
|
-
"retaddr_on_stack",
|
|
67
|
-
"sp_delta",
|
|
68
65
|
"calling_convention",
|
|
69
|
-
"
|
|
70
|
-
"
|
|
71
|
-
"
|
|
66
|
+
"from_signature",
|
|
67
|
+
"info",
|
|
68
|
+
"is_alignment",
|
|
69
|
+
"is_default_name",
|
|
70
|
+
"is_plt",
|
|
71
|
+
"is_prototype_guessed",
|
|
72
|
+
"is_simprocedure",
|
|
73
|
+
"is_syscall",
|
|
74
|
+
"normalized",
|
|
72
75
|
"prepared_registers",
|
|
73
76
|
"prepared_stack_variables",
|
|
77
|
+
"previous_names",
|
|
78
|
+
"prototype",
|
|
79
|
+
"prototype_libname",
|
|
80
|
+
"ran_cca",
|
|
74
81
|
"registers_read_afterwards",
|
|
82
|
+
"retaddr_on_stack",
|
|
83
|
+
"sp_delta",
|
|
75
84
|
"startpoint",
|
|
76
|
-
"_addr_to_block_node",
|
|
77
|
-
"_block_sizes",
|
|
78
|
-
"_block_cache",
|
|
79
|
-
"_local_blocks",
|
|
80
|
-
"_local_block_addrs",
|
|
81
|
-
"info",
|
|
82
85
|
"tags",
|
|
83
|
-
"
|
|
84
|
-
"is_prototype_guessed",
|
|
85
|
-
"ran_cca",
|
|
86
|
-
"_cyclomatic_complexity",
|
|
86
|
+
"transition_graph",
|
|
87
87
|
)
|
|
88
88
|
|
|
89
89
|
def __init__(
|
|
@@ -586,17 +586,18 @@ class Function(Serializable):
|
|
|
586
586
|
return False
|
|
587
587
|
|
|
588
588
|
def __str__(self):
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
589
|
+
return (
|
|
590
|
+
f"Function {self.name} [{self.addr:#x}]\n"
|
|
591
|
+
f" Syscall: {self.is_syscall}\n"
|
|
592
|
+
f" SP difference: {self.sp_delta}\n"
|
|
593
|
+
f" Has return: {self.has_return}\n"
|
|
594
|
+
f" Returning: {'Unknown' if self.returning is None else self.returning}\n"
|
|
595
|
+
f" Alignment: {self.alignment}\n"
|
|
596
|
+
f" Arguments: reg: {self._argument_registers}, stack: {self._argument_stack_variables}\n"
|
|
597
|
+
f" Blocks: [{', '.join(f'{i:#x}' for i in self.block_addrs)}]\n"
|
|
598
|
+
f" Cyclomatic Complexity: {self.cyclomatic_complexity}\n"
|
|
599
|
+
f" Calling convention: {self.calling_convention}"
|
|
600
|
+
)
|
|
600
601
|
|
|
601
602
|
def __repr__(self):
|
|
602
603
|
if self.is_syscall:
|
|
@@ -1093,10 +1094,8 @@ class Function(Serializable):
|
|
|
1093
1094
|
g.add_node(block)
|
|
1094
1095
|
for src, dst, data in self.transition_graph.edges(data=True):
|
|
1095
1096
|
if "type" in data and (
|
|
1096
|
-
data["type"] in ("transition", "exception")
|
|
1097
|
-
and ("outside" not in data or data["outside"] is False)
|
|
1098
|
-
or data["type"] == "fake_return"
|
|
1099
|
-
and ("outside" not in data or data["outside"] is False)
|
|
1097
|
+
(data["type"] in ("transition", "exception") and ("outside" not in data or data["outside"] is False))
|
|
1098
|
+
or (data["type"] == "fake_return" and ("outside" not in data or data["outside"] is False))
|
|
1100
1099
|
):
|
|
1101
1100
|
g.add_edge(src, dst, **data)
|
|
1102
1101
|
|
|
@@ -1268,11 +1267,8 @@ class Function(Serializable):
|
|
|
1268
1267
|
if b.addr <= addr < b.addr + b.size:
|
|
1269
1268
|
# found it
|
|
1270
1269
|
for i, instr_addr in enumerate(b.instruction_addrs):
|
|
1271
|
-
if (
|
|
1272
|
-
i
|
|
1273
|
-
and instr_addr <= addr < b.instruction_addrs[i + 1]
|
|
1274
|
-
or i == len(b.instruction_addrs) - 1
|
|
1275
|
-
and instr_addr <= addr
|
|
1270
|
+
if (i < len(b.instruction_addrs) - 1 and instr_addr <= addr < b.instruction_addrs[i + 1]) or (
|
|
1271
|
+
i == len(b.instruction_addrs) - 1 and instr_addr <= addr
|
|
1276
1272
|
):
|
|
1277
1273
|
return instr_addr
|
|
1278
1274
|
# Not covered by any instruction... why?
|
|
@@ -153,10 +153,10 @@ class FunctionParser:
|
|
|
153
153
|
dst = None
|
|
154
154
|
dst_addr = edge_cmsg.dst_ea
|
|
155
155
|
if (
|
|
156
|
-
dst_addr not in blocks
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
):
|
|
156
|
+
dst_addr not in blocks and edge_type == "call"
|
|
157
|
+
) or ( # call has to go to either a HookNode or a function
|
|
158
|
+
all_func_addrs is not None and dst_addr in all_func_addrs
|
|
159
|
+
): # jumps to another function
|
|
160
160
|
if function_manager is not None:
|
|
161
161
|
# get a function
|
|
162
162
|
dst = FunctionParser._get_func(dst_addr, function_manager)
|
|
@@ -7,11 +7,11 @@ from .definition import Definition
|
|
|
7
7
|
from . import atoms
|
|
8
8
|
|
|
9
9
|
__all__ = (
|
|
10
|
-
"
|
|
10
|
+
"Definition",
|
|
11
|
+
"DerefSize",
|
|
11
12
|
"KeyDefinitionManager",
|
|
12
13
|
"LiveDefinitions",
|
|
13
|
-
"
|
|
14
|
+
"ReachingDefinitionsModel",
|
|
14
15
|
"Uses",
|
|
15
16
|
"atoms",
|
|
16
|
-
"Definition",
|
|
17
17
|
)
|
|
@@ -197,7 +197,7 @@ class Tmp(Atom):
|
|
|
197
197
|
self.tmp_idx = tmp_idx
|
|
198
198
|
|
|
199
199
|
def __repr__(self):
|
|
200
|
-
return "<Tmp
|
|
200
|
+
return f"<Tmp {self.tmp_idx}>"
|
|
201
201
|
|
|
202
202
|
def _identity(self):
|
|
203
203
|
return hash(("tmp", self.tmp_idx))
|
|
@@ -216,18 +216,18 @@ class Register(Atom):
|
|
|
216
216
|
"""
|
|
217
217
|
|
|
218
218
|
__slots__ = (
|
|
219
|
-
"reg_offset",
|
|
220
219
|
"arch",
|
|
220
|
+
"reg_offset",
|
|
221
221
|
)
|
|
222
222
|
|
|
223
|
-
def __init__(self, reg_offset: RegisterOffset, size: int, arch: Arch | None = None):
|
|
223
|
+
def __init__(self, reg_offset: RegisterOffset | int, size: int, arch: Arch | None = None):
|
|
224
224
|
super().__init__(size)
|
|
225
225
|
|
|
226
|
-
self.reg_offset = reg_offset
|
|
226
|
+
self.reg_offset = RegisterOffset(reg_offset)
|
|
227
227
|
self.arch = arch
|
|
228
228
|
|
|
229
229
|
def __repr__(self):
|
|
230
|
-
return "<Reg
|
|
230
|
+
return f"<Reg {self.name}<{self.size}>>"
|
|
231
231
|
|
|
232
232
|
def _identity(self):
|
|
233
233
|
return (self.reg_offset, self.size)
|
|
@@ -245,9 +245,9 @@ class VirtualVariable(Atom):
|
|
|
245
245
|
"""
|
|
246
246
|
|
|
247
247
|
__slots__ = (
|
|
248
|
-
"varid",
|
|
249
248
|
"category",
|
|
250
249
|
"oident",
|
|
250
|
+
"varid",
|
|
251
251
|
)
|
|
252
252
|
|
|
253
253
|
def __init__(
|
|
@@ -260,7 +260,7 @@ class VirtualVariable(Atom):
|
|
|
260
260
|
self.oident = oident
|
|
261
261
|
|
|
262
262
|
def __repr__(self):
|
|
263
|
-
return "<VVar
|
|
263
|
+
return f"<VVar {self.varid}<{self.size}>>"
|
|
264
264
|
|
|
265
265
|
def _identity(self):
|
|
266
266
|
return self.varid, self.size
|
|
@@ -323,7 +323,7 @@ class MemoryLocation(Atom):
|
|
|
323
323
|
def __repr__(self):
|
|
324
324
|
address_format = hex(self.addr) if type(self.addr) is int else self.addr
|
|
325
325
|
stack_format = " (stack)" if self.is_on_stack else ""
|
|
326
|
-
size = "
|
|
326
|
+
size = f"{self.size}" if isinstance(self.size, int) else self.size
|
|
327
327
|
|
|
328
328
|
return f"<Mem {address_format}<{size}>{stack_format}>"
|
|
329
329
|
|
|
@@ -151,11 +151,11 @@ class Definition(Generic[A]):
|
|
|
151
151
|
"""
|
|
152
152
|
|
|
153
153
|
__slots__ = (
|
|
154
|
+
"_hash",
|
|
154
155
|
"atom",
|
|
155
156
|
"codeloc",
|
|
156
157
|
"dummy",
|
|
157
158
|
"tags",
|
|
158
|
-
"_hash",
|
|
159
159
|
)
|
|
160
160
|
|
|
161
161
|
def __init__(self, atom: A, codeloc: CodeLocation, dummy: bool = False, tags: set[Tag] | None = None):
|